 Welcome to the National Security College and welcome to this morning of research presentations where I'm Roger Bradbury, I run the cyberspace program at the college and for this week we have a bunch of our overseas collaborators, collaborators will be shot, we have our overseas friends here and we'll be talking cyber till we're sick of it in various formats. Today's format is a little different. What we're doing today is we're talking about research in progress. So it's not normally the sorts of thing you would open up to as it were a lay audience, a general audience, but we thought we would. We thought we'd as it were lift the bonnet or indifference to our American collaborators, lift the hood and show you the working of research underneath, how research ideas come together and form new concepts and drive towards new ideas and new ways of thinking about cyber. So you're going to be treated to an eclectic, I'd like to say the word gallimalfry, I love that word, collection, a gallimalfry of different sorts of projects that are loosely cobbled, loosely joined together under the cyberspace rubric and that's because this is an intensely interdisciplinary activity. It can't be done just with computer science and physics, it can't be done just with policy activities, social sciences and policy thinking. It's got to have these things joined up together. Our program at the college is focused on bringing people from different specialities together, teaching them how to work together and learning how to work together and also learning each other's languages. So some of the stuff today will be in languages perhaps that are unfamiliar to you. If so, we'll explain it. We'll explain to each other. So they're going to be short presentations of work in progress. There will be 10, 15 minutes or so of here's the idea, here's where we're up to, here's what we're thinking about, here's where we think it's going and then 10 or 15 minutes of discussion about it. We're after your ideas, we're after your suggestions. Does this look like it's something interesting, something hot could be going somewhere? We'd be very interested in your views. So we'll do it like that. We've got a bunch of presentations and the first one is from a philosopher, Nathan Ryan. It's called the ontology of cyberspace. Nathan did his master's in national security policy here at the college last year. He's now working for Rand Europe with our esteemed guest Paul Cornish. And this is some of the work he uncovered when he was working on his master's thesis, working on the ontology of cyberspace. So Nathan, can I invite you up and we'll hear from you and then we'll do some questions and then move on to the next talk. Firstly, I'd like to extend my thanks to the National Security College for inviting me to talk this morning on an ontology of cyberspace. It's an amazing offer and I feel very humbled to be here talking back at the college where I graduated only eight months ago. I'm very grateful for the invitation to present what is a combination of two semesters work in 2014. Part of what I will present this morning was my thesis. It made up the third chapter but first and foremost it was the basis for the modeling and simulation work for the strategy and state craft in cyberspace research team. As the title suggests, I'll be presenting on an ontology of cyberspace. Now, if you've got questions about what is an ontology, let's start with a seemingly more simple question. What is cyberspace? I assure you by the end of my short presentation, you'll all know what an ontology is. However, we might not be any closer to understanding what constitutes cyberspace. So when talking about an ontology, I use the general definition amongst philosophers that ontological studies are concerned with analytically categorizing objects, entities, and things in order to better understand the existence of being and reality. Additionally, ontologies are content theories about the sorts of objects, properties, and relations between objects that are possible in a specified domain of knowledge. It is commonly said that ontologies carve nature at the joints. This means that we can group objects, entities, and things together into different classes based upon their natural categories and where they come apart easily. It is worthwhile stating that an ontology is a model of reality and that concepts we use must reflect the underlying reality of the world. And this raises an interesting question. What are the objects that are relevant to strategy in cyberspace? And I come to define them as cyber phenomena. And they can be thought as of the base units of our experience of cyberspace. The word ontology in the discipline of information science takes on a bit of a different meaning. In short, computer scientists mean that the application of a philosophical ontology with a taxonomy to classify the names of individual objects and their relations to each other and attributes and properties. I ended up using the software package protogay to code and render the ontology. I'll show you those visualizations towards the end of my presentation. And at this point, I'd like to address the why bother question. The value of the ontology is really two fold. First, it classifies what we know into an abstract representation of knowledge. Ontologies are useful to philosophers and nonphilosophers alike since they help visualize the structure of knowledge. And secondly, they may be easily reused, shared, and translated and modified. In this way, they are perfect for keeping with the pace of technological change in cyberspace. Okay, so now that we all know what an ontology is, let's start with a seemingly simple application. What would an ontology of cyberspace look like? Well, we might need to first take a set back and answer the question, what is cyberspace? So what is it? Well, it's absolutely enormous. So let me run through some facts and figures out here. We've already equaled and surpassed the number of internet connected devices on the planet versus the 7.3 billion humans already on the planet. By 2020, it's estimated that there'll be anywhere between 25 and 40 billion internet connected devices in the world. That's somewhere between three and seven devices per human. Looking at cybercrime, that costs the globe alone almost 575 billion a year. There are large firms that control big swathes of cyberspace. Apple posted its historic market capitalization of 700 billion in November 2014, making it the most profitable company ever. And Cisco earlier this year predicted that the global internet will surpass one zettabyte for the first time ever after increasing five fold over the past five years. That's an awful lot of information. It's one billion terabytes or one trillion gigabytes. So there's also a range of actors on the stage of cyberspace with competing interests, values and motivations. There are hacktivist groups who to face websites and docs information, which is the pasting of private information to the public arena. Their political message is their key here. Some might classify anonymous as a self-organized hacktivist group. There's cybercrime syndicates that operate on the dark web, selling their scripts and zero-day exploits to the highest bid as possible for untraceable cryptocurrency. There's a whole spectrum of white, gray and black-hat hackers who make up the security community. And let's not forget the scholars and academics, like some of those in the room here today, because they all contribute to the ecology of cyberspace too. With all these actors on the same cyberspace competing with one another, it's little wonder that the stage is so crowded, confused and complex. Structuring cyberspace in another way. There are regulatory bodies, both domestic and international, who form the complex regime of cyber governance. ICANN, IETF, WC3, they will play a role. So does the United Nations through the ITU. So let's return to the question of what is cyberspace? It can be defined as that large networked ensemble of computers. However, that's just a simple definition. And it's by no means definitive. And because it's such a diverse and expansive terrain comprised of millions of actors with equally diverse agendas. When overlooking cyberspace in its entirety, it's easy to become overwhelmed by both its breadth and its depth. It's not dominated by any one particular actor that is able to dictate absolute rules or set boundaries. The distribution of power throughout cyberspace is not directly proportionate to the wealth or military size of different countries. So there's obviously just too much detail. There's too much minutiae to think that this could all be relevant to an ontology of cyberspace. So at this point, turned to my supervisor at the time, Roger Bradbury, and said to him, Roger, there's just too much detail to get my head around. There's just too much on that stage of cyberspace. So which he told me, don't do miniatures, paint and sistine chapel. So coming back to my earlier question, what is cyberspace? Perhaps it's just not the best question to ask. Indeed, it's often said there's no stupid questions, just stupid people. Hang on, that's not quite the right quote. The only stupid questions are the only ones that are never asked. That's the right phrase. Indeed, there are ill phrase questions. There are limited questions, leading questions and stunted questions. Philosophy is well equipped to deal with all these kinds of questions. And we can philosophy any question that we want. But the difficult question is asking the right question or a good question to stimulate an interesting and insightful answer. And this leads me to the research question at hand. So the ontology seeks to adequately describe and classify the kinds of objects relevant to strategy and statecraft in cyberspace. The resulting ontology draws upon constructs from complexity science, philosophy and cybersecurity. By focusing on the environment of cyberspace, we can begin to understand the interconnected relationships between cyber phenomena at different layers and how they influence each other. Given the complexity of the task at hand and all the interacting actors, we can say that it's a wicked problem. And policy analysts use this term wicked problem to describe those kinds of issues where you fix one problem, only for it to lead to another problem. Indeed, different policy options have their ideological, cultural, political and economic impacts to consider. The current multi-stakeholder model of cyberspace involves vast spectrum of actors, including civil society, academia, the private sector and governments. In this way, complexity can be viewed as both a problem for theoreticians, like myself, as well as policy analysts. Interdisciplinary research is well equipped to deal with wicked problems that cross traditional academic boundaries. To achieve outcomes, interdisciplinary research responds to innovation in kind by keeping up with advancements and taking them into consideration with new and novel events. This is important when dealing with emergent cyber phenomena associated with cyberspace's growth. This makes analyzing cyberspace using interdisciplinary research a prime example of combating the seemingly intractable real world problem. So, cyberscholars in the past have split up cyberspace into corresponding layers of interaction to better understand the different roles each layer plays. I argue that more than any other, that any more than three layers is not necessary to understand the environment of cyberspace, with all its complexity still intact. The U.S. Department of Defense uses three layers with five sub-layers, whereas the researchers Alexander Klunberg and Philip Myrtle use four-layer model to describe cyberspace. So, under my conception, there are three kinds of cyber phenomena. There's the technical, then social, and the political strategic. These form the layers of cyberspace and which are displayed at different emergent bases. This means that a social cyber phenomena emerged from the underlying technical layer, they still have the underlying properties too. However, just like emergence in nature, the causation of micro-level processes does not account for these new properties. As such, it is essential to view each cyber phenomena from a higher emergent base. Each corresponding layer has different attributes too, which give rise to the unique security concerns that are most novel to the environment of cyberspace. The technical layer is malleable, the social layer is virtual, the political strategic layer is power diffused. Now, let me describe each layer and its corresponding attributes. So, the technical layer on the bottom emerges from the self-organization of physical components and hardware in the physical world. They are composed of information and communication technologies that facilitate human interaction in cyberspace, including all the computers, laptops, smartphones, wearables, as well as the technical components that store data, process information, and physically enable connections into the digital commons. Whether those connections are provided through wires or cables undersea, fiber optics, or wireless technology like satellites and Wi-Fi, the mode of connectivity does not preclude the physical existence of hardware or the technical cyber phenomena. These are intentional entities orientated towards the functioning of the layers above and also vectors into the material world. The attribute of malleability has two intertwined components. There's horizontal malleability as well as vertical. The horizontal refers to the technical cyber phenomena expanding into the physical world as material components of ICTs push ahead to create a fully connected world with the advent of the Internet of Things. Whereas vertical malleability refers to specific instances of cyber phenomena that emerge from the underlying material forms of ICTs. For example, the introduction of IPv6 is a form of vertical malleability that has dynamic effects upon the layers of cyberspace above it. Looking at social cyber phenomena, these emerge from the self-organization on the layer below and where most, if not all, of a typical user's daily interactions take place. This includes programs like Gmail, Twitter, Skype, PayPal, and their diversity reflects that of the diversity of digital online services. Social cyber phenomena are all made possible by the underlying technical components on the layer below. The social cyber phenomena requires analysis from another emergent base. Indeed, they are all really a cluster of technical cyber phenomena that are self-organized to produce emergence along with novel attributes. Viewed from the technical layer, social cyber phenomena would seem absurd and nonsensical, which is why we hire another ontologically emergent base to analyze them from. For example, videos that are played through YouTube, letters that are shared through email, or even pictures, they are all composed entirely of computer code on the technical layer. Yet, through the self-organization of the code, they cease to be merely technical, taking a social form once they are displayed on a comprehensible web page through an internet browser. From this emergent base, we can see that social cyber phenomena are incidentally material or physical. Indeed, they display the attribute of being virtual. It is more helpful to think of them as a class of virtual and digital entities that challenge our intuitive understanding of space, geography, and time. In practice, we need to carefully consider the strategic implications of virtuality in cyberspace, as old paradigms are insufficient for thinking about phenomena that display this novel attribute, because virtuality alludes comparison. It must be analyzed on its own terms. It has two interrelated sources of strategic insecurity in cyberspace, which includes the attribution problem and the speed of connections. Now, looking at the top layer, the political strategic layer, these cyber phenomena emerge from the interaction and self-organization of the technical and social phenomena below. Simply put, they are instances of cyber power. Examples of political strategic cyber phenomena include mostly technical cyber phenomena that display political strategic characteristics and include distributed denial service attacks, tightly clustered technical and social combinations, including sophisticated malware and espionage tools like Flame, Dooku, and Sucksnet, as well as loosely connected vast constellations of both technical and social cyber phenomena that clearly emerge at the political strategic layer, including China's Great Firewall. Emergent political strategic cyber phenomena are enabled by both the underlying technical and social cyber phenomena that cluster beneath them. Without them, the projection of cyber power is impossible. At this layer of cyberspace, political strategic cyber phenomena emerge and exhibit with a unique attribute of being power diffused. A diverse range of empowered political actors have been the defining feature of this network society. Individual users, civil society, and non-state actors have felt this impact most significantly. The emergent attribute of power diffusion is a redistribution of power away from large hierarchical and hegemonic actors and the empowerment of small art networked and non-state actors. Joseph Nye makes his original claim where he says that power transition from one dominant state to another is a familiar historical event. But power diffusion is a more novel process. The layers of cyberspace interact strongly with each other, especially those that are adjacent to each other. The lower layers of cyberspace create possibilities on the layers above. In this way, the exchange and self-organization at lower layers allows for emergence of cyber phenomena in the layers above. This laid analysis of cyberspace shows that the upper layers depend upon the functioning of the lower layers, but not vice versa. So here we have a full complex of cyberspace. It's a visualization of the ontology in Prodigy, which I mentioned at the beginning of the presentation. Listed here are the classes and categories of actors in cyberspace, from firms to states to non-state actors and regulatory bodies. These are divided into subclasses, and right at the edge of the diagram, you can see individual instances of each of the categories. For example, Anonymous falls into the hacktivist category within non-state actors, which is a class of cyberspace objects. Whereas here, we have a diagram of all the entities in cyberspace along with the layers as well. So the entities from the last slide are on the left, whereas the layers are on the right. And the lines between them, between each entity and layers, refers to the possible interactions that take place between entities and layers. So you might be able to see how states are primarily concerned with the politico-strategic layer, whilst regulatory bodies interact with the technical layer below. So to wrap up, my endeavor to determine the ontology of cyberspace has provided some clarity in working towards the ultimate question of what is cyberspace? It seems formulating questions is as important as answering them. By acknowledging the diversity and complexities and exploring the properties and relation between objects, the borders that encompass each scene of the Sistine Chapel have now been established and now we can progress to fill them in. In my thesis, I went into further detail to test the ontology against the real world. I did this by analyzing the Great Firewall of China and showing how emergent cyber phenomena can be suppressed at the politico-strategic level by controlling the technical and social layers below. Looking to the future, more can be done to model and stimulate the ontology. It currently provides the largest analytic buckets possible and further granularity can be added to enrich the ontology. So ultimately, as cyberspace evolves, the ontology must adapt and change if it's to continue to shed light on how states behave, compete and interact. Thanks very much. Thank you, Nathan. Thank you. Everyone, I've just realized that we didn't have, out on the tables there, the agenda for this morning. Probably the smallest of the snappers that have been stalking us through organizing this process the whole week. So before we offer you the chance to question, to throw some questions at Nathan, I'll tell you that after Nathan's talk, Adam Henshkey is going to talk about ethics in cyberspace. And then after that, John Lindsay from Monk School, University of Toronto will talk about cross-domain deterrence. Then occurs morning tea. After that, I'm going to talk about vulcanization in cyberspace and modeling work we're doing. Paul Cornish will then talk about governance in cyberspace. And then Terry, finally before lunch, Terry Bossam I will talk about tipping points in cyberspace. And I might say, as we used to say in Queensland, in proceedings like this, the gentleman may remove their coats. So this is a sort of a sleeves up work in a session and we need to reform it. So Nathan, can I ask you to accept some questions? So shall we have some questions from the board? My name is Hidjan Thakur and I'm from the fence. Thank you. My point is that I think that the layers just don't go one way. That you would have, for example, some effects desired at the upper level that might drive some sort of innovation at the lower level. And hence, the only point being that you wouldn't always think about effects traveling just one way. Yeah, so there could be some downwards causation. Yeah, so I think I didn't necessarily make that clear enough but I think that that is definitely the case. And when I sort of tested it against the example of China and the Great Firewall, you know, the emergence of, you know, phenomena at that top layer, they want to preclude that. So therefore it has some downwards causation. So there's some knock-on effects at the social layer below and then the technical layer right at the bottom. So yeah, I know that there is some sort of downward interaction as well but the underlying feature is that it can't, you know, solar power is not possible unless there's some technical layers, some social layers, and then right at the very top. Jason Brown from TALIS and the chair of the Australian Standards Committee for Security and Resilience. The interesting part of our entomology that I want to raise a question is looking at through the eyes of the objectives of the players. So clearly when you look at the state level there's the certain state interests, etc. and the Great Wall analogy is a useful one. But have you thought to stretch that into where the intersection of that and the impact of social cohesion within the virtual space actually creates power and obviously, you know, the so-called Harris Supreme is a classic example of that. So in a sense, it's not looking just through a lens of how the technologies operate with each other, but that combination of intent and objective of the actors, that's your thoughts. Yeah, so I think that the motivations are really interesting and again they're really diverse. So for each group, you know, they might necessarily be motivated by power itself, they might be, you know, motivated by money and greed and prestige and things like that. So I guess that's one part of the motivation, but then the other that you're sort of hinting at there is like, you know, the self-organization of people at the social level and how that can disrupt power relations among states and things like that. And it sends me to follow on, that's the intent of the Chinese to ensure that that doesn't happen. And so, you know, it's interesting, I mean, I think having an on-fogical model is quite useful because people sort of can talk to people about it and say this is how it fits together, but you'll talk about it, we'll talk about it in the next slide as well. Next slide, I think it's the interaction between the layers that might not be more critical in understanding the consequences for strategy and state powers. Thank you. Peter Grabowski, regulatory institutions network at ANU, you cited a figure of five hundred and seventy-five million dollars per year due to losses to cyber crime. How confident are you in the validity of that estimate and does it include indirect costs such as all expenditures on IT security? Great question, but you've been from Regnet and probably know more about cyber crime than I do, I'd probably like to ask your thoughts on if that's a valid answer or not. I think there was another figure sort of bouncing around that a fifth of that is, you know, cost to America, and then the globe being obviously much larger than that, but I think that was just to try and give you a feel of the size and the scope of the problem and just how much there is going on, how much value there is there. Great, thanks very much from the University of New South Wales, Cameron, thanks for your presentation. When you look at the Great Four Wildfire of China as a test case, for example, you seem to imply a closed model. What about the combatting influences from the three layers from outside China, like, you know, the political pressure from the United States or the rest of the world on the Chinese system or a potential level availability of Chinese citizens to actually speak for themselves? Yeah, so I think that that's really quite interesting if you cease, you know, China is this balkanised part of the web that's sort of often its own little corner that has its own technical, social and political strategic layers, then that might be interesting to sort of model that plus, you know, the rest of the world and what their standards of openness are and what their technical layers looking like more than just the Chinese. You can say. I think the point of the question was that the external world probably shapes the Chinese world. I'm small enough. Your brief presentation is at those three levels. Yeah, yeah, yeah. Yeah, I think that, you know, one of the questions is, you know, can the web sort of balkanise at that bottom layer, at that technical layer, or is there a common technical standard that has to sort of, you know, unite and that there has to be cooperation on that technical layer so we can have interactions possible and then just sort of like, you know, split off the social layers and not have, you know, Facebook, Twitter in China and then definitely try and keep those political strategic layers from ever sort of meeting so that you can't feel the effects of foreign states through cyberspace. Ashkenarao from School of Maths, about 19. I'm just thinking, in all of your ontology, have you considered the fact that currently there is a lot of movement in the social movements? So you were looking at things like malware and dust attacks, but how does the social thing that's happening, like for example, the comeback of mine, trying to stop that, the dredging of the great value of me and that's basically a groundswell of movement available to the special media for example. So how does that fit into your ontology? Well, I guess that sort of comes at that social layer and that can also sort of swarm together there and people can interact and they can use the technology to connect with each other and to share ideas and then that sort of reflects our, you know, liberal democracy in a certain sense but it's that next layer above like where states compete where it turns out to be instances of cyber power about messaging, about strategic communication, states competing and vying for power and shaping each other through that. I think that's kind of where the research question's kind of pitched up. Yeah. I'm Alex, quite different from the part of the clients. The three layers you sort of describe is that kind of effective of what we've always had as human civilisation? Really basically, you go back to ancient Egypt, still talking about political strategy, you're still talking about technical, you're still talking about the social aspect. So really what differentiation is is in terms of technology we adopt as human beings to actually give us I suppose the advancement of what we see. So, you know, even the Sumerians, the ancient Sumerians had clay tablets so we now happen to have that electronic tablet for these certain things. So basically, having made a study of some of the ancient civilisations and drawing some of the ontology in terms of your work thus far. I'm just curious. Yeah, yeah. I think it's it's an interesting question and I don't think that it's removed from the rest of historical movements. I just think this is now the novel way that this is played out. This is just the fifth domain, you know, Lancy, Air and Space. They've sort of been there in those military settings before and Cybers just sort of the next iteration of that. And then you can sort of draw those links through history as well. So I think it's just more of a continuation than a then a distinct, you know, paradigm shift. So that's why it's so interesting as an interdisciplinary study because you've got to draw all those things back into it to try and answer, you know, these kinds of research questions. I'm doing your research on the great war by war with China. In your opinion, how sustainable is it considering the rise of middle class and as, you know, people, you know, get well, get access to education, get access to each other. You've got resources, for example, people demanding, you know, new middles and then a lot of trade happening on, you know, web-based platform like Alibaba. And you've got the emergence of technology innovation and you've got a Chinese rival to say Facebook and Twitter, you've got web-over-fronts as their, you know, messaging platform. Good. The rise of legitimate non-state actors such as businesses, you know, China welcome foreign direct investment and having, you know, their engagement in the region of Florida like ASEAN, APEC, for example, to the G20. So those, in light of those three factors, how sustainable is the great war, the great violent war with China? So I'm not sure if I'm probably the best person to answer for that one. I think there's some China specialists that would be able to answer that one a lot more eloquently than I possibly can. However, I was just, you know, using the ontology in a different setting, in a non-Western setting to sort of test out, to see how emergence takes place at those layers and how it might be different and how it might be suppressed. So I don't think I'm really answering your question there just to say, you know, what's the long-term future in China is the internet looking like. But I'm probably not the best person to try and give you a precise answer on that one. Okay, I think that might be, like, you know, with the the rise of the internet and, you know, like, you mentioned that this has happened for years and years and it's been an Egypt project. But I think practices are changing because of the internet and the increasing connectivity that people, like, maybe it's easier in terms of transactions and fast forward-training and other flows. With the rise of middle class in China, there's a lot of, I guess, people with power who move them and there's an increasingly archetype for an ontology. So I'm not sure how sustainable is the break-by-roll of China, but I think there are cracks in there. Yeah. You know, through the power people will be able to connect and increasing access to information trickling down so that people do power then to make a change. Yeah, that's a very interesting point you made. And I think you're in a good audience. You're in a good place here to get that to take out a little bit. Because of coffee, you might introduce yourself to Greg Austin over there. And to John Lindsay, each of whom have published books on that very subject written in this last year. So you've got the neural fire power here in the room to get a really nuanced view of that issue. Should you wish that? We've got one time, but one last question. John, do you have any more? This question might be a little too philosophical, but it doesn't get more philosophical in ontology, so that's okay. And I'm going to say that the easy answer to this might just be the simplicity of modeling. You need to make some assumptions. My question is, you know, you've kind of given ontological priority to this technological layer, but when you look historically at the development of the Internet or any technology, it happens in a very specific historical and economic context. And I mean, the Internet is a function of well protected and insulated scientists with fairly large budgets of these large U.S. government and academic computing centers having the freedom to tinker and put these things together. In service of long-term U.S. competitive strategies of data storage for neighboring scientists to do their things. And, you know, there's this notion that the Internet is kind of this free for all, but really it is kind of a liberal institution that the United States set up. So you've got not only the social embedded in the very development of the technology and its decentralized protocols, but you've got geopolitical competition incentivizing and creating and shaping the thought of the original Internet. So how do you kind of then take back this global phenomenon and then parse that back into three layers? Yeah, really good point. And I think that that comes back into there's some downwards causation going on that it is a complex adaptive system, you know, that once there is a change in one layer, then there's some changes going on in another place. You sort of poke that balloon that's going to, you know, come out somewhere else. So I think that there is definitely some tighter interactions, some tighter couplings between the social and the technical that maybe, yeah, it gets glossed over when you've sort of got a three-layered model with so many different competing actors and things like that. So I think, yeah, once you get sort of drilled down and get to the granularity there, those sorts of things will come out. So maybe at a future point and then sort of embellish the model in that way and pick up on some of those finer details. Nathan, thank you. I'll ask you to thank Nathan in a usual way, please. We'll move on to our next talk, which is by Dr. Adam Henchke on Ethics Insider Space. Adam is a research fellow and lecturer at the National Security College. This isn't a philosopher's colloquium monkey. This will, we do have some other things. It's just turned out that way that we kicked off with two philosophers. Thank you. Thank you, Roger. So as Roger said, I'm an ethicist and philosopher working here at the National Security College and the two main areas that I work in that I guess brought me to the NSC. Firstly, I look at philosophy and ethics of information technologies and also work a bit in just war theory. So what I'll do is I'll very quickly go through some of the different areas of research that I've been working on and am currently looking at into the future. So the first one is, I've been looking at the ethics of cyber warfare generally. Some of the work that I've done here involve a participant in a National Science Foundation grant over in the US that involves University of Western Michigan, University of California Polytechnic and the Naval Postgraduate School. And what we've been looking at are these general issues of ethics in cyber warfare and how does cyber warfare relate to just war theory. We put on a couple of workshops in Geneva a few years back, one of them with the Brochet Foundation, one of them with the International Committee of the Red Cross and what those workshops were looking at was the relations between International Humanitarian Law and Cyber Warfare. And I'm slightly excited to say that I have a book Hot Off the Presses that arrived in my office yesterday, which is part of the result of some of these workshops. It's called Binary Bullets, the Ethics of Cyber Warfare and it's edited by myself Fritz Allhoff and Bradley J. Strausser. And what we've done here is looked at a bunch of different issues in and around the ethics of cyber warfare. So the four main areas that we've looked at. Firstly, emerging norms or foundational norms in cyber warfare. Secondly, cyber warfare and the just war tradition. So how does cyber warfare relate to just war theory or does it even relate? Third is the ethos of cyber warfare. So looking at things like the code of the cyber warrior and psychological impacts of cyber warfare. And then the fourth part which makes, I think, cyber and cyber war a bit different to the standard just war stuff is cyber warfare, deception and privacy. So if any of you want to have a quick peek at this, I'll have it here, come and have a grab. Second thing that I've been working on is looking at relations between convergent military technologies. So as we see the development of new military technologies, we're seeing the rise of things like artificial intelligence, robots, drones and cyber weapons and cyber warfare. And obviously underpinning AI, drones, robots, these sorts of things is cyber. So these issues of what counts as cyber warfare, the cyber warfare even relate to the real world, I guess. You can see it expressed in things like drones and we can see challenging issues coming up in areas of artificial intelligence. I've been doing a little bit of stuff with Unity, the United Nations Institute on Disarmament Research and some of the things that we've been looking at there are if you think of disarmament, often it looks at issues of how many bullets do people have, how many bombs do they have, these sorts of things. When you get to something like cyber, how do you count disarmament in cyber? Because you've got these conceptual things that live in cyberspace that are probably non-countable in a normal sense. So how do we relate something like disarmament theory and anti-proliferation? How do we relate those things to something like cyber where we don't actually have countables at least in a standard sense? One of the third areas that I've been looking at are concepts of weapons and more. So this is where some of the philosophy comes in. So again, if we think of guns, bullets and bombs, these are fairly obvious things of what a weapon is. If I are a gun, it hits someone, it kills them or not. Do we have a similar thing in cyber? So are there even things in cyber weapons? Again, if we've got a cyber attack that occurs only in cyberspace and only virtual things are harmed, does that count as a weapon? We've also got issues, and this is where cyber becomes kind of interesting. We've got issues extended beyond standard accounts of attack. So PsyOps, psychological operations that use cyber, do they count as a weapon? They're possibly going to be an important part of a military campaign, but they're not weapons in the standard sense. So how do we conceptualize weapons? And I think cyber is pulling out some of these hard issues that sit in and around our ideas of war and weapons. So it's not necessarily a novel thing that cyber warfare has to deal with, but cyber warfare is showing that we have these gaps in existing work. One of the PhD students here at the NSC, Shannon Ford, who's sitting up the back there, he's doing work on ethics and issues around sub-war. So we've got this idea of warfare, which is again kind of states, fighting states. What about issues where you're not quite at levels of war? So again, cyber operations, PsyOps, these sorts of things seem to sit at the level of sub-war, but what's the ethics of that? And that seemed to be one of the things that came out of our workshop at the International Committee of the Red Cross was we've got international humanitarian law and we can apply that to cyber when we're in states of war, but the vast majority of cyber operations seem to be sub-war. So what do we do with this? What's the ethics of this? How does this relate again to just war theory and how does this relate to other ethical issues? So that's the kind of war stuff that I've been looking at. I guess following from this idea of sub-war use of cyber technologies and things like PsyOps and things, one of the research areas that Roger, myself and a few others are trying to have been pushing a bit and are trying to kick off with some research grants at the moment is ethics and best practice of intelligence. So post-Snowden, we've obviously got a lot more information about some of the things that national security agencies around the world have been doing in terms of surveillance of citizens and non-citizens. Following those revelations, people are being quite either confused, angry or at least questioning. Well, what is it that these intelligence institutions are actually doing? What are they doing in our name? And then when we think of the ethics, what should they be doing? And one of these research areas that Roger and I and others are working in is how do we get the intelligence agencies to start doing good or continue doing good or do better? So this idea of best practice and how do we actually bring best practice into institutions like national security institutions, particularly where things are often quite secretive. So it's hard to work in these areas. And then parallel with that, we've got the importance of national security. So that seems to protect or there's claims that it seems to protect against changes from the outside. But as we've seen post-Snowden, there's a lot of interest and I think there's a lot of important ethics in and around intelligence practice which comes from this focus on cyber and cyber security. The second last area that I would work in is issues to do with surveillance. Again, coming out of Snowden stuff, ethics of surveillance. So I'm finishing a book at the moment which is looking at relations between identity and personal information and covers areas to do with privacy, property rights. So we can see the general structure of arguments in and around surveillance where you've got a tension between say individual rights versus the social good often in these scenarios considered as national security issues. But then there's other values that we might want to focus on. For instance, efficiency and cost. So often we see with cyber and surveillance, it's often well you've got individual privacy versus national security with these tension between these two things. But one of the things that to my mind at least is often not spoken of is efficiency or cost. So we're happy to take on something like Gmail because it's a free email and it's really, really easy to use. And so in this sense it's very low cost to us but then we complain when our privacy is lost through either Gmail and Google doing things with their information or national security agencies accessing the information on Gmail. But we're probably, most of us at least, are unwilling to either pay for an email server which might have a greater level of privacy and might have greater levels of security or where we don't have the capacity to work with more complex systems that aren't as user friendly. So we've got here this thing that we're often thinking that surveillance and issues around surveillance are just privacy versus the state or social good or something like that. But we often overlook other values which I think are quite important in trying to work out what we can be doing and what we should be doing. Final area that I've been looking at is to do with trust and resilient systems. So if we think of trust here as something distinct from reliance. In reliance it's often just looking at tools or artefacts whereas trust is at least in the philosophy literature is often considered to have an element of human motivation. So if I trust someone it's because they're motivated towards helping me or fulfilling a promise or these sorts of things. Cyber, when we think of the cyber realm we've got information and technologically mediated relations and so there's a gap between what I'm doing and possibly the outcome or the person I'm working with or these sorts of things. So we have to actually trust that the person is who they say they are that they're going to be working in my best interests and that there's no one else kind of watching me or interfering with that. So trust plays a really important role in cyber space and the work that I've been doing in this area looks at trying to increase reliance sorry increase resilience in the system by modelling the trust relations that occur between different actors and working out well if this trust relation is to suffer or if this trust relation is to fail as a result of the cyber attack what does that mean for the resilience of the system and if we can increase the strength of those particular trust relations between different actors we might be able to increase the resilience of the system so that we don't have to focus so much on prevention of cyber attacks but we can use trust as at least one one element of developing resilient systems which don't suffer so much from cyber attacks. So that's the quick summary of the stuff that I've been working on. If you have questions I'm more than happy to answer. Thank you. Thank you for the view us. Thanks. Thanks Adam. My name is Collette Lebson from Prime Minister and Cabinet. I just want to take you back to your comments on ethics in the sub war periods particularly thinking in the context of the peacetime of the agenda that's very prominent at the moment we've seen a number of announcements from the US even came up in G20 last year and just interested to know whether you consider how different ethical perspectives that come from national cultural and historical backgrounds say China, Russia, even Europe and throughout Western countries will impact on that peacetime more today and we all have a different idea of ethics and yet the West if you like is pushing a particular agenda. Have you got any comments on the first process? So this is a really good question. I think we can even get a little bit more general some of the stuff that I've looked at is to do with how we understand war and I think that there's at least some evidence to show that the Western understanding of war could be quite different to the Chinese understanding of war and the way in which they're approaching warfare. So some of the things that inform or that might be informing the Chinese conceptions of warfare are an idea of continuous warfare but that's not limited to kind of direct military intervention. So it may be the case that China actually see themselves in an information warfare already with the US and the West more generally. The reason why this is important in part relates to your question is what we need to do I think and this is where at least my philosopher hat comes on is we need to at very least be understanding of how we understand war and how our other groups that we're dealing with understand war. So if China has a very different concept of war and they're operating from that and we don't recognise that then that's going to possibly have a big impact on our relations with them in the way in which we're approaching them. When we bring this to the ethics stuff to my mind ethics at its core, the core values that inform our behaviours and tell us what we shouldn't be doing it's the same across all cultures all people through history and you can look at a whole bunch of anthropological research that says almost all the time we have the same sets of values that are informing our decisions and telling us what we should or shouldn't do. For instance if I kill a baby it's going to be seen as bad in Australia it's going to be seen as bad at China it's going to be seen as bad in at least many parts of ancient Greece. So this stuff extends beyond across culture and across time. Where the difference comes in is the way in which the western western communities express and communicate their senses of ethics. So we use terminology in the philosophy of literature about human rights and deontology about utilitarianism and maximising the social good about justice and equality of treatment across people. And the danger is if we think of it and we only think of it as being expressed in the terminology that we use this might present the case that it's quite different to other cultures and other communities but at the core I think the same values are informing these other cultures what we need to do is find the areas of overlap and find the areas where we're actually really similar and go okay we've got this commonality here there's going to be some differences at the margins but we've got this commonality we can work with that commonality and then try and realise what these differences at the margins are and hopefully either avoid them or kind of iron out those differences. Thanks very much Anna. Paul, can I show you around here? And Mike, I really enjoyed that and this is what we're going to say I'm sort of going to try and get a copy of your book I'm ideally one of the free ones if I'm in your office. I mean I've probably been fascinated by the Just organization since Nunco Verdi at the study of biology and reading our choirs and since then so this goes back a few years I've always thought that somehow this must be applicable to everything to do with conflict and moral restraining conflict but my problem at the moment this is something I've been working on recently too is it does seem to me that the more I look at it the nicer I find it difficult to see other than that cyberspace is somehow incompatible with a framework ethically guided judgement such as the Just World Division as it developed in the context of conventional war so my question is a very unfair one I'm going to quote first of all David Fisher the late David Fisher who wrote an excellent book about five years ago Morality and War Can will be just in the 21st century brilliant first class book and he wrote this we need to furnish a rational basis for our moral thinking both in general and in particular in relation to the difficult issues of war and peace to be able to write about morality and war it's necessary first to secure the foundations of morality so my question is what are the foundations of morality as far as cyberspace and cyber conflict and its ethical strength are concerned and if those foundations are just really just the same as let's say for normal conflict and conventional conflict then why bother writing a book about the ethics of cyber conflict why not decide another book about the Just World Division and I might remind you as you go into discussing the foundations of morality we only have a certain amount of time left in the universe so I can probably answer the foundation's question quite quite quickly which is similar to what I said to the to the previous question at least the way I approach ethics I see it as and expressed in there the kind of Western terminology there's these three core values that inform what we do and what we think people should be doing it's this idea of basic respect for humans this is often termed human rights or the ontological principles we've got this idea of maximising good and minimising suffering kind of vitalitarianism or consequentialism more generally and then the third one is the idea of justice and fairness so equal things should be treated equally I think these three values inform the basis for just war theory so in this sense kind of everything is just war theory but that's because arguably the foundations of just war theory are found in the more general foundations in ethics which we can then apply to a whole bunch of different things where just war and the cyber stuff becomes relevant is just or warfare seems to be a special case so the thing that got me really interested in just war theory to begin with was I saw a guy give a presentation on just war theory a few years ago and he said something really strange we generally think killing people is bad if not one of the worst things that we can do yet in warfare we not only justify killing we often see people as sort of deserving medals for the things that they've done so how do we like this this seems really at odds with each other and the important thing I think we think of just war theory is and you know there's probably people who might argue against this but we can see it as an exceptionalism so given the particular conditions around warfare and the threats of both national security and individual security and these things we now have a bunch of exceptions that allow us to go out and do killing and these things so warfare presents a special context for the ways in which we take ethics into account and the ways in which those ethical values are expressed. In terms of cyber what makes it different is we've got we still probably got the same ethical values that are informing and underpinning how we should approach this stuff but because cyber occurs in this kind of non-physical realm we've got a whole bunch of different things which then say well even if we've got these just war principles how do they apply in the non-physical realm we've got issues of you know the non or cyber is non-bounded by geography the speed and pace at which cyber things occur is quite different the actors who are going to be involved are quite different it spreads across individuals companies and states so that makes it different to the standard war stuff so we've got to take those things into account to say well here's where cyber presents at least a variation on the just war stuff. My concern with the just war area is I think we can apply it to cyber and we can do it reasonably well and some of the research I've done is kind of going towards that but as I said at one point one of the problems which is going okay well we'll use just war to solve cyber the vast majority of cyber stuff isn't war related or it's sub-war so it's either going to be cyber crime we've got things like espionage intelligence or other kind of things that are about interactions between states maybe conflicts and hostilities between states but they don't rise to the level of war so I think this is where the just war stuff becomes quite limited we can tell a story about justness and just war in relation to cyber but most of the stuff we're doing isn't war so we need some different approach there so I think just war can apply it's just not going to be that useful thank you Adam for a philosopher that was a master piece of concision thank you I'm reminded that when I was an undergraduate and we'd be rushing off through the reflection to our physics labs there'd be philosophy students sitting there and then we'd finish the physics lab and rush somewhere else and they'd still be sitting there I'm sure they were discussing the same question three hours before and they're probably sitting there still and they're probably sitting there still I mean that gently yeah working in an interdisciplinary thing we have to make allowances for all all different types of thinking and so thank you okay another question sir Tom Worthington from the Research School of Computer Science here at the ANU what teach IT ethics to the ANU students quite a few from the region and some that meet to the military officers so I suspect I'm training both sides of the next cyber war the ANU and the Australian Civil Society carried out research on IT ethics and the views of professionals that didn't seem to me to conflict very much with the IT defence issues I had in the front at the defence department I'm just wondering if you looked at that area I must admit I avoided the problem that I wrote the IT policy of defence internet where I said the internet is authorised for any authorised purpose I'm wondering if you looked at the IT ethics that professionals would have during the military and how that relates to the normal warfare view of this sort of thing so my PhD supervisor is a guy called John Wecket who is one of the lead guys in Australia and internationally bringing in the idea of ethics and IT and computer ethics and these things so I had a bit to do with him and his work on IT ethics and computer ethics generally and some of the work he did on the surveys with the ACS, the Australian Computer Society and the impact of ethics training on IT professionals and these sorts of things part of it leaves me a little bit dispirited because at least from memory some of those surveys showed that even those who got trained in ethics didn't really seem to have that much impact on their practice it's always a concern for teachers and these sorts of things in terms of looking at how IT ethics as a professional area relates to the military I've not looked at that crossover I think it's interesting and probably an area where I think the professionalisation of information technology and the ways in which we can bring concepts of ethics into these areas of professionalisation is a really good way to kind of draw out some of the well hopefully motivate better behaviour with these people and by that I don't mean that we have good behaviour and they have bad behaviour just trying to get better behaviour more generally and I think the issues within IT professionals working in the military might even make it easier because it's probably hard to think of what's ethically important if you're an IT operator who does maybe you know the overseas an accountancy database or something like that it's going to be much easier if you're an IT professional whose work directly or indirectly brings about kind of military activity you can say look you know here's why what you're doing is really important so there might be really useful areas there to use the military stuff to then go here's why what you do is is important and here's the ethics and you know we can point to the just war tradition as at least one set of motivations around why people should be taking care with what they're doing so that doesn't quite answer the question but it's something that doesn't let guarantee a short answer my question is so and I'll try and keep this answer very quick but this is one of the hard things of AI and autonomous weapons systems more generally if they're going to be properly autonomous then they're going to be making decisions that we haven't programmed in because they're going to be thinking for themselves and that we can't predict and these are some of the core things that signify the difference between an autonomous machine and an automatic machine or something like that I think that like there's a lot of people who are looking at the area of value sensitive design and how do we design ethics into our technologies generally and programming ethics into autonomous or semi-autonomous machines the hard part is people have been arguing about ethics for at least three four thousand years and the idea that we've got it solved now and all we have to do is program but into a machine done problem solved I think that overlooks the complexity not just the complexity of ethics but the lack of a single agreed account of what should motivate us like I said that there's three values that motivate us in and around ethics and there's a whole bunch of arguments about which of these takes primary place in our motivations so I think it's going to be really really hard to program the ethics in not just because of the complexity and the hardness of doing these things in the real world and especially in a complex space like military military practice but because the ethics itself is still really hard and unsettled so I'm I think it's great that people are looking at the ethics of AI and how it relates to things like military practice but I think it's going to be really hard if not impossible to program ethics in in a way in which we're happy with it Justifications for war I'm sorry Justifications for war are often based on soft evidence I think for example the Elton Tonkin incident or recently the the Beethoven reference last is going to be The War of Jenkins E. Srinseman Sorry The War of Jenkins E. Srinseman Yeah okay and given the ambiguities of much activity in cyber space and formidable challenges of attribution and the inclination of states such as the Democratic People's Republic of Korea to argue that even the screening for motion picture will be regarded by that state as an active war Why do you suppose the Iranian government didn't react to the attack on their nuclear enrichment facilities as such? So one of the things that I think the the cyber cyber sphere and the looking at cyber warfare and the issues around that I think what it shows is not so much that we've got all these new challenges coming out of cyber war but it the cyber sphere highlights challenges that we've already got and I guess the weaknesses and vaguenesses in our just war theory so one of the things about just war is we'll have a thing of just cause for for military response so someone attacks you you've now got just cause for response but there's going to be a huge amount of political issues and international relations geopolitics around whether you do respond and part of that you can I guess protect yourself by saying well this actually wasn't a an act of war therefore we don't need to respond so I think what the cyber stuff shows is that there's this stuff is hugely complex even in the standard realm and what it does is it puts pressure both on our concepts that inform the just war stuff but I think it also draws out the importance of information and knowledge within war and if there's anyone from the ARC here I'm putting together a Decra at the moment on exactly these these sorts of issues about the role of information role of knowledge and the role of certainty in war generally the fact that we've got these changing conditions of warfare brought about by technologies and non-state actors and these things and how do we fit systematically these ideas of information knowledge and certainty to our just war theory so you know if they are so you're willing then they'll give me the money and then I'll answer those questions in a few years thanks thank you okay I'm afraid that we have to draw that to a close Adam thank you very much no worries