Threats to Australia shift to new domains: cyber, technology and information
21 Jul 2021|

Australia’s strategic environment is changing rapidly. Once shaped exclusively by traditional security concerns where what mattered most were our military alliances, the state of our armed forces and diplomacy, today’s environment is increasingly shaped by new domains. Chief among them: cyberspace, technology and our online information landscape. This overlapping trio is currently front-page news in a busy month that has highlighted just how entrenched this strategic shift now is.

We have seen how the world’s booming surveillance industry continues to be given permission to operate in the shadows, with dangerous consequences. Consider stunning revelations that high-end spyware sold by Israel’s most notorious spyware company, NSO Group, designed to track terrorists and criminals, was instead being used to spy on journalists, human rights activists, government ministers, diplomats and businesspeople in democracies and autocratic regimes alike. Ensnaring world leaders and several Arab royal family members and dominating media headlines from Europe to India, this exposé may finally force a moment of reckoning for this unregulated and unchecked industry.

Next we come to the collision of social media with the ongoing pandemic. Just last week, US President Joe Biden said social media platforms like Facebook ‘are killing people’ for allowing misinformation about Covid-19 vaccines to spread on their platforms, in some of his strongest language yet about the issue. The Covid-19 pandemic has pushed our already messy information environments into a new era where we can see the daily erosion of credible information online. The president’s comments come at a time when tensions between democracies and US internet companies are at an all-time high as they continue to spar about how to moderate our information ecosystem, while keeping it as free and open as possible.

Then on Monday we saw an unprecedented global coalition come together, including Five Eyes alliance members, European countries and Japan, to hold the Chinese state ‘responsible for gaining access to computer networks around the world via Microsoft Exchange servers’. For the first time, NATO joined in with a public statement calling on China to act in line with internationally agreed norms of behaviour. The Chinese state’s voracious appetite for wide-ranging intelligence collection, intellectual property theft and foreign interference activities have prompted a growing global culture of collective attribution and action that will continue far into the future.

For Australia, this is a significant development that reinforces the importance of the cyber domain. Attributing malicious cyber behaviour to countries like Russia, Iran and North Korea—something Australia has done several times over the past few years—brings far fewer complications. Attributing such behaviour to our largest trading partner, which has shown itself to favour economic coercion and wolf warrior diplomacy in dealing with so many of its bilateral relationships around the world, is fraught but necessary.

The Biden administration concurrently released a Department of Justice indictment that named and shamed four hackers from China’s Ministry of State Security—the country’s sprawling domestic intelligence agency (whose international operations, cyber included, are vast). An additional part of the US announcements was the release of a unique and detailed report listing more than 50 tactics and techniques used by Chinese state-sponsored cyber actors to target US and allied networks. Importantly, this report also provided actionable recommendations for how targeted organisations could detect and mitigate the risks of these operations.

Such useful advice should inspire other governments, Australia included, to provide more practical advice tailored to dealing with our key threat actors in cyberspace (state and non-state alike). While large parts of the Australian public service still prefer a ‘country agnostic’ approach to policymaking and planning, such a stance leaves us at a disadvantage and ill-equipped to deal with the actual threats we face.

More than anything, developments this month highlight the importance of Australia getting its own house in order.

The Australian public is informed about the stakes at play. The recent 2021 Lowy Institute poll found that 98% of Australians viewed ‘cyber attacks from other countries’ as a critical (62%) or important (36%) threat to Australia over the next decade, beating out other enormously important issues including climate change, international terrorism and a severe downturn in the global economy.

There is positive momentum underway—across government and the business community—to boost our cybersecurity posture and culture. However cyber, technology and information ecosystems are a trio of overlapping policy issues, and one can’t be tackled without the others. Having a cybersecurity strategy alone, for example, doesn’t provide the toolkit to deal with the global rise in cyber-enabled foreign interference that is currently targeting populations around the world via a suite of online platforms from YouTube to TikTok. This is an issue the Australian government is currently struggling to deal with, having yet to assign an agency to lead on countering this new threat.

While we wait for policymaking to catch up, it is worth noting that parliamentarians increasingly see this gap. Our savviest politicians now know that, beyond their immediate patch, there are two key issues they and their advisers need to get across—and stay across. The first is this new domain of cyber, information and technology threats. And the second? China, of course.