In my last blog post I explored how the New York Times hacking incident had raised the stakes in the cyber domain to an unprecedented degree. Having had time to reflect on this statement, I’ve reached the conclusion that we have entered a time when cyber issues have shifted from a technical, low priority matter to a strategic issue which not only carries significant risks but demands increased prioritisation and engagement from governments if it isn’t to become a significant hindrance to international relations.
There’s now so much malicious cyber activity, a significant proportion of which can be reliably attributed to state-actors, that it’s becoming increasingly difficult for countries to not face up and seriously address the issue diplomatically. The need for action will only increase as pressure rises from the civilian population and the private sector companies who are currently suffering the most.
The shift in the perception of everything cyber has been a slow one over the past two decades. We used to focus on cyber hackers, who were deemed nothing more than intelligent ‘nerds’ who spent more time than was healthy learning and typing malicious code in order to hack into increasingly difficult targets. However, their purpose was one of competition between one another, and ultimately humiliation of the target website/organisation they targeted. However, by the turn of the century, governments had began to slowly wake up to the realisation that in many respects the ‘horse had bolted’ and that many of their computer systems and departments had already been subjected to some kind of attack, not just from individual ‘hacktivists’, but from state sponsored sources. Clearly there was an increasingly urgent need to secure those systems and create substantive policy to address the growing security risk posed, but movement on these fronts was slow. Now the bigger picture is becoming clearer, and the full extent of hacking, espionage and data theft across the public and private sectors is evidenced in the media almost daily. Only last week the Reserve Bank of Australia confirmed it had been hacked by ‘Chinese’ sources. This relentless tempo of events demands action—so what’s happening?
The US has radically stepped up its pressure on China, whom it sees as the principle aggressor. In a recent address, the US National Security Advisor Thomas Donilon quite provocatively outlined what he felt was required from a US perspective:
Specifically with respect to the issue of cyber-enabled theft, we seek three things from the Chinese side… First, we need a recognition of the urgency and scope of this problem and the risk it poses—to international trade, to the reputation of Chinese industry and to our overall relations. Second, Beijing should take serious steps to investigate and put a stop to these activities. Finally, we need China to engage with us in a constructive direct dialogue to establish acceptable norms of behaviour in cyberspace.
This is a potent statement and it comes at a time when Donilon is about to travel to China for bilateral discussions. This comment won’t have gone unnoticed in Beijing, and suggests that the cyber issue will take centre stage when he meets with his interlocutors there. It follows hot on the heels of US announcements of elements of its approach to the use of its offensive cyber capabilities, and the launching of an Executive Order on Cyber Security which further coordinates its policy and practical approach.
These efforts are clearly aimed at increasing the pressure on China to curb its malicious activity in cyberspace and to raise its diplomatic game. No longer will the cries of surprise, denial of involvement and claims of being the major victim of cyber-attacks rather than the instigator be sufficient response to the multiple accusations it receives.
It appears that the Chinese message has also changed in recent weeks, and now acknowledges that increased international dialogue is required, and that much progress is needed. We can only wait to see how the US–China dialogue on this issue takes shape, as it has the capacity to further cool relations between the two nations if some form of agreement can’t be made about what is and is not acceptable in cyberspace. The fact that Obama’s first phone conversation to new Chinese President Xi Jinping addressed the issue of cyber attacks and the expectation of nations adhering to international norms and rules, clearly underlines the transformation of the issue to one of strategic importance.
Regionally there’s a need for Australia to build on some of the work it conducts in capacity building, countering cyber crime, and to play a more proactive role in creating regional consensus on cyber norms of behaviour. Through the Australia in the Asian Century White Paper (PDF), the National Security Strategy and the 2009 Cyber Security Strategy (PDF), there are mentions of engaging regionally and creating cyber norms of behaviour. Now is the time to drive those commitments with increased conviction and produce some concrete outcomes. Australia needs to place increased diplomatic pressure on China to enter a constructive dialogue on this issue and to become more responsible and accountable in cyberspace. If China aspires to be a major influence on the world scene and create a more convincing ‘soft power’ approach, it needs to build trust. This would be an excellent place to start.
Tobias Feakin is a senior analyst at ASPI. Image courtesy of Flickr user The White House.