Exclusive: Cyber diplomacy lessons from Australia
By Shirley Tay
Interview with Tobias Feakin, Australia’s Ambassador for Cyber Affairs.
Cybercrime is a key challenge for governments today and has become increasingly entangled in competition and diplomacy. Australia appointed Tobias Feakin as its Ambassador for Cyber Affairs in 2016, and later expanded his mandate to include critical technology, to bring the country and its partners together to collaborate on issues of cybercrime.
“There was a recognition that it was hard to avoid international affairs which didn’t have some form of cyber component,” he told GovInsider in 2019. He discusses how Australia is working to promote diplomacy in cyberspace.
Shaping emerging tech
The challenge current governments have is working out what to regulate, and what not to, in this hyperconnected world.
Governments now have a window to shape how the tech will turn out. Standards and ethical principles need to be set to guide the development and use of these technologies, and these standards will impact the way that technology will affect working, lives, and societies.
“You only need to look at certain countries in the way they're integrating AI into their societies, … to know what kind of consequences that could have”.
Quantum computing, for instance, can make subatomic calculations and solve complex problems faster than the most advanced supercomputers today. According to the Five Eyes intelligence agencies, adversarial nation-states are currently collecting and storing encrypted data – waiting for the day quantum computing can crack it.
Australia is working with developers and standards bodies to promote ethics, human rights, and security in tech development.
Australia has also partnered India to embark on a four-year AU$12.7 million (US$9.31 million) Cyber and Critical Technology program. It will look at how both countries can promote the development of standards and ethics for tech like AI, IoT and blockchain to create an “open, free, rules-based Indo-Pacific region”, its website wrote.
Diplomacy in the cyberspace
In March 2021, the UN Open-Ended Working Group concluded with all 193 member countries agreeing to endorse a report that promotes responsible state behaviour in cyberspace. This is a “pretty significant success”, Feakin says.
“The Open-Ended Working Group’s report really broadens the commitment and awareness of the framework of responsible state behaviour to the entire UN membership, which is important because previously there was, perhaps, a sense from some countries that there was not quite the understanding of how these issues applied to those countries. So that's important progress, and it provided an opportunity for all countries to engage on that issue."
The report, a first of its kind, represented a universal commitment to a rules-based cyberspace and affirmed existing international law and norms on responsible state behaviour. This includes the 11 previously agreed norms - such as that critical national infrastructure and computer emergency response teams should not be targeted by nation-states. It also comprises confidence and capacity building measures, including understanding different countries’ approaches and having open lines of communication.
Now, the group needs to ensure countries adhere to these rules. “It’s no good having norms on the table if countries aren’t willing to stick to them,” Feakin says.
The international community is shining the spotlight on state-sponsored attacks, which Feakin believes will give nations increased pressure to adhere to norms. Australia recently joined the US, UK and other countries to attribute the exploitation of vulnerabilities in the Microsoft Exchange software to China.
The country has also attributed the WannaCry ransomware attacks to North Korea, and the SolarWinds hack to Russia. “There's a whole raft of these attributions which are now being backed up with sanctions from whether it be the EU or the US.”
Australia is also part of the UN Group of Governmental Experts on Cyber, which consists of 25 countries. This group has focused discussions around what international law looks like and how to apply it practically.
Australia tries to drive practical outcomes in such discussions - such as how it practically applies the 11 norms of cyberspace.
“That's one way that we've really tried to drive our international engagement, by putting more into our policy than perhaps you're used to seeing in the international environment, to try and set the bar high, so hopefully others come to that level, and to be as I think transparent as we're trying to be.”
Ramping up cyber defenses
To strengthen the home base, Australia created a cyber security strategy in 2020. The country will invest AU$1.67 billion (US$1.22 billion) to protect critical infrastructure from threats, help businesses secure their products and services, and educate citizens on cyber hygiene.
A big part of Australia’s work also involves engaging partners in the Asia-Pacific region to build cyber response capabilities. There’s a “huge amount of work” to do in the region, as 50 per cent of the population has not yet been connected to the Internet and first-time users will be the most vulnerable to cyber threats.
It has worked with the Papua New Guinea government, for instance, to build a cybersecurity operations centre and computer emergency response team. These efforts were jointly funded by both governments.
Known as the Cyber and Critical Technology Partnership Program, this work has risen to about AU$100 million (US$73.4 million) in investment. This program also helps partners build cybercrime investigation capabilities, develop digital forensics technology, and works with the legal system to prosecute cyber criminals.
“There's so much new technology being laid in the region and it's about helping countries understand, you know, risk mitigation and risk frameworks of how you assess new technology infrastructure development.”
Diplomats like Feakin are working to promote stability in cyberspace. While the work isn’t getting any easier, Feakin believes open, multilateral dialogues and building cyber capabilities will be the way forward.
Featured image by the Australian Department of Foreign Affairs and Trade.