Cyber is the new black: Australia’s cyber security strategy
WHAT’S HAPPENING?
Australia released its new International Cyber Engagement Strategy in October, outlining the nation’s direction and its regional approach to cyber security for the next three years.
KEY INSIGHTS
– The strategy includes a focus on regional engagement and promoting public-private partnerships, as well as an unusually frank admission of Australia’s cyber offensive capabilities.
– Regional partners already have well-established cyber policies, yet Australia’s new policy is underpinned by a strong Indo-Pacific focus and collaboratively developing cyber capabilities.
– The increasing proliferation of cyber-diplomacy by regional players, and the risk of dependence on Australia for regional cyber security, may jeopardise the success of the strategy.
Released to much fanfare in October by Foreign Minister Julie Bishop, Australia’s International Cyber Engagement Strategy now forms an integral part of Australia’s future engagement with the region. The new strategy – part of the Australian government’s wider $230 million Cyber Security Strategy – outlines the country’s diplomatic, developmental and military approaches to cyberspace and cyber security for 2018.
The document argues for more engagement with the Indo-Pacific region to build capacity, enhance multilateral ties and share the benefits of the internet and internet security in the face of competing regional players.
AMBITION AND HONESTY
The strategy outlines seven key themes underpinning Australia’s regional approach to cyber security: digital trade, cyber security, cybercrime, international security, internet governance and cooperation, human rights and democracy, and development. The strategy outlines the importance of public and private sector partnerships in promoting digital trade and cyber security, and encouraging human rights and sustainable development.
The strategy is also very explicit about the internet being — and remaining — ‘open, free and secure’, which is mentioned verbatim 18 times. Canberra’s cyber strategy aims not only to promote sustainable development in the Indo-Pacific but also to bolster Australia’s national cyber security. For instance, at APEC in November, Australia and Papua New Guinea (PNG) announced a plan to jointly construct a submarine telecommunications cable linking the two countries, and the Solomon Islands is considering a similar Australian offer. Honiara had a deal with Chinese company Huawei to connect the Solomon Islands to Sydney, but Canberra voiced its concerns on grounds of national security and refused to authorise the project.
Australia’s strategy also includes an open admission of Australia’s offensive cyber capabilities, which is unusual in what is normally considered a secretive field. The admission is intended to foster an understanding that state activities in cyberspace have limitations and obligations, like those which exist in physical war – for instance, abiding by international treaties and laws.
The strategy’s transparency in admitting Australia’s cyber offensive abilities, and its willingness to be open about how Australia will use them in the future, will allow Canberra to guide the global discussion around the norms of cyberspace and the internet. This is especially important as the US, Russia and China all seek to exploit these norms in ways that may be dangerous, including through censorship, the rapid spread of misinformation and cyber espionage.
SETTING APART FROM THE COMPETITION
Regional players like China, Japan and South Korea already possess comprehensive long-term cyber strategies and emerging powerhouses like India are beginning to establish frameworks in cyber security. Australia’s own domestic cyber security strategy was released in 2016. The strategy outlined 33 initiatives, including encouraging a new, integrated cyber governance structure and boosting assistance to the digital economy through start-ups.
There was also a particular focus on building collaborative ties with industry partners. However, it was plagued by criticism, stemming from a lack of government funding, vague objectives, and the effectiveness of the strategy – the latter brought to light through public cyber security failures such as the 2016 Australian Census.
The regional outlook that the new strategy has taken sets it apart from other regional players, and plays into Canberra’s wider foreign affairs ambitions. It highlights a need for significant engagement with the Indo-Pacific region, with an additional $10 million provided to the Cyber Cooperation Program to bolster the strategy’s implementation in the region, and the appointment of a Cyber Ambassador to engage with international partners and advance Australian security and development interests in cyber. The strategy seeks to bring the private sector, government and international partners together and integrate cyber security and cyber affairs with Canberra’s foreign relations.
This is particularly pertinent with the release of Australia’s new Foreign Policy White Paper, which places a renewed focus on developing cooperative ties within the region. The strategy’s goal in using the internet as a means of promoting human rights, sustainable development, disaster preparedness and empowering women demonstrates this new form of engagement with the Indo-Pacific, and Australia’s reengagement in the Pacific.
CASH, COORDINATION AND CAUTION
The success of any white paper or government strategy lies in adequate funding, manpower and bureaucratic support. The International Cyber Engagement Strategy already enjoys a higher level of commitment than other cyber strategies, specifically through the appointment of a Cyber Ambassador to engage with the public and foreign partners. However, without appropriately and continually resourcing the International Cyber Engagement Strategy, Canberra’s plan will likely encounter many of the funding and public image difficulties of its domestic strategy.
There is a significant risk that Pacific Island nations and others in the region who do not possess significant cyber capacities may become overly reliant on Australia for their digital security. Australia’s own approach could give it a strong hand over the cyber policies of its neighbours, which has already occurred in the case of PNG and the Solomon Islands. Nations such as China have been very active in providing telecommunications infrastructure to less developed Indo-Pacific nations for heavily reduced prices in order to win influence, even resorting to corruption and political donations to win contracts. If seen as a rivalry, the expansion of cyber-diplomacy in the Pacific may lead smaller nations to become heavily reliant on other regional partners, which would create further national security concerns and possibly develop into open competition between regional players for cyber dominance, similar to the rivalry in aid and development funding.
Australia’s strategy provides an important framework to address cyber security, digital trade and cybercrime in the Indo-Pacific. It represents an opportunity Australia to reengage with the region and rebuild its reputation while also protecting its internet and sharing the benefits with the wider region. However, the policy itself could fail without proper funding and coordination. In the long term, it may also cause Indo-Pacific nations to become overly dependent on Canberra, or even encourage the expansion of Chinese influence.
