• Home
  • About RSIS
    • Introduction
    • Building the Foundations
    • Welcome Message
    • Board of Governors
    • Staff Profiles
      • Executive Deputy Chairman’s Office
      • Dean’s Office
      • Management
      • Distinguished Fellows
      • Faculty and Research
      • Associate Research Fellows, Senior Analysts and Research Analysts
      • Visiting Fellows
      • Adjunct Fellows
      • Administrative Staff
    • Honours and Awards for RSIS Staff and Students
    • RSIS Endowment Fund
    • Endowed Professorships
    • Career Opportunities
    • Getting to RSIS
  • Research
    • Research Centres
      • Centre for Multilateralism Studies (CMS)
      • Centre for Non-Traditional Security Studies (NTS Centre)
      • Centre of Excellence for National Security (CENS)
      • Institute of Defence and Strategic Studies (IDSS)
      • International Centre for Political Violence and Terrorism Research (ICPVTR)
    • Research Programmes
      • National Security Studies Programme (NSSP)
      • Studies in Inter-Religious Relations in Plural Societies (SRP) Programme
    • Future Issues and Technology Cluster
    • [email protected] Newsletter
    • Other Research
      • Science and Technology Studies Programme (STSP) (2017-2020)
  • Graduate Education
    • Graduate Programmes Office
    • Overview
    • MSc (Asian Studies)
    • MSc (International Political Economy)
    • MSc (International Relations)
    • MSc (Strategic Studies)
    • NTU-Warwick Double Masters Programme
    • PhD Programme
    • Exchange Partners and Programmes
    • How to Apply
    • Financial Assistance
    • Meet the Admissions Team: Information Sessions and other events
    • RSIS Alumni
  • Alumni & Networks
    • Alumni
    • Asia-Pacific Programme for Senior Military Officers (APPSMO)
    • Asia-Pacific Programme for Senior National Security Officers (APPSNO)
    • International Strategy Forum-Asia (ISF-Asia)
    • SRP Executive Programme
    • Terrorism Analyst Training Course (TATC)
  • Publications
    • RSIS Publications
      • Annual Reviews
      • Books
      • Bulletins and Newsletters
      • Commentaries
      • Counter Terrorist Trends and Analyses
      • Commemorative / Event Reports
      • IDSS Paper
      • Interreligious Relations
      • Monographs
      • NTS Insight
      • Policy Reports
      • Working Papers
      • RSIS Publications for the Year
    • Glossary of Abbreviations
    • External Publications
      • Authored Books
      • Journal Articles
      • Edited Books
      • Chapters in Edited Books
      • Policy Reports
      • Working Papers
      • Op-Eds
      • External Publications for the Year
    • Policy-relevant Articles Given RSIS Award
  • Media
    • Great Powers
    • Sustainable Security
    • Other Resource Pages
    • Media Highlights
    • News Releases
    • Speeches
    • Vidcast Channel
    • Audio/Video Forums
  • Events
  • Giving
  • Contact Us
Facebook
Twitter
YouTube
RSISVideoCast RSISVideoCast rsis.sg
Linkedin
instagram instagram rsis.sg
RSS
  • Home
  • About RSIS
      • Introduction
      • Building the Foundations
      • Welcome Message
      • Board of Governors
      • Staff Profiles
        • Executive Deputy Chairman’s Office
        • Dean’s Office
        • Management
        • Distinguished Fellows
        • Faculty and Research
        • Associate Research Fellows, Senior Analysts and Research Analysts
        • Visiting Fellows
        • Adjunct Fellows
        • Administrative Staff
      • Honours and Awards for RSIS Staff and Students
      • RSIS Endowment Fund
      • Endowed Professorships
      • Career Opportunities
      • Getting to RSIS
  • Research
      • Research Centres
        • Centre for Multilateralism Studies (CMS)
        • Centre for Non-Traditional Security Studies (NTS Centre)
        • Centre of Excellence for National Security (CENS)
        • Institute of Defence and Strategic Studies (IDSS)
        • International Centre for Political Violence and Terrorism Research (ICPVTR)
      • Research Programmes
        • National Security Studies Programme (NSSP)
        • Studies in Inter-Religious Relations in Plural Societies (SRP) Programme
      • Future Issues and Technology Cluster
      • [email protected] Newsletter
      • Other Research
        • Science and Technology Studies Programme (STSP) (2017-2020)
  • Graduate Education
      • Graduate Programmes Office
      • Overview
      • MSc (Asian Studies)
      • MSc (International Political Economy)
      • MSc (International Relations)
      • MSc (Strategic Studies)
      • NTU-Warwick Double Masters Programme
      • PhD Programme
      • Exchange Partners and Programmes
      • How to Apply
      • Financial Assistance
      • Meet the Admissions Team: Information Sessions and other events
      • RSIS Alumni
  • Alumni & Networks
      • Alumni
      • Asia-Pacific Programme for Senior Military Officers (APPSMO)
      • Asia-Pacific Programme for Senior National Security Officers (APPSNO)
      • International Strategy Forum-Asia (ISF-Asia)
      • SRP Executive Programme
      • Terrorism Analyst Training Course (TATC)
  • Publications
      • RSIS Publications
        • Annual Reviews
        • Books
        • Bulletins and Newsletters
        • Commentaries
        • Counter Terrorist Trends and Analyses
        • Commemorative / Event Reports
        • IDSS Paper
        • Interreligious Relations
        • Monographs
        • NTS Insight
        • Policy Reports
        • Working Papers
        • RSIS Publications for the Year
      • Glossary of Abbreviations
      • External Publications
        • Authored Books
        • Journal Articles
        • Edited Books
        • Chapters in Edited Books
        • Policy Reports
        • Working Papers
        • Op-Eds
        • External Publications for the Year
      • Policy-relevant Articles Given RSIS Award
  • Media
      • Great Powers
      • Sustainable Security
      • Other Resource Pages
      • Media Highlights
      • News Releases
      • Speeches
      • Vidcast Channel
      • Audio/Video Forums
  • Events
  • Giving
  • Contact Us
  • instagram instagram rsis.sg
Connect

Getting to RSIS

Map

Address

Nanyang Technological University
Block S4, Level B3,
50 Nanyang Avenue,
Singapore 639798

View location on Google maps Click here for directions to RSIS

Get in Touch

    Connect with Us

      rsis.ntu
      rsis_ntu
      rsisntu
    RSISVideoCast RSISVideoCast rsisvideocast
      school/rsis-ntu
    instagram instagram rsis.sg
      RSS
    Subscribe to RSIS Publications
    Subscribe to RSIS Events

    RSIS Intranet

    S. Rajaratnam School of International Studies Think Tank and Graduate School Ponder The Improbable Since 1966
    Nanyang Technological University Nanyang Technological University

    Skip to content

     
    • RSIS
    • Publication
    • RSIS Publications
    • Australia Under Cyber Attack: Dissecting Canberra’s Response
    • Annual Reviews
    • Books
    • Bulletins and Newsletters
    • Commentaries
    • Counter Terrorist Trends and Analyses
    • Commemorative / Event Reports
    • IDSS Paper
    • Interreligious Relations
    • Monographs
    • NTS Insight
    • Policy Reports
    • Working Papers
    • RSIS Publications for the Year

    CO20143 | Australia Under Cyber Attack: Dissecting Canberra’s Response
    Tan E Guang Eugene

    15 July 2020

    download pdf
    RSIS Commentary is a platform to provide timely and, where appropriate, policy-relevant commentary and analysis of topical and contemporary issues. The authors’ views are their own and do not represent the official position of the S. Rajaratnam School of International Studies (RSIS), NTU. These commentaries may be reproduced with prior permission from RSIS and due credit to the author(s) and RSIS. Please email to Editor RSIS Commentary at [email protected].

    SYNOPSIS

    Attributing cyber attacks to state-sponsored actors is a delicate balancing act that requires strategic and political thinking. States may or may not choose to name the offending state based on their own national interests. What is more important is how states should improve their capabilities to actively deter malicious actors.


    Source: Unsplash

    COMMENTARY

    ON 19 JUNE 2020, Australia publicly announced that it was a victim of state-based cyber attacks. This assessment was based on the “scale and nature of the targeting”. According to Australian Prime Minister Morrison, the malicious activity was targeted at a broad range of organisations across Australia, including government, industry, political organisations, education, essential service providers, and operators of critical infrastructure.

    The Australian government did not disclose the identity of the attacker or the objectives of the attackers. Morrison particularly stressed that there were no large scale data breaches of private information, and that the announcement was a public call to improve capabilities in face of aggression caused by states. This raises questions of why did the Australian government feel the need to attribute a cyber attack when there was little harm done.

    Cyber Conflict – More of the Same?

    To understand this better, it should be remembered that cyber conflicts among states are still largely driven by geo-political and political considerations, and should not be seen as separate from other kinds of conflict or political objectives.

    The increasing use of cyber operations can offer new ways to test the robustness of a state’s defences – in this case networks, but they are usually part of great power competition or the hierarchy of states in the international system. States sponsor malicious actors to degrade networks, disrupt services and collect information through espionage activity.

    It is therefore unsurprising that prominent think tanks in Australia have suggested with a high level of confidence that China, given its recent tensions with Australia, was behind the attacks. But this may not be the case because think tanks may not have all the information that the government has, and do not represent government positions.

    Attribution – a Signalling Device

    Publicly attributing a cyber attack is one of the many responses available to states, but states may choose to withhold the identity of the perpetrator.

    The Australian government’s approach may have more nuanced national security considerations. Australia had previously, with the United Kingdom, accused Russia of cyber attacks aimed at destabilising democracies in 2018. Unfortunately, pointing the finger at Russia had little effect in reducing cyber attacks but instead increased hostility and mistrust of Russia.

    By not naming the state actor, victim states can signal in two main ways: first, signal in the first instance to the aggressor their capability in discovering and resolving a cyber operation; and second, that these activities should cease. Should the ‘signal’ not be heeded, the victim state can then proceed to escalate the attribution by naming who the perpetrator is.

    This is not dissimilar to Singapore’s response to the SingHealth cyberattack in 2018. Then, Singapore took the same tack of attributing the attack to a state-sponsored actor while not naming the perpetrator. As a small state, Singapore seeks to maintain good relationships with all states, meaning these relationships should not be jeopardised. The act of not naming a state allowed the offending state some leeway to back away to de-escalate.

    Calculated Responses to Cyberattacks

    Responding to a cyber attack is tricky and may have many spill-over effects that may affect the strategic and political calculation and interests of states. What states can do well is to consider all possible information and options before responding.

    Small states like Singapore need to be careful in any response because a disproportionate response to a cyberattack may results in escalation by the attacker. This could be potentially catastrophic given the vulnerability of the state’s economy, infrastructure, and physical size.

    When people call for retaliation for cyber attacks they miss the point on how states can react to a cyber attack. Small states have serious limitations in their credibility and ability to punish state-sponsored perpetrators, especially from much larger states. The realities of small states’ physical vulnerabilities cannot be discounted.

    Hypothetically, if a large state carried out a cyber attack, small states would be hard pressed to impose economic sanctions, or to show military or cyber force. At best, small states could use diplomatic back-channels to signal their displeasure.

    Improving Domestic Responses to Cyber Operations

    It is unfortunate that most reports on Morrison’s remarks circle around the whodunit element of attribution. While reacting adversely to a cyber-incident may be an understandable and natural reaction, Morrison’s remarks were also in part to help the public understand that part of the response required domestic attention, and the Australian government was actively trying to defend against these malicious actors.

    Domestic responses such as building cyber and societal resilience are also important for states to combat the effects of cyber operations. By reducing the time that systems are disrupted by developing continuity of business plans, the effects that an adversary seeks can be mitigated.

    The payoffs for a successful cyber attack in the physical realm often manifest itself in either the physical destruction of infrastructure or the psychological disruption in the minds of the residents of the state. However, if attackers cannot realise these payoffs, then there may be less motivation for an attacker to carry out a cyber attack because the level of success is low.

    Attribution of an attack should therefore only form part of the response of the state, and should not be considered the first response to a cyber incident. Instead, the increased awareness of the targets, motives and modus operandi of state-sponsored malicious actors may guide states to create a more robust response mechanism that is effective to deter and communicate costs to an aggressor state.

    About the Author

    Eugene EG Tan is Associate Research Fellow at the Centre of Excellence for National Security (CENS), a constituent unit of the S. Rajaratnam School of International Studies (RSIS), Nanyang Technological University (NTU), Singapore.

    Categories: Commentaries / Country and Region Studies / Cybersecurity, Biosecurity and Nuclear Safety / Non-Traditional Security / East Asia and Asia Pacific / Global / South Asia / Southeast Asia and ASEAN

    Last updated on 16/07/2020

    comments powered by Disqus
    RSIS Commentary is a platform to provide timely and, where appropriate, policy-relevant commentary and analysis of topical and contemporary issues. The authors’ views are their own and do not represent the official position of the S. Rajaratnam School of International Studies (RSIS), NTU. These commentaries may be reproduced with prior permission from RSIS and due credit to the author(s) and RSIS. Please email to Editor RSIS Commentary at [email protected].

    SYNOPSIS

    Attributing cyber attacks to state-sponsored actors is a delicate balancing act that requires strategic and political thinking. States may or may not choose to name the offending state based on their own national interests. What is more important is how states should improve their capabilities to actively deter malicious actors.


    Source: Unsplash

    COMMENTARY

    ON 19 JUNE 2020, Australia publicly announced that it was a victim of state-based cyber attacks. This assessment was based on the “scale and nature of the targeting”. According to Australian Prime Minister Morrison, the malicious activity was targeted at a broad range of organisations across Australia, including government, industry, political organisations, education, essential service providers, and operators of critical infrastructure.

    The Australian government did not disclose the identity of the attacker or the objectives of the attackers. Morrison particularly stressed that there were no large scale data breaches of private information, and that the announcement was a public call to improve capabilities in face of aggression caused by states. This raises questions of why did the Australian government feel the need to attribute a cyber attack when there was little harm done.

    Cyber Conflict – More of the Same?

    To understand this better, it should be remembered that cyber conflicts among states are still largely driven by geo-political and political considerations, and should not be seen as separate from other kinds of conflict or political objectives.

    The increasing use of cyber operations can offer new ways to test the robustness of a state’s defences – in this case networks, but they are usually part of great power competition or the hierarchy of states in the international system. States sponsor malicious actors to degrade networks, disrupt services and collect information through espionage activity.

    It is therefore unsurprising that prominent think tanks in Australia have suggested with a high level of confidence that China, given its recent tensions with Australia, was behind the attacks. But this may not be the case because think tanks may not have all the information that the government has, and do not represent government positions.

    Attribution – a Signalling Device

    Publicly attributing a cyber attack is one of the many responses available to states, but states may choose to withhold the identity of the perpetrator.

    The Australian government’s approach may have more nuanced national security considerations. Australia had previously, with the United Kingdom, accused Russia of cyber attacks aimed at destabilising democracies in 2018. Unfortunately, pointing the finger at Russia had little effect in reducing cyber attacks but instead increased hostility and mistrust of Russia.

    By not naming the state actor, victim states can signal in two main ways: first, signal in the first instance to the aggressor their capability in discovering and resolving a cyber operation; and second, that these activities should cease. Should the ‘signal’ not be heeded, the victim state can then proceed to escalate the attribution by naming who the perpetrator is.

    This is not dissimilar to Singapore’s response to the SingHealth cyberattack in 2018. Then, Singapore took the same tack of attributing the attack to a state-sponsored actor while not naming the perpetrator. As a small state, Singapore seeks to maintain good relationships with all states, meaning these relationships should not be jeopardised. The act of not naming a state allowed the offending state some leeway to back away to de-escalate.

    Calculated Responses to Cyberattacks

    Responding to a cyber attack is tricky and may have many spill-over effects that may affect the strategic and political calculation and interests of states. What states can do well is to consider all possible information and options before responding.

    Small states like Singapore need to be careful in any response because a disproportionate response to a cyberattack may results in escalation by the attacker. This could be potentially catastrophic given the vulnerability of the state’s economy, infrastructure, and physical size.

    When people call for retaliation for cyber attacks they miss the point on how states can react to a cyber attack. Small states have serious limitations in their credibility and ability to punish state-sponsored perpetrators, especially from much larger states. The realities of small states’ physical vulnerabilities cannot be discounted.

    Hypothetically, if a large state carried out a cyber attack, small states would be hard pressed to impose economic sanctions, or to show military or cyber force. At best, small states could use diplomatic back-channels to signal their displeasure.

    Improving Domestic Responses to Cyber Operations

    It is unfortunate that most reports on Morrison’s remarks circle around the whodunit element of attribution. While reacting adversely to a cyber-incident may be an understandable and natural reaction, Morrison’s remarks were also in part to help the public understand that part of the response required domestic attention, and the Australian government was actively trying to defend against these malicious actors.

    Domestic responses such as building cyber and societal resilience are also important for states to combat the effects of cyber operations. By reducing the time that systems are disrupted by developing continuity of business plans, the effects that an adversary seeks can be mitigated.

    The payoffs for a successful cyber attack in the physical realm often manifest itself in either the physical destruction of infrastructure or the psychological disruption in the minds of the residents of the state. However, if attackers cannot realise these payoffs, then there may be less motivation for an attacker to carry out a cyber attack because the level of success is low.

    Attribution of an attack should therefore only form part of the response of the state, and should not be considered the first response to a cyber incident. Instead, the increased awareness of the targets, motives and modus operandi of state-sponsored malicious actors may guide states to create a more robust response mechanism that is effective to deter and communicate costs to an aggressor state.

    About the Author

    Eugene EG Tan is Associate Research Fellow at the Centre of Excellence for National Security (CENS), a constituent unit of the S. Rajaratnam School of International Studies (RSIS), Nanyang Technological University (NTU), Singapore.

    Categories: Commentaries / Country and Region Studies / Cybersecurity, Biosecurity and Nuclear Safety / Non-Traditional Security

    Last updated on 16/07/2020

    Back to top

    Terms of Use | Privacy Statement
    Copyright © S. Rajaratnam School of International Studies. All rights reserved.
    This site uses cookies to offer you a better browsing experience. By continuing, you are agreeing to the use of cookies on your device as described in our privacy policy. Learn more
    OK
    Latest Book
    Australia Under Cyber Attack: Dissecting Canberra’s Response

    SYNOPSIS

    Attributing cyber attacks to state-sponsored actors is a delicate balancing act that requires strategic and political thinking. States may or may n ...
    more info