It is more than twenty years since possible rules of behaviour in ‘cyberspace’ were first discussed at the United Nations, and it is now two-and-a-half years since Australia appointed its first Cyber Ambassador in Dr Tobias Feakin.
It is remarkable how far that discussion has moved. Across international business forums or multi-lateral government contacts, cyber issues are at the core of discussions at the most senior levels, whether the topic is global security, the digital economy, service delivery, social equity and much in between.
The latest manifestation of the shaping of cyber policy was at the G20 in Osaka, where cyber, the digital economy, and a push for improving the free movement of data were a focus of the final Leaders’ communique.
CyberWeek in Tel Aviv has come and gone for another year in late June, where cyber politics in the global context was prominent, as the burning issue in recent times. Dr Feakin joined a panel discussion during CyberWeek on ‘Cyber Norms – the Way Forward’ during a session of the International Forum on Cyber Politics”.
A lot has happened in the geopolitical environment since Dr Feakin was appointed, let alone in cyber politics. When InnovationAus.com interviewed the ambassador on the sidelines of an Indonesia-Australia Digital Forum in Jakarta in early 2018, his focus had been on awareness and capacity-building in the Pacific, building stronger cyber relationships across the ASEAN, and on assisting in the strengthening of cyber “norms of behaviour” globally.
And that is pretty much how the role seems to have played out. But the ‘cyber norms’ discussion is moving fast.
When he took the job, the then Prime Minister Malcolm Turnbull had only relatively recently talked openly about Australia’s cyber offensive capability. When he started, Australia had publicly acknowledged some significant breaches of government systems, but has not named the perpetrators of the attacks.
The setting of norms of behaviour has now moved past ‘naming and shaming.’ Australia has named four countries as the perpetrators of bad behaviour – Russia, China, Iran and North Korea – all since Dr Feakin took the role.
Australia has been an active participant at the United Nations in creating the eleven principles for norms of behaviour in cyberspace, including through the United Nations Group of Governmental Experts (UNGGE) on Developments in the Field of Information and Telecommunications in the Context of International Security.
Now the work is about changing the behaviour, or specifically creating a “toolbox” of actions and responses that apply targeted pressure against a particular state and particular behaviour. This could range from everything from direct communications through diplomatic channels to trade sanctions, to diplomatic expulsions or even cyber offensive retaliation.
There is a “toolbox”, as it is called, even if the tools themselves are not talked about so openly in the mainstream.
“We are at a pivotal moment on all of these issues, and that puts pressure on all of us [in the international community] to try and create viable solutions,” Dr Feakin told InnovationAus.com.
“But we are certainly at a pivotal moment in terms of trying to genuinely change the risk calculus of a [nation]-state that is thinking about carrying out a particular activity,” he said.
“Where we think things like election interference are absolutely out of bounds, it is important that we change the risk-calculus on that, and any acts like that.”
The shutdown or deliberate destruction of critical infrastructure is considered “absolutely out of bounds”, the ambassador said. And while a growing number of nation-states possessed that kind of cyber offensive capability, it needed to be developed and managed within a context of – and mindfulness of – international and domestic laws and behavioural norms “so that it doesn’t get out of hand”.
The US has been the leader in taking steps beyond ‘naming and shaming’. It has done this typically through things like – and here comes the toolbox – indictments of individuals or groups, or through sanctions applied to groups or states.
“The Australian Government has itself been through a review process of looking at all of the different tools it has inside government, the levers it has to exert pressure on a state,” Dr Feakin said. “We have been looking hard at what that looks like.
“We’re not at a stage to utilise that yet, but that’s been a big body of work across government that we have been working hard on.
This includes Defence, and obviously the Australian Signals Directorate, but the review has been genuinely whole-of-government.
“It’s the entirety of government. It’s thinking creatively about what are the tools that we have, and how can we exert pressure on a given space. If we were going to respond, how would we do that.”
Dr Feakin says although cyber issues are discussed at many forums and many levels across the spectrum, the UN remains the peak body for work on international cyber norms. But he says all of the discussions, whether it’s within ASEAN, or the Organisation for Security and Cooperation in Europe (OSCE), the European Union or the Association of American States are important.
“What you’re seeing is that this is a topic that is front and centre of so many strategic discussions now, it’s hard to avoid,” Dr Feakin told InnovationAus.com.
“Especially when we are now at a point where cyber and associated digital technologies are absolutely at the centre of geo-strategic issues, I think it is quite sensible that the issues are discussed in a range of forums,” he said.
“[But] certainly when we are talking about state behaviour, and the norms and laws that will guide them, the UN is the peak body that undertakes that work.”