By Chris Doyle
Cybercrime and cyber espionage have grown more prevalent in recent years and are beginning to have a considerable effect on national security in both Australia and the United States. A report by security firm Mandiant suggests that perpetrators of cyber espionage disproportionately target English-speaking countries. While espionage between nations has existed for millennia, recent intrusions targeting the crossroads of the commercial and defense sectors in the United States and its allies have turned an accepted annoyance into a considerable threat to national interests.
A newly released CSIS report by James Lewis and Stewart Baker estimates the annual cost to U.S. businesses as a result of crime and intellectual property (IP) theft in cyberspace at a staggering $100 billion. Extend that to the global scale, and the figure increases to $300 billion. General Keith Alexander, director of the National Security Agency, described IP theft as a major security threat, given the sensitive nature of much of the information being illegally extracted on a daily basis.
An anonymous source revealed on May 27 that Australia’s government offices, defense contractors, and spy agencies had all been victims of cyber espionage. For example, Adelaide-based defense contractor Codan in May reported seeing cheap copies of its products flowing out of China, mimicked down to the brand logo.
The threats that the United States and Australia face are not only similar, but interconnected. In June, a Pentagon official testified in a Senate hearing that rival countries used stolen design data of Lockheed Martin’s F-35 Strike Fighter—100 of which Australia is slated to buy—to develop their own weaponry.
The United States needs to utilize its relationships with like-minded countries to address cyber espionage. One possible avenue for this is the United Kingdom-United States of America Agreement on intelligence-sharing, more commonly known as “Five Eyes,” which includes Australia, Canada, New Zealand, the United Kingdom, and the United States. Given the degree of trust that allows these countries to exchange high-level intelligence via “Five Eyes,” it would make sense to extend the framework to the cybersecurity realm. As frequent victims of cyber espionage activities, all five countries have a shared interest in the protection of their intellectual property.
First, the “Five Eyes” countries should consider facilitating information-sharing not just among their respective militaries, but also between civilian agencies like the U.S. Department of Homeland Security and the Australian Security Intelligence Organization. This would allow all five governments to be on the same page regarding newly emerging threats and possible ways to deter them.
Second, the five countries should adopt a common set of standards of vigilance in protecting critical networks, including those of government agencies and defense contractors. In a July 9 congressional testimony, CSIS cybersecurity expert James Lewis identified a list produced by Australia’s Defence Signals Directorate (DSD), an intelligence agency within the Australian Department of Defence, as a realistic and effective starting benchmark. The DSD outlines 35 mitigation strategies against cyber threats, including four key controls that would be able to prevent at least 85 percent of all attacks.
U.S. policymakers are beginning to take seriously the task of maintaining national security in cyberspace. The United States and its allies, including Australia, possess the capabilities to prevent low-complexity cyber attacks, but so far lack the commitment. Now is the time to start treating cyber espionage as an immediate problem and take steps to cooperate to address common cybersecurity concerns.