Redundancy key to net-centric Defence

Defence should focus on withstanding, and not just preventing, cyber-attacks, a U.S. researcher and ex-Air Force commander suggests.

According to Robert Elder of the George Mason University, increasingly networked military activities are becoming more challenging to protect.

At the Network Centric Warfare (NCW) conference in Canberra yesterday, Elder described a range of means by which attackers could disrupt online military operations.

Network operators needed effective control of the wireless electromagnetic spectrum, as well as electronic protection methods to secure their communications, he said.

Significant disruptions in connectivity could be critical.

"Cyberspace has become the basic foundation of all that we [military] do," Elder told iTnews at the conference.

Besides attacks like an electromagnetic pulse (EMP) that could physically damage equipment, networks were also vulnerable to sensor disruption, data manipulation, and systems degradation, he said.

And while defence organisations tended to deal with each source of attack, absolute protection may be impossible.

"There are a lot of ways that a enemy can disrupt your net-centric activities," Elder said.

"If you really want to become serious about net-centric activities, you have to deal with the fact that these networks will become degraded -- it's not about if they become degraded, it's about when.

"Maybe the answer is not to deal with these attacks individually," he said.

"Maybe the answer is to deal with these attacks through mission assurance or resilience - fighting through the attack."

Elder attributed the concept of mission assurance to the commercial banking sector, where any downtime or errors of even a cent per transaction could cost a financial institution billions.

Implementing redundancy was akin to buying insurance, he said, and may also help maintain data integrity through error detection techniques that compare multiple copies of the same transmission.

Also at the conference, Hussein Abbass of the Australian Defence Force Academy urged defence organisations to adopt a holistic view of network security.

Besides network infrastructure, other "layers" of a network had to be assessed and protected, including its logistics, information, people, cognitive outcomes, and other effects.

"The concept of securing a network is not just encrypting the network," Abbass said. "It's about understanding the interactions that take place at different levels of the network."

"If we're going to get into network centric warfare, we're going to have to think about networks instead of platforms and capabilities," he said.