Ian Wallace is a Visiting Fellow in the Center for 21st Century Security and Intelligence at the Brookings Institution and previously a senior official at the British Ministry of Defence, where he helped develop UK cyber strategy.
When former US Homeland Security Secretary Janet Napolitano hosted her ‘Five Eyes’ counterparts at the US Naval Postgraduate School in Monterey, California in July, it is not surprising that cybersecurity was on the agenda. These days, what self-respecting international security gathering would be without a cyber discussion?
But this also raises the question of why we do not see more such gatherings on cyber issues. Why are our defence ministers not jumping on the next plane to Monterey, or wherever else, to discuss military cyber cooperation?
The Five Eyes format is particularly well suited to cyber discussions. The great Catch-22 of cyber-related diplomacy is that while everyone acknowledges the importance of international cooperation, there is rarely sufficient trust between countries to enable a meaningful discussion. What could be a better format, therefore, than a partnership between the US, UK, Canada, Australia and New Zealand formed specifically to share signals intelligence?
This missed opportunity is especially disappointing for two reasons. First, because despite all the ink expended on cyber topics in recent years, there is still much work to be done on how such capabilities should affect our warfighting doctrines and concepts, let alone what would actually happen in practice during a war.[fold]
Properly 'integrating’ cyber within defence planning (the goal set out in this year's Australian Defence White Paper) could take years of experimentation, testing and trial and error. Even with different political and legal frameworks, it makes no sense at all for each of the Five Eyes partners to fail to share each other’s experiences on this path, especially if that in turn can lead to burden-sharing of one sort or another.
Second, and more significantly, it means failing to maximise an important opportunity to use Five Eyes collaboration as the first step towards a more general understanding of what working with allies in a conflict involving cyber capabilities is going to look like. Cyber has the potential to have a profound impact on the character of future conflict, especially for coalition operations, but it is a topic that has yet to receive much attention.
Not all of the Five Eyes nations have either the national authorities or national capabilities to engage in the full range of these discussions. That is sometimes presented as a showstopper. But it shouldn’t be. In fact, it is one of the central problems we need to address.
There is, of course, a wider debate to be had about the potential (or not) of the Five Eyes relationship (or ‘the Anglosphere’ as others have called it), as an organising principle for military cooperation. Decision-makers in each capital (from very different perspectives) may well question the strategic logic: are these really the partners we should be planning to fight with in the 21st century? Are our regional priorities aligned? Are our capabilities and authorities aligned? Can’t we get more from dealing bilaterally? And isn’t the notion of Five Eyes military cooperation really a bit too, well, ‘twentieth century’?
But that need not be what this is about. Even among the Five Eyes countries, there would need to be other mechanisms for military cyber cooperation on higher-end capabilities, and sensitive issues will still need to be addressed bilaterally. So it might make sense to remain focused on trilateral cooperation (US-UK-Australia) in the short term.
But ultimately the real potential lies in starting a process that looks afresh at how an even wider circle of military allies and partners can continue to cooperate despite the profound changes that are affecting the character of conflict in 21st century. One of the strengths of the Five Eyes construct is that it sits across so many other relationships, including NATO, the EU and ASEAN among others.
Nor should the baggage of the Snowden revelations about cyber espionage get in the way of pursuing the related but separate question of how cyber affects the way our forces fight. By tiptoeing around the fact that future adversaries will likely employ cyber capabilities against our troops, their logistic support and even the home front, we not only risk undermining their effectiveness, but also missing the chance to set the terms of that conversation in a more sensible direction. We should seek to drive that narrative. For example, defence ministers should declare that a major strategic objective informing military cyber planning ought to be the preservation of the global internet on which our entire modern economy depends.
In fact, military cyber conversations have already begun at official level between Five Eyes nations. This is a useful a start. As GEN Keith Alexander revealed in testimony to the US House of Representatives in March 2012, the UK, US and Australia have established a Defence Cyber Contact Group which, among other things, is used to 'develop a listing of issues that impede our ability to conduct trilateral operations together'. Meanwhile, the 2013 Australian Defence White Paper speaks of building a ‘comprehensive cyber partnership’ with the UK and US. Including Canada and New Zealand (especially given the recent improvement in the US-NZ military relationship) into at least a subset of those discussions is an obvious next step.
However, even if progress is made among cyber officials, they cannot (and should not) be expected to drive the sort of international collaboration that is necessary on their own initiative. That requires explicit and concerted ministerial commitment and oversight. So pack your bags, Senator Johnston, it’s time to start an historic dialogue on the future of war!
Photo by Flickr user rlsuk.