Cybersecurity is rapidly emerging as one of the highest US priorities for diplomatic engagement in Asia. A flurry of US statements over the last few months points to a new emphasis being put on building bilateral and multilateral relationships on cybersecurity matters. Australian official statements tend to treat the term ‘cybersecurity’ in a narrow way—limiting it to the domain of information technology security professionals. The US agenda, by contrast, is much wider.
A new front is opening in American diplomatic engagement in the Asia-Pacific. This will certainly encompass IT security, but America’s intent is to sustain closer economic engagement with countries in the region, to build secure supply-chains, combat organised crime, establish norms of behaviour in cyberspace and build effective links on cyber with defence and intelligence counterparts.
The US agenda was on prominent display at a US–ASEAN Ministerial meeting held in Bandar Seri Begawan, Brunei, on 1 July. Secretary of State John Kerry told the gathering that the US had ‘two issues of particular concern: maritime security and cyber security’. On the latter, Kerry said:
The United States is also working and looks forward to working further with ASEAN to improve cyber security and to combat cybercrime. We’re very eager to help ASEAN member states build capacity here in order to make sure that all of us are protected against cyber threats and in order to reduce the risks that these cyber threats carry.
The US proposed creating a US–ASEAN Cybercrime Capacity-Building Initiative, to be co-organised with Singapore. This will ‘address the authorities, tools, and techniques necessary for law enforcement agencies to effectively investigate cybercrime and process electronic evidence for any type of crime’.
In May, the US and Japan held their first government-level cyber dialogue. This usefully brought together multiple agencies with cyber responsibilities. The agenda included: ‘exchanging cyber threat information, aligning international cyber policies, comparing national cyber strategies, cooperating on planning and efforts to protect critical infrastructure, and discussing the cooperation on cyber areas in national defense and security policy’. A second meeting is planned in the fourth quarter of 2013, suggesting a high tempo of shared policy work.
The US State Department and the Indian Ministry of External Affairs recently held a ‘Strategic Cyber Policy Dialogue focused on cyber policy issues such as norms of responsible state behaviour in cyberspace, internet freedom, internet governance, and cybercrime cooperation’. A whole-of-government cyber dialogue driven by the US and Indian National Security Councils is planned soon.
Not surprisingly cyber security has taken centre stage in US–China relations. A particular concern for the US is what Tom Donilon, the US National Security Adviser, referred to in March as the ‘sophisticated, targeted theft of confidential business information and proprietary technologies through cyber intrusions emanating from China on an unprecedented scale’. Cyber was a key point of discussion at the Obama–Xi Sunnilands meeting in June and was acknowledged to be a necessary point of discussion between the two countries.
By now, even the most obdurate inhabitant of the physical realm would see that there’s a strong pattern driving US initiatives for closer Asian cooperation in cyberspace. The rapid pace of US efforts is remarkable, but in some ways it’s making up for time already lost in focussing the region on cyber matters. Five factors are driving the US approach. First, Tom Donilon’s speech clearly points to the US having reached its limit of tolerance over China’s intrusive cyberattacks on intellectual property. Second, Washington senses an opportunity to galvanise a regional response that would help draw Asian countries towards a consensus on protecting economic interests in cyberspace. Third, this consensus will help to resist Chinese and Russian attempts in multilateral meetings to argue for further global internet regulation. Fourth, the cyber agenda reinforces Washington’s continuing emphasis on rebalancing its economic and strategic priorities to the Asia-Pacific.
The fifth driver of US policy is the realisation that building cybersecurity capacity in Asia is in America’s interests. Tough-minded realists might pause at this point, but the nature of economic globalisation means that the US—and also Australia—have an interest in ensuring that trade, supply-chains and finance links are secure. Our common welfare depends on free access to cyberspace just as much as it does on open sea lanes.
For Australia, American enthusiasm for engagement on cyber issues presents risks and opportunities. One risk is that we’ll struggle to keep up as a viable regional partner because of our own relatively limited capacitates to engage on cyber with Asian partners. Australia can and should increase its rate of effort on cyber diplomacy. We need to ensure that our efforts align with as well as inform US thinking on how to deal with the region in terms of capacity building. Australia should start some regional cyber capacity building efforts of our own. We play an important role in the ASEAN Regional Forum’s admittedly rather limited discussions on cyber.
There’s also an opportunity for Australia to shape a regional cyber security agenda at the forthcoming Seoul cyber security conference in October, where some eighty countries will be represented to discuss critical cyber issues. Cyber is moving from the edges of international diplomacy to take a centre-stage position. The key challenge for Australia is to ensure we’re a leading player in this important development.
Peter Jennings is executive director of the Australian Strategic Policy Institute. Image courtesy of Flickr user Johnson Cameraface.