China–Indonesia cyber plans: three questions for Canberra
2 Feb 2016|

15668079513_26344558e9_z

In late January, China and Indonesia showed their mutual capacity for strategic innovation  when a senior Indonesian official revealed the wide-ranging scope of their cooperation on cyber issues. Since cyber space was described in China’s 2015 Military Strategy as one of the two ‘commanding heights’ of international security competition, along with outer space, the agreement is worthy of the closest study by Australia.

Of special note is the plan for Beijing and Jakarta to work together on cyber war simulations, though they’ll most likely work on the civil infrastructure impacts rather than military combat applications.

The China–Indonesia agreement poses a number of interesting questions for Canberra. Here are three.

Is Indonesia shying away from  a closer embrace by the ‘Five Eyes’ intelligence community, possibly as a result of Edward Snowden’s revelations of their espionage effort against  Susilo Bambang Yudhoyono when he lived in the Merdeka Palace?

Does the agreement demonstrate a greater capacity for institutional and diplomatic innovation in our region on cyberspace issues than Australia has so far shown?

Since Indonesia is a relatively close partner of Australia, and China isn’t our enemy, can Canberra benefit from the new cyber relationship and insert itself into its implementation?

And now to deal with those questions in turn. First, is Jakarta leaning towards China and away from the ‘Five Eyes’ for support in its cyber security?

Jakarta and Canberra do have useful cyber collaboration, some dating back a number of years, especially in countering cyber crime—since 2011 the Australian Federal Police (AFP) has helped to establish a number of Indonesian centres for countering cyber crime. The two countries collaborate on cyber issues in a number of regional frameworks, such as the ASEAN Regional Forum and the APEC Telecommunications and Information Ministerial Meeting.

On the other hand, on 2 December 2015, according to the ABC, the Australian Reserve Bank believes that it fell victim to a cyber attack that Indonesia was behind. In late January 2016, the ABC reported that an Indonesian government agency was using surveillance software embedded in the Global Switch data centre in Sydney. So one might be forgiven for believing that the cyber security relationship between the two countries may be trending downwards.

Countervailing evidence on a strategic shift has come from the senior responsible official in Indonesia as recently as September last year. According to Chairman of the National Cyber Information Defense and Security Desk (DK2ICN) of the Coordinating Ministry of Political, Legal and Security, Air Vice Marshal Agus Ruchyan Barnas, Indonesia has ‘studied cyber defense systems in various countries such as USA, Australia, Singapore and others’ and that ‘Indonesia will cooperate with these countries in terms of cyber defense while maintaining a neutral stance’.

We probably need more evidence to be certain one way or the other. We do know that Indonesia has long prided itself on non-alignment but the recent announcement on cyber cooperation with China seems to have trumped anything in place between Indonesia and other partners.

Second, the agreement  reveals a surprising element of diplomatic innovation in that specific field than Australia has shown to date. While Indonesia and China foreshadowed deeper cyber cooperation through 2015, the scale and scope of what’s now on the table may put Indonesia ahead of all other developing countries in terms of China’s foreign cyber relationships. The apparent breadth of the relationship may be explained by the fact that the two countries have new or emerging cyberspace agencies, each of which has the resources, bureaucratic weight and independent authority to deliver such an outcome. Those agencies also have an incentive to be seen to be delivering.

In mid-2015, a year after China set up its Cyber Space Administration, President Widodo announced a plan to up the National Cyber Security Agency (BCN), to report directly to him. The agency is being formed on the foundations of the existing DK2ICN, the unit in the -Coordinating Ministry mentioned above. In comparison, Australia lacks a cyber agency with similar power and diplomatic freedom as the Chinese and Indonesian organizations. Australian cyber diplomacy is still managed in at least five separate agencies (DFAT, Attorney-Generals, Justice and the AFP, ASD and Defence, and Industry), none of which report directly to our head of government.

Thus,  the innovative agreement between China and Indonesia may be an example of the sort of breakthroughs that can occur if governments are prepared to consider institutional innovation in their diplomacy for the cyber era.

Third, can Australia benefit from the fast-moving pace of cyber diplomacy to its north? It most certainly can. In some respects, the Australian cyber security sector is more advanced in technological terms than that in Indonesia or even in China. Indonesia will need a raft of expertise and equipment that can’t be supplied by China. The planned new Cyber Security Growth Centre in Australia could exploit the opportunities provided by this agreement.

And just as importantly, the agenda of those two countries for the cyber collaboration, focusing on civil infrastructure, isn’t in any way against Australian interests, but highly complementary to them. It is an area where Australian capability urgently needs to be developed, as argued in ‘Australia Rearmed’, a paper recently released by the Australian Centre for Cyber Security,

Smart diplomacy would see Australia talking to both China and Indonesia about how we might support their joint efforts.