Article Preview
TopIntroduction
The broad applicability and influence of digital communications and cyber-enabled systems makes the issue of information security and cyberspace relevant to the entire profession of arms, from the tactical to strategic level. Cyber-systems underpin all facets of modern militaries, from communications through to logistics. The integration of technology into all facets of the military presents both a unique opportunity and a potential source of weakness. The purpose of this paper is to establish a foundation of knowledge and understanding upon which relevant dialogue and debate can be generated, and cyber-doctrine can be built. Doctrine provides “…fundamental principles by which military forces guide their actions in support of national objectives.” (Commonwealth of Australia 2012b). Doctrine is developed from concepts, which are the untested ideas about future operations. The relevance of the future to concepts, and subsequent doctrine, arises because of the potentially catastrophic consequences faced by a military that has not kept up with the developments of the environment in which it must operate, or the capabilities of its adversaries.
The United States Department of Defense (US DOD) Joint Publication 3-12 (R) Cyberspace Operations provides the doctrine for US DOD joint cyberspace operations and defines cyberspace as a global domain within the information environment “…consisting of the interdependent network of information technology (IT) infrastructures and resident data, including the Internet, telecommunications networks, computer systems, and embedded processors and controllers…” (US Department of Defense, 2013, pp. I-1). The UK Joint Defense Doctrine Publication 0-01 employs a very similar definition of cyberspace (UK Ministry of Defence, 2014, p. 15). The concept of cyber-warfare presented within these documents is multidimensional, encompassing a diverse array of issues. As a result, the creation of an underlying methodology and unified theory has proven challenging (Robinson, Jones, & Janicke, 2015). “In many ways, we are failing. Partly this is due to attempts to meet the new challenges with approaches, concepts, constructs and institutions inherited before the official recognition of cyberspace as an environment. They are inadequate for the task. They may be necessary, but are altogether insufficient; they are patching over challenges, rather than organically developing with them…” (Maclntosh, Reid, & Tyler, 2011, p. 104).
Military operations require the support of flexible, responsive and resilient cyber-capabilities. Information system security models and information assurance constructs seek to achieve information assurance, a high degree of certainty in the confidentiality, integrity and availability of cyber-systems supporting combat operations. This paper argues that the information assurance approach, whilst a worthy goal, is not reflective of the lessons of history or warfare. Mayfield’s paradox mathematically demonstrates the futility of attempting to make any information or Command, Control, Communications, Computers, Intelligence, Surveillance and Reconnaissance (C4ISR) system completely assured against every attack (Mayfield, 2001). Reliance on algorithms and technology has consistently been proven to be misplaced in the long term (Ratcliff, 2006). Historically, nations have assumed that their wartime communications systems were secure, whilst their adversaries were reading important diplomatic cables, strategic and tactical messages (Copeland, 2006; Erskine & Smith, 2002; Ratcliff, 2006). The human weakness evident within most information systems means that they do not operate as technology in a vacuum. The question of trust on the battlefield emerges, not between people, but of the technology, cryptography, procurement decisions and systems protecting the passage of information. The President’s Council of Advisors on Science and Technology (PCAST) has reported that static protective mechanisms are inadequate for the evolving threats present in the cyber-environment. High risk, high return research aimed at a basic and fundamental change in cybersecurity as critical to preparing for the future challenges of the environment (Holdren & Lander, 2013).