Former US Cyber Command and NSA chief makes the case for a cyber competition strategy
17 Aug 2022|

Cyber threats to national security and prosperity are today better understood, better prioritised and far better resourced than in decades past. Cyber as a domain, as a threat and as a key opportunity is now a firmly established and essential element of military strategy and capability.

Yet today, state, non-state and individual cyber actors have greater capability, capacity and willingness to use cyber tools aggressively for malicious purposes, and their tolerance for risk has grown.

In the view of former US National Security Agency and US Cyber Command boss Mike Rogers, despite the positives, the overall picture of the cyber domain is one of increased threat and complexity.

Most countries, even if they leverage all the power and capability of their military and defence cyber sectors, can’t effectively respond to this complex threat environment alone. Many nations, Western and non-Western, democratic and non-democratic alike, now understand that their national capabilities and their private sectors are engaged in a competition that is fundamentally unfair.

For decades, countries with market-based economies, such as the United States, have sought to create national frameworks that enable their research and development ecosystems and free-market private sectors to pursue global competitive advantage, largely by keeping government out of their way.

The assumption that market-based economies by their nature could continue to enable the private sector to out-compete and out-innovate their rivals has been disproven. Rogers notes that the approach of an enabled and unencumbered free market served the US well for a time after the end of the Cold War; it led to the invention and dominance by the US and other Western nations of key capability areas like stealth technology, the internet and wireless connectivity.

But between the fourth and fifth generation of these technologies, the playing field has definitively tilted in favour of actors that exploit highly controlled, centralised and coordinated strategies leveraging all the resources and capability in their private and public sectors, including intelligence and espionage capabilities.

China—now openly described as a peer competitor and strategic rival to most Western countries—has assessed that cyber and a range of critical and emerging technologies are game-changers with both domestic and international implications. Cyber is considered by China (and the US and others) as being among a range of technologies that can offer decisive strategic advantages for future prosperity and security.

The Chinese state has poured, and continues to pour, billions of dollars into building its cyber capabilities. Its strategy includes blatant theft of advanced Western intellectual property and excessive requirements for technology transfer from the West as a precondition for access to the lucrative Chinese market, and to the billions of dollars of Chinese state investment.

No company, R&D outfit, or sector of companies operating under free-market principles and on the assumption of a level playing field can compete with China’s strategy. Competing under these circumstances requires a team approach bringing together government and the private sector, and working with partners and allies across national boundaries.

In no way should a team strategy between like-minded players emulate what China has done. Competing effectively doesn’t necessitate cyber-enabled IP theft, the employment of state espionage capabilities to unfairly benefit Chinese state-owned and ‘private’ companies, or forced technology transfer. But it does require policy settings that protect innovation and cutting-edge technology developed and commercialised in the US and other centres of technological excellence and dynamism (including and especially in the Indo-Pacific).

It also requires export-control and inward-investment regimes that differentiate between international actors with which technological cooperation is a strategic imperative and those that present significant strategic risks.

It certainly involves a clear articulation that competition—fair competition with clear rules for acceptable and unacceptable behaviour—is the strategy. And it involves action to create a policy environment that enables competition in a way that protects and extends existing rules and norms and that safeguards IP and key sources of innovation.

It also requires forums and mechanisms that bring together the perspectives, incentives and imperatives that drive the activities of governments, the technology sector and civil society. These communities don’t yet talk to one another effectively, don’t harness their collective power for shared benefit, and don’t align on common interests in a way that produces superior outcomes for them all.

The need to get to that is urgent. The Sydney Dialogue, an ASPI initiative, brings government, private-sector and civil-society leaders together at the highest levels and provides a platform for enhanced cooperation between international actors. It offers a constructive space for the urgent conversation needed to enable stronger, fairer, more integrated competitive strategies between countries that share a commitment to the rule of law and a vision for the use of existing and future technologies in the global good.

Rogers discussed the need for better, more integrated strategies to compete with China in key technology areas. He delved into the implications of the use of cyber capabilities in the Russian invasion of and ongoing war against Ukraine, and described it as a ‘watershed’ moment. The growing reality of, and increasing calls for, decoupling of cyber and other technologies from China, Russia and other actors is also explored.

Importantly, Rogers talked about the enormous potential of the technology priorities and objectives of the AUKUS partnership. Australia, the UK and the US have a real opportunity to demonstrate and enhance their ability to achieve effective integration between government, industry and civil society, and to work across national borders through a joined up, multi-sectoral technology strategy for national security.

To meet the objectives of partnerships like AUKUS, there’s a need to move beyond cooperation to integration, including between parts of our systems that have operated independently for good reasons in the past. We must preserve the best and most productive characteristics of our free and open systems. But government, the private sector and civil society must also be brought into closer alignment for the benefit of all. It is past time to move beyond understanding the problem and start organising more effectively for the geostrategic technology competition that we know we’re now in.

The policy challenges posed by critical, emerging, cyber and space technology require a new approach. That starts with answering a key question Rogers asks: ‘What is our vision of the key technologies, the most critical sectors that are really going to drive economic advantage … and [that] if placed at risk would cause us harm, [and] what are the policies we need to create advantage for ourselves?’

A new cybersecurity strategy based on what is required to become and remain competitive, secure and resilient should focus on this central question.