In September 2021, the leaders of Australia, the United Kingdom and the United States announced the creation of the AUKUS enhanced trilateral security partnership, aimed at strengthening the nations’ collective ability to preserve security and stability in the Indo-Pacific.
AUKUS has two ‘Pillars’:
- Pillar 1: Focused on helping Australia acquire its first conventionally armed, nuclear-powered submarine fleet. This inherently comes with considerable cost, scale and complexity around considerations such as cohering the three nations' workforces, construction facilities under the ‘two shipyards, one design’ principle and safeguarding standards on a partnership level. The ‘optimal pathway’ for Pillar 1 stretches into the 2040s.
- Pillar 2: Focused on the development of a range of ‘Advanced Capabilities’ – along with sharing technology and increasing interoperability between the three nations’ armed forces, which combined would reinforce an overall strategic advantage in the Indo-Pacific.
The most significant defence, security, and diplomatic agreement the UK has entered in the past 60 years.UK Ministry of Defence
While the pillars are clearly complementary, Pillar 2 arguably offers an opportunity to provide a more immediate contribution to the objectives of the partnership. Certainly sooner than the delivery of a long-term, capital-intensive programme such as engineering nuclear-powered submarines.
In this blog, we focus on how cyber capabilities support both pillars, the considerations that come with delivering advanced cyber capabilities, and some key recommendations for driving closer collaboration across the AUKUS partnership.
Cyber for Pillar 1
Cyber is one of the original six capability areas of Pillar 2, along with artificial intelligence, electronic warfare, quantum technologies, hypersonic & counter-hypersonic missiles and undersea warfare. The importance of cyber to Pillar 1 however, cannot be underestimated.
Like any large-scale manufacturing project for defence or national security, cyber security must be part of the Security by Design mantra from the outset. This is particularly true in the context of nuclear-powered submarines. AUKUS is dealing with extremely sensitive technologies which very few states have. How security is integral to those structures to deliver security from the start, should therefore be a critical consideration. For example, how do we protect design information, Intellectual Property, commercial information etc. in a multi-lateral collaboration environment? Once operational, how do we continue to protect the SSN-AUKUS submarine in the future multi-domain operational battlespace?
Secure by Design principles must be adopted even before construction has begun, with each AUKUS partner dedicated to ensuring that cyber is embedded and integral throughout every phase – from design and build to commission and operation.
Defensive capabilities will continue to be critical for several reasons – from defending against threats to developing defence platforms and critical infrastructure more generally, including the broader supply chain. These capabilities also encompass offensive and defensive capabilities when it comes to military platforms and military effects, as well as protection against espionage, reconnaissance and repositioning.
The intersection of cyber security and the broader supply chain will be particularly important in the coming years and will be of equal importance under the Australian National Cyber Strategy. The Australian intelligence and defence communities are acutely aware that, in being given custodianship of nuclear capability, they will need to step up their security.
If we also think about another tri-nation capability programme where we can draw parallels, GCAP (Global Combat Air Programme) also has the task of ensuring a secure and collaborative working environment. Lessons in building and working tri-laterally must be carried forwards to programmes such as AUKUS. It is important that national defence organisations and the intelligence communities work together effectively, in turn enabling the supply chain to collaborate with the defence departments in each of the UK, US and Australia.
Pillar 2: The need for advanced cyber
As defined in the AUKUS agreement, the advanced cyber working group will focus on “strengthening cyber capabilities, including protecting critical communications and operations systems”. Cyber also comes into other areas of Pillar 2, such as AI which will involve “improving the resilience of autonomous and AI-enabled systems”.
When thinking about cyber capabilities, there are significant opportunities for the UK, US and Australia to benefit from collaboration and cooperation – particularly in the context of defence and national security. Other nations around the world – adversaries and allies alike – are continuing to grow their cyber power in an effort to gain an advantage outside of traditional military power, highlighting a need for like-minded states to pool their expertise to counter potential threats. Rapid innovation and research and development are needed to stay ahead in the competition for dominance in cyberspace and AUKUS provides an avenue to achieve this.
Individually, the AUKUS nations have recognised this imperative for some time. For example, the 2018 Command Vision for US Cyber Command speaks about “achieving cyberspace superiority by seizing and maintaining the tactical and operational initiative” – exploiting and operationalising emerging technologies faster and more effectively than adversaries. Similarly, the UK’s Ministry of Defence Joint Doctrine Note 1/18 on cyber and electromagnetic activities puts the onus on regaining the initiative by quickly developing technology and capabilities in cyberspace, while Australia’s 2020 Force Structure Plan for the Australian Defence Force highlights the need for improved cyber capabilities.
More recently, the UK MoD has outlined a vision to build a stronger, cyber-resilient defence, while the US has spoken of the need to “work closely with our allies, partners, and industry to make sure we have the right cyber capabilities, cyber security and cyber resilience to help deter conflict, and to fight and win if deterrence fails."
This draws attention to a key point. Developing effective and credible cyber capabilities is critical to providing an effective deterrent in the face of threats from nation states – both locally and internationally. Nations working together through programmes like AUKUS is a powerful way to achieve this, providing an opportunity to enhance collective capability and expertise while also presenting a united front.
Recommendations
With all that in mind, the key question becomes how can AUKUS enable closer collaboration between the three nations in a way that drives positive outcomes for everyone? We believe there are three aspects to consider.
-
Setting the scope
The scope of the Advanced Cyber working group within AUKUS will likely encompass many different platforms, systems and functions. As such, developing clear and measurable objectives from the outset will be important. Clarity is needed around the commitment being made to build cyber capacity under the agreement – requiring a more focused message and clear articulation of the objectives and requirements for each country. This is crucial for creating a more secure and collaborative environment that enables large and small defence and intelligence players across all three nations to work together seamlessly.
-
Driving industry engagement
Establishing a clearer definition of scope would in turn enable enhanced industry engagement across the AUKUS nations cyber industrial bases. Deepening integration of cyber knowledge and development across the three countries will be essential to not only maximising collective capabilities, but also in developing and establishing best practice in the use of these capabilities. By leveraging industry expertise as a collective rather than as silos, we can ensure that the AUKUS programme has tangible impact.
-
Ensuring strategy and policy alignment
Currently, there is a real need for non-technical elements to be more effectively implemented – from Visa applications to the alignment of policies and physical security. Through remediating security clearance challenges and improving industry sponsorship, for example, AUKUS can potentially enhance the flow of skills and talent between the three nations. Creating interoperability by ensuring compatible technology standards within AUKUS is also key to collaboration and, in turn, for strengthening the development of sovereign capabilities in all parties.
The amendments to export control legislation in all three nations to reduce this burden has the potential to provide greater two-way developments that aren’t permitted under the existing rules. For example, our Australian workforce could actively participate from Australia in the modification and development of software over a secure environment. Not only to meet Australian needs, but also to augment UK skills and workforce providing a true boost across the AUKUS partners – from a technology perspective, but also in terms of skills and industrial capacity to meet current and emerging needs.
Conclusion
While the AUKUS nations still needs to navigate significant bureaucratic and administrative hurdles, the partnership continues to present a valuable opportunity to enhance collective cyber capability and resilience in a time of critical and evolving need.
Ultimately, cyber should be recognised as vitally important to both Pillars. What’s more, the role and scope of cyber collaboration should not only be better defined and articulated, but clearly evidenced through the delivery of demonstrable cyber capabilities via collaborative projects – in partnership with both industry and academia, across all three nations.