Australia’s Cyber Strategy: Navigating unchartered territories needs both caution & diplomacy


By Syed Munir Khasru

As Australia grappled with a second wave of COVID-19 and consequent economic recession, the government unveiled its 2020 Cyber Security Strategy, while an update to its strategy on International Cyber Engagement is expected to be unveiled soon. The Strategy has been unveiled at a time when Australia faces a sharp spike in the number of cyber-attacks, a major portion of which have been state-backed. Speculations suggest China to be the perpetrator, which comes at a time when relationships between the two is already deteriorating in both the political space and trade. Given the geopolitical and economic realities that Australia face, the need for a robust International Cyber Engagement Strategy has never been more important as the country needs to deftly navigate the cyber threats through smart diplomacy.

While Australia ranked a respectable 10th in the 2018 Global Cybersecurity Index, crimes in the cyberspace has been rising at an alarming rate. Cybercrimes have cost the Australian economy an estimated AU$29 billion – a staggering 1.9% of its GDP! A 2018 CISCO report found that 81 percent of Australian companies faced more than 5,000 attacks every day, significantly higher than the global average that can be attributed to Australia being an attractive destination for hackers due to the country’s economic status. While most Australian companies have contended well with these attacks, the average cost of each of these attacks has been the highest in the Asia Pacific region with 52% of the victim companies reporting a toll between AU$ 1.3-6.9 million.

Being one of the leading developed economies, Australia is not only targeted by top hackers across the world, but also by politically backed agencies. The Australian Intelligence already speculates that China was behind the cyber-attack on its parliament and three political parties prior to last year’s election. Defence Minister Linda Reynolds warned earlier this month that, cyber attacks by a national government (presumably China), have increased recently, with the country’s cyber security centre reporting an attack every 10 minutes. The COVID-19 has exacerbated this issue with around 1 in very 6 Australians having experienced a cyber-attack during the lockdown. Such international cyber threats have increasingly become a critical challenge for the country, with the government being forced to issue a technical advisory earlier this year, detailing the most common ways that attackers might penetrate Australian networks. As the international political battlefield gradually shifts towards the cyberspace, Australia faces a situation where it not only has to protect its own systems, but also work together with its international allies in diligently balancing its international cyber engagement based on mutually agreed rules and norms.

In this regard, Australia’s current International Cyber Engagement Strategy complements its national cyber security strategy by providing a blueprint of the country’s plans and activities in Asia-Pacific and beyond. The strategy pushes for increased global transparency based on existing international norms and standards of conduct, as agreed by the 2015 UN Group of Government Experts. In addition, it also details Australia’s conduct and authorization in terms of offensive military cyber capability when required. However, as recent incidents such as the host of speculated state-backed cyber attacks originating from China show, Australia needs to ramp up its efforts and strategies in the international cyber arena in cooperation with its allies. Foreign Minister Marissa Payne’s naming and shaming countries like North Korea, Iran, Russia, and China on state backed attacks is unlikely to deter the delinquent.

While the government is shoring up an investment plan of over AU$ 1.6 billion in cybersecurity defences, the battle cannot be won only through internal reinforcement, as can be gleaned from Australian Signals Directorate (ASD) boss Rachel Noble’s admission that the country is facing a “near-impossible” task in fighting crime and espionage. The benefits of cyberspace can also be the source of its flaws. With all its advantages, an interconnected global network opens up scope for hackers from all over the world to place a malware that can wreak billions of dollars of havoc while endangering lives.

The solutions are neither quick nor easy, as Australia needs to proactively work with its international counterparts, to establish clear, binding rules and regulations on international cyberspace norms and operations. Australia played a key role in developing the 11 international norms for nation-state behavior in the cyberspace for the UN; it needs to follow up with more robust regulations based on transparency, that would help it work in coordination with both allies and adversaries in the cyberspace. Particularly regarding China, the issue becomes delicate as despite the recent waning of relations, China remains Australia’s largest trading partner and one pf the major foreign investors. The political and economic realities of this relationship can’t be ignored and any reckless offensive strategy in the cyberspace may not serve well Australia’s interests. Smart diplomacy is key and Australia’s upcoming international cyber engagements need to reflect that.

Privacy regarding popular Chinese apps is another major issue, due to China’s controversial 2017 cybersecurity law that gives the government the right to user data upon request. Australia needs to develop robust guidelines for the operation of such entities whereby partnerships and cooperation with Australian companies for Australian users is reinforced. In this regard, key security points need to be under Australian watchdogs. The imbroglio surrounding WeChat and Tiktok in US needs to be avoided and guidelines need to reflect balance of interests. The federal government is already working to enable ASD access privately-owned critical infrastructure networks, but privacy concerns need to be addressed first before any such measures are taken.

The world stands at a critical juncture where the cyberspace is increasingly becoming the battlefield between superpowers, and Australia is right at the centre of it. While Australia’s previous International Cyberspace Engagement Strategy provided a good starting point, the emerging political, economic, & military realities have necessitated a strong, robust, and realistic revision of the strategy. As Australia looks to fortify its defenses from an increasing number of state-backed cyber-attacks, the true test of the government’s craft and mettle depends on its ability to navigate the geopolitics of cyberspace.

Syed Munir Khasru is Chairman of the international think tank the Institute for Policy, Advocacy, & Governance (IPAG) whose Australian office is IPAG Asia Pacific, Melbourne and it also has presence in Dhaka, Delhi, Vienna, & Dubai. em: