Australia updated its “2017 International Cyber Engagement Strategy” with its new “International Cyber And Critical Tech Engagement Strategy,” a complement to its 2020 cybersecurity strategy.
Wait. Another cybersecurity strategy from Australia?
Like the European Union (EU), Australia continues to push cybersecurity policy across the globe through the enactment of groundbreaking statutes that advance policy solutions to technology issues and problems. And for this reason, Australia’s new strategy to guide its international relations regarding cyberspace and “critical tech” diplomacy deserves consideration. The revised strategy includes all sorts of items that policymakers in Canberra did not include in the last strategy.
Much of the Morrison government’s new strategy hinges on cooperation from like-minded nations in both the Indo-Pacific and around the world. This group of nations likely includes the United States (U.S.), the United Kingdom, New Zealand, Canada, Japan, India, and others. Largely unsaid in the strategy is that the impetus for much of the planned action is the growing pressure and influence being exerted by the People’s Republic of China (PRC). It may not be a coincidence the PRC is barely mentioned in the new strategy, for the PRC has already imposed extensive trade sanctions on Australia. Undoubtedly, the Morrison government is looking to avoid any provocation that might incur more of Beijing’s wrath.
Last fall, the Australian government issued its “Cyber Security Strategy 2020” that replaced its 2016 strategy and proposed to change incrementally how the nation would approach cybersecurity and data protection paired with more funding for these activities. Notably, the government of Prime Minister Scott Morrison seemed to be proposing a set of binding cybersecurity standards on certain sectors of critical infrastructure and a program of offensive cyber operations as a means of fending off threats from malicious nation state and criminal actions. The government in Canberra also floated a voluntary code of conduct for the manufacturers and developers of Internet of Things (IoT) and a rewrite of privacy and data protection laws. In preparation for this strategy, Australia released a call for views in September 2019 on a discussion paper and received more than 200 comments. (see here for more detail and analysis.)
The Department of Home Affairs stated that “[t]his Strategy will invest $1.67 billion AUD over 10 years to achieve our vision…[and] [t]his includes:
- Protecting and actively defending the critical infrastructure that all Australians rely on, including cyber security obligations for owners and operators.
- New ways to investigate and shut down cyber crime, including on the dark web.
- Stronger defences for Government networks and data.
- Greater collaboration to build Australia’s cyber skills pipeline.
- Increased situational awareness and improved sharing of threat information.
- Stronger partnerships with industry through the Joint Cyber Security Centre program.
- Advice for small and medium enterprises to increase their cyber resilience.
- Clear guidance for businesses and consumers about securing Internet of Things devices.
- 24/7 cyber security advice hotline for SMEs and families.
- Improved community awareness of cyber security threats.
As part of this 2020 strategy, the Australian government explained it was developing “a Cyber and Critical Technology International Engagement Strategy.” As a backdrop to the development of this related strategy, Canberra reiterated its commitment to existing international law and cyber norms and to defending itself in cyberspace, if necessary:
- Finally, governments have a responsibility to uphold existing international law and norms of responsible state behaviour in cyberspace. Australia will continue to encourage the international community to act responsibly online, including by complying with existing international law, domestic law and norms of responsible state behaviour. The Australian Government will ensure that Australia is not seen as a soft target and will continue to publicly call out countries when it is in our interests to do so. The Australian Government will match its public statements with action through a range of targeted and decisive responses against unacceptable intrusions or activity in line with Australia’s statement of principles on cyber deterrence:
- We work to actively prevent cyber attacks, minimise damage, and respond to malicious cyber activity directed against our national interests. We deny and deter, while balancing the risk of escalation. Our actions are lawful and aligned with the values we seek to uphold, and will therefore be proportionate, always contextual, and collaborative. We can choose not to respond.
The government provided a preview of its “Cyber and Critical Technology International Engagement Strategy:”
- The Australian Government defines critical technology as current and emerging technologies that have the capacity to significantly enhance or pose a risk to our national interest (prosperity, social cohesion or national security). Critical technology and cyberspace are becoming increasingly important aspects of international relations. They are intrinsically linked to our national prosperity and security; the protection and promotion of human rights and democracy; international stability; global economic prosperity; and sustainable development.
- The Australian Government is developing a Cyber and Critical Technology International Engagement Strategy. Building on the 2017 International Cyber Engagement Strategy, the next Cyber and Critical Technology International Engagement Strategy will provide a framework to guide Australia’s international engagement, to ensure cyberspace and critical technology support our goal of a safe, secure and prosperous Australia, Indo-Pacific and world. This includes partnerships to support the achievement of our cyber security goals by building international capacity and resilience to cyber security threats, cyber crime, online harms and disinformation.
- The Australian Government will place an increased focus on engaging internationally on the security of critical technologies. The nature of global supply chains means that Australia needs to take joint action with likeminded countries to ensure these critical technologies are not manipulated for malicious purposes.
This preview and the resulting strategy broke in some key respects with the 2017 strategy that ostensibly governed Australia’s cyber diplomacy. The Foreign Minister in 2017 articulated the “seven key themes: Digital Trade, Cyber Security, Cybercrime, International Security, Internet Governance & Cooperation, Human Rights & Democracy Online and Technology for Development.” The new strategy dispenses with a key theme approach in favor of three pillars even though the themes are still present in the new strategy. Naturally, several key policy areas have become pressing in ways not envisioned four years.
There is the new emphasis on critical technologies, of course. Likewise, the Australian government’s focus on online disinformation and misinformation was not part of its cyber diplomacy strategy except to the extent human rights and democracy were endangered in cyberspace. Moreover, the emphasis on the Indo-Pacific region has changed from one of helping Australia’s partners and neighbors get connected and develop digital economies to one of making common cause against the increasing hegemony of the PRC in technology fields and online. Moreover, supply chains are front and center, which is not surprising given the push from the U.S. on supply lines for technology touching or originating in the PRC.
In the same vein, the provisions regarding online harm and safety and encryption are new, reflecting a change in perspective in not only Canberra but also Washington and London on the connection between the two issues. Related issues are also highlighted, including child sexual abuse material and online extremism.
In the cover letter to the International Cyber and Critical Tech Strategy, Australia’s Foreign Minister, Senator Marise Payne explained the broad strokes of the new strategy:
- The 2021 International Cyber and Critical Technology Engagement Strategy sets out Australia’s vision for a safe, secure and prosperous Australia, Indo-Pacific region and world enabled by cyberspace and critical technology. It provides a framework to guide Australia’s international engagement across the spectrum of cyber and critical technology issues in support of this vision, and the practical actions Australia will take to advance our objectives.
- The Australian Government defines critical technologies as those technologies with the capacity to significantly enhance, as well as pose risks to, Australia’s national interests, including our prosperity, society and national security.
- Cyberspace has become such a critical element of Australia’s prosperity that many – if not all – of the information and communications technologies that underpin it are considered critical technologies.
In the Executive Summary, the government stated:
Australia must prioritise and enhance our international cyber and critical technology diplomacy. The Strategy sets out how the Australian Government will pursue a strategic and coordinated national approach to shape cyberspace and critical technology in line with our interests and values, and build our international reputation as a trusted and influential leader on cyber and critical technology issues.
The first sentence suggests Australia has not been stressing cyber and critical technology diplomacy or executing both in ways unlikely to achieve the nation’s goals. It also suggests a heightened need to renew diplomatic efforts, and it seems likely the new emphasis on these two realms, cyber and critical technology, is in response to the PRC’s actions worldwide but also in the region. Australia and the PRC have tussled over a number of cybersecurity and technology policies, with the latter having accused the former of launching more than one cyber-attack on its government. However, the government recounted its attack attributions in the new strategy and called out Russia, North Korea, and other actors.
As noted, Australia will recalibrate its foreign and diplomatic policies to focus on “critical technologies.” Of course, just what Australia considers “critical technology” will inform its actions, and so, Canberra offered this explanation:
- The Australian Government defines critical technologies as those technologies with the capacity to significantly enhance, or pose risks to, Australia’s national interests, including our prosperity, social cohesion and national security.
- This includes, but is not limited to, technologies (or applications of technologies) such as cyberspace, Artificial Intelligence (AI), 5G, Internet of Things (IOT), quantum computing and synthetic biology.
- These, and other emerging technologies, will transform economic competitiveness, national and international security as well as democratic governance and social cohesion. These new technologies are often enabled by, and reliant on, information that is created, stored and transmitted through digital networks.
To no one’s surprise, 5G, AI, IOT, and other burgeoning technologies made the list. Of course, it is probably not coincidental Australia is naming technologies the PRC is hoping to lead the world in developing and setting the standards for each.
As noted, the previous strategy was structured around seven key themes. The government offered the three main pillars of the new strategy:
- Values – We will always pursue a values-based approach to cyberspace
and critical technology, and oppose efforts to use technologies to undermine these values.
- Security – We will always support international peace and stability, and secure, trusted and resilient technology.
- Prosperity – We will always advocate for cyberspace and technology to foster sustainable economic growth and development to enhance prosperity.
These same values are depicted in this infographic:
Technology is used to uphold and protect liberal democratic values:
- Democratic Principles – advocate for cyberspace and critical technologies to uphold and protect democratic principles and processes
- Ethics Of Critical Technology – support the ethical design, development and use of critical technologies consistent with international law including human rights
- Human Rights – promote and protect human rights online and in the design, development and use of critical technologies
- Diversity & Gender Equality – advocate for diversity, gender equality and women’s empowerment in the design, development and use of cyberspace and critical technology
Secure, resilient and trusted technology
- International Peace & Stability – shape the development and use of critical technology, including cyberspace, to support international peace and stability
- Disinformation & Misinformation – build international resilience to digital disinformation and misinformation and their effects
- Cyber Security – build a strong and resilient cyber security capability for Australia, the Indo-Pacific and the world
- Cybercrime – strengthen cooperation for enhanced prevention, detection, investigation and prosecution of cybercrime
- Online Harms & Safety – enable a safe and inclusive online environment
Technology fosters sustainable economic growth and development
- Regional Connectivity-support a connected and prosperous Indo-Pacific comprised of independent sovereign states enabled by secure and economically viable critical technology
- Markets & Supply Chains – advocate for open, resilient, diverse and competitive international technology markets and supply chains
- Research, Industry & Innovation-strengthen Australian research, industry and innovation through international cooperation
- Critical Technology Standards – shape international critical technology standards that foster interoperability, innovation, transparency, diverse markets and security by design
- Internet Governance – promote the multi-stakeholder model of Internet governance
- Digital Trade – maximise economic growth by shaping an enabling environment for digital trade
The government listed the actions the strategy calls for:
CYBER & CRITICAL TECHNOLOGY DIPLOMACY
- Prioritising and enhancing our cyber and critical technology diplomacy using a strategic and coordinated national approach
- Shaping the design, development and use of cyberspace and critical technology in line with Australia’s interests and values
- Enhancing engagement with industry, civil society and the research community on cyberspace and critical technology
- Supporting applications of cyberspace and critical technologies that uphold and protect democratic principles and processes
- Opposing the use of cyberspace and critical technologies to interfere, undermine or otherwise weaken democratic principles and processes
- Promoting, protecting and upholding human rights online and in the design, development and use of critical technologies
- Opposing and condemning the use of cyberspace and critical technologies in a manner that violates human rights and freedoms
- Strengthening the capacity of states to meet their human rights obligations, and of other stakeholders to meet human rights responsibilities online and in the design, development and use of critical technologies
- Engaging in multilateral forums and processes to shape global ethical principles and frameworks on critical technologies
- Sharing best practice approaches to the ethical design, development and use of critical technologies, consistent with international law including human rights
- Working with industry, civil society and the research community to develop non-binding ethical frameworks for critical technologies consistent with human rights
- Promoting greater diversity and inclusiveness in the design, development and use of cyberspace and critical technology
- Advocating for gender equality and women’s empowerment, and supporting greater awareness of the effect of cyberspace and critical technologies on gender equality
- Embedding gender sensitivity and the meaningful inclusion and leadership by women and girls as key principles in Australia’s cyber and critical technology capacity building
- Setting clear expectations for responsible state behaviour
- Deterring malicious activity enabled by critical technologies, including cyberspace, and responding when it is in our national interests
- Cooperating with other states to hold to account those that engage in unacceptable behaviour
- Implementing practical confidence building measures to promote international peace and stability and prevent conflict
- Building international partnerships with governments, industry and civil society to increase awareness of, and enhance resilience to, digital disinformation and misinformation
- Partnering in our region to strengthen collective cyber security and incident response capabilities
- Working with international partners to strengthen our collective efforts to prevent, detect, investigate and prosecute cybercrime, with a focus on the Indo-Pacific
- Supporting the creation of a new model for international, cross-border lawful access to data
- Promoting the existing international legal framework on cybercrime and opposing efforts to weaken existing cybercrime law and norms, agreements and methods of collaboration
- Fostering a safe and inclusive online environment and strengthening online safety through engagement with the global community
- Countering child sexual abuse and exploitation online through multilateral and multi-stakeholder cooperation
- Preventing terrorist and violent extremist exploitation of the Internet through multilateral and multi-stakeholder cooperation
- Supporting the development and deployment of secure, transparent and economically viable telecommunications infrastructure across the Indo-Pacific, and promoting policy and regulatory environments that enable partners to capitalise on this connectivity
- Building capacity across the Indo-Pacific to identify and address risks associated with the design, development and use of telecommunications infrastructure and critical technologies
- Working with international and industry partners to encourage increased diversity in critical technology markets and supply chains
- Promoting Australia’s cyber security and critical technology industry and research
- Attracting investment and collaboration in Australian cyber security and critical technology industries and research
- Increasing efforts to shape global standards on the development, use and uptake of critical technology to promote interoperability, competition, innovation and diversity of suppliers
- Engaging with international partners and recognised standards development organisations to shape critical technology standards to promote security-by-design
- Opposing efforts to bring the technical management and governance of the Internet under government control
- Supporting and strengthening capacity for all stakeholders, including industry and civil society, to engage in multi-stakeholder Internet governance mechanisms
- Pursuing global trade rules that reduce barriers to digital trade and support the growth of an open and competitive economic environment
- Securing agreement to high-quality international trade rules and commitments that facilitate trade and protect consumers and their personal information
© Michael Kans, Michael Kans Blog and michaelkans.blog, 2019-2021. Unauthorized use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Michael Kans, Michael Kans Blog, and michaelkans.blog with appropriate and specific direction to the original content.
Twelve Apostles, Australia; Photo by Riccardo Trimeloni on Unsplash