Strategy and Statecraft in Cyberspace
This new international and interdisciplinary research program responds to the need to better understand cyberspace as a new domain – like the traditional domains of the land, sea, air and space – in which states interact with each other. It is a domain that is creating enormous opportunity for states and their citizens, but one that also harbours poorly understood threats to national security. It is a domain where the rules are still being written.
The key challenges which cyberspace poses for international security arise from the increasingly complex relationship between non- and sub-state organisations and the international system of states as a whole.
The program will create an integrated conceptual, analytical and computational modelling framework to explore these challenges. It will allow scholars from the humanities, the social sciences and the natural sciences to work together to create and test hypotheses about security in the cyber age.
Because cyberspace is a new domain for states and non-state actors alike, many, if not most, of the ideas and concepts about it are essentially contested. And because the structure and dynamics of cyberspace are changing rapidly in some respects, those ideas and concepts are not settling.
The modelling framework that will be built by the program will allow tomorrow’s cyberspace to be explored with the same rigour as today’s. As the program develops, its modelling framework will provide an environment in which policy makers can road-test new policy ideas. The framework will also provide a hands-on environment for advanced teaching in cybersecurity, political science, international relations and international law.
The Political Ecology of Cyberspace
The program’s first research project will tackle a number of wicked problems for global security created by the rise of cyberspace: :
> The proliferation of cyber weapons to state and non-state actors
> Systemic vulnerabilities in the infrastructure of globalisation and military power
> Friction between private sector actors who manage the internet and public sector actors who defend them
> Mismatch between the pace of policy formation and the pace of technological change
> Coordination failures among government agencies responsible for national security, law enforcement and industrial policy
> Major normative disagreements about how the internet should be managed domestically and internationally.
Because cyber security problems cross many functional, jurisdictional and intellectual borders, a basic challenge is simply to develop useful theoretical concepts to analyse them. There is a burgeoning, but largely inconclusive, literature exploring the strategic characteristics of this domain from a variety of perspectives.Some authors foresee grave new risks of a ‘digital Pearl Harbour’, while critics dismiss these warnings as inflating the threat. In cyberspace, technological complexity has amplified political complexity. This, in turn, has complicated political analysis.
Cyberspace challenges national security through the increasingly complex relationships between non- and sub-state actors and the international system as a whole.
This is really a problem in ecology.
We propose to leverage concepts and methodologies from ecological science to analyse global cyber security.Ecological metaphors have often been used to describe the complex interdependence among actors in cyberspace. Abstracting both ecology and international relations by treating them each as particular classes of complex systems creates a useful intellectual mechanism for facilitating these mappings.
We believe this approach is promising because the problem of control or regulation spans ecology and political science. Our political ecological approach offers a more dynamic and agile understanding of the action/reaction cycle in cyberspace defence and strategy. Our central contention is that policy and strategy must be allowed to evolve, just as cyberspace evolves.
What is required, therefore, is a policy framework which can encourage the evolution of a range of policy options and responses which can correspond to a cyberspace challenge as it is manifested, rather than seek to fit that challenge into an established analytical framework and to meet it with traditional or preferred solutions.
In cyberspace, national security policy and strategy need to be as open-minded and as agile as possible if they are to survive and prevail in the ecological contest which we envisage.
Implications for national security policy and strategy
The project will articulate a policy framework for the critical evaluation (and re-evaluation) of conventional wisdoms about cyber conflict and security. Iterative analysis of this sort is the essential foundation of an agile and well targeted national security policy and strategy.
Given the marked absence of historical data, there is a need for a modelling framework which can simulate and test complexity and can subject these simulations to trend analysis. This modelling methodology is, importantly, open-ended: new types of cyber interaction can be factored in as they evolve.
As an adaptive – plastic – environment, it will be important to be able to assess the impact of policy and strategy on cyberspace. Different regulatory, persuasive and coercive interventions will have different trade-offs and costs, the quantification of which must be part of risk-based policy formation and strategic prioritisation. The research will help us question the stability of cyberspace as an environment and test its vulnerability to internal and external drivers of change.
The project will encourage diversity in the design of a range of strategic concepts and in the selection of the agent(s) best suited to the deliver them. Multi-agent responses and coalitions will be natural rather than exceptional and will be formed at various levels between public and private actors.
Deliverables and benefits
Over three years, through papers in the peer-reviewed literature and public commentary, this project will inform the public debate on cyberspace’s threats and challenges for national security policy and strategy.
It will also host a series of workshops and conferences for invited stakeholders in the government and business sectors in Australia, the UK and the US. These hands-on workshops will allow stakeholders to steer the research, as well as generate and explore scenarios around cyberspace’s evolution. These conferences will also explore the policy implications of different cyberspace futures, such as a balkanised internet.
The modelling framework will provide an analytical environment which can support decision makers. It will create a resource for government to test policy options and for the NSC and its partners to use in advanced teaching of postgraduate students. The environment and models will simulate current and future trends, improving the ability to identify and manage risks, interdependencies and vulnerabilities.
If successful, the research outputs will assist government and industry with options for development and consequence assessments. Research outputs will also provide a rich environment within which corporations can embed their own models to explore their own cyber strategies.
Through the ability to simulate complex environments, this research could support improved community awareness or educational activities, especially those targeting managers and leaders lacking a sophisticated understanding of the nature of the threat and response environment.
The research involved in development and testing of the framework will also provide thesis material for one or more doctoral candidates and the framework itself will allow other researchers to test their hypotheses about the cyber domain.
- Professor Roger Bradbury is a complex systems scientist with experience in international cyber issues, and is with the National Security College at ANU.
- Professor Paul Cornish specialises in information privacy and security law issues, and is a Professorial Fellow in Cyber Security in the NSC's Strategy and Statecraft in Cyberspace program.
- Professor Fred Cate is Vice President for Research, Indiana University; Distinguished Professor and C. Ben Dutton Professor of Law; Senior Fellow, Center for Applied Cybersecurity Research; Director, Center for Law, Ethics, and Applied Research in Health Information.
- Dr Jon Lindsay is an expert in international relations at the University of California Institute on Global Conflict and Cooperation at UC San Diego, USA.
- Professor Terry Bossomaier is a computational scientist with interests in the theory and applications of complex systems and Director of the Centre for Research in Complex Systems at Charles Sturt University.