Beyond the occasional doom-laden and shouting headline about the coming ‘cyber apocalypse’, few column inches are devoted to the cyber policy and international security space. This is a shame, because if you were to look a little closer at our neighbourhood, what you’d see is an undercurrent of effective, useful, middle-power cyber diplomacy quietly humming along.
If you were to look even closer, you would see Australia driving a hefty part of this work, stepping into a leadership role that largely defies its shoe-string budget.
On 6 August at the 22nd ASEAN Regional Forum Ministerial meeting in Kuala Lumpur, Malaysia, a deceptively small, but meaningful step forward was made to help ensure stability in cyberspace and our region.
Among the many agenda items that were reaffirmed, welcomed, underlined and adopted by the gaggle of foreign ministers and special representatives in the Malaysian capital was a joint Australian-Malaysian-Russian proposed ICT Work Plan.
The ‘ARF Work Plan on Security of and in the Use of Information and Communications Technologies’, often referred to by its pithier title ‘the Work Plan’, is the culmination of two years of quiet, Australian-led efforts by the Department of Foreign Affairs and Trade. This is a significant achievement, and it’s worth looking at how it was done before we turn to what was done. First, it builds on a relationship we’ve been developing for years—those sorts of things don’t happen overnight.
Second, the Work Plan was negotiated in partnership with Russia and Malaysia, who—to put it mildly—share different perspectives on how the internet should be managed compared to Australia. Australia’s liberal approach to internet freedom is distant from Russia’s government-controlled approach. But through trust and intelligent leadership, all parties came together to agree on a program of work that will boost regional stability. It turns out that making practical progress doesn’t require agreement on all aspects of internet governance.
In diplo-speak, the aim of the Work Plan is to ‘promote a peaceful, secure, open and cooperative ICT environment and to prevent conflict and crises by developing trust and confidence between states.’ Beyond the string of positive adjectives, the Work Plan is full of ideas to help prevent ICT-related squabbles from breaking out (either online or in the physical world), and if they do, it also contains plans to quell tensions and re-build trust amongst ARF member states.
Ideas outlined in the Work Plan include the cross-border information sharing of information on cyber threats, the types of policies that can be used to tackle these threats and the different national organisational set-ups that are in place to do so.
Included among its many goals is the intention to clear up confused terminology between countries—for instance, what the term ‘cyberspace’ means to different people—and support the establishment of rules, norms and principals of responsible state behaviour (what ‘goes’ and what doesn’t online).
Another key aim of the Plan is to develop a regional point of contact network to enable de-escalation talks when cyber issues balloon to the level of national security incidents. This list of ‘who to call when things get hairy’ is needed to help clarify from where attacks are originating and underpins wider confidence building measures.
As a Forum, the ARF is almost purpose built for negotiating cyber issues and through its practical workshops has emerged as the leading regional body that enables just that. While in the past the Australian government has voiced a general preference for working through forums such as the East Asia Summit, DFAT has seen the benefits of pursuing our cyber agenda through the larger, more hands-on regional body.
Given the melting pot of cyber perspectives and approaches in the Asia–Pacific, fewer voices rather than more may seem like an easier, more amenable route to achieve harmony. But this approach overlooks the rationale behind transparency and confidence building measures. It’s not those who we agree with that we need to build trust with.
International cyber policy will continue to be seen as a niche issue, but it’s a diplomatic area in which Australia does well, and one that the region has let us pick up the ball and run with.
Our friends in North Asia, Europe and North America have already identified the diplomatic leadership opportunity the cyber policy elements of international security presents, devoting hefty budgets and resources towards it; often targeted at our very neighbourhood.
The opportunity exists for the government to maintain Australia’s leadership role and build on the strong foundations we have laid though the ICT Work Plan and further the diplomatic work we’ve carried out in the past. It will be interesting to see if there’s recognition of this opportunity in Australia’s impending cyber security strategy and if there will be any new resourcing to bolster our emerging leadership role.