Keep your friends close and your cyber-adversaries closer
Last week, Australia’s government admitted that, in early February 2019, the country’s political parties were the target of a cyberattack through the Australian Parliament’s servers.
China has been suggested as a likely source of the attack, although definite proof is yet to be found. It’s no coincidence that some scholars also raise concerns about Australia’s upcoming federal election being a potential target for Russia’s cyber meddling.
These issues must be addressed immediately. Though preemptive behaviour could result in gross misinterpretation of the situation through media – and lead to politicians distorting the truth to suit their agendas – without prompt action, Australia’s cybersecurity may risk being completely compromised.
Countries must work tirelessly to improve their resilience in cyberspace. Cybersecurity must be at the forefront of their security and defence concerns; it cannot be left out of political debates with its growing relevance in the world.
I suggest looking at cybersecurity as a foreign policy problem. Now, more than ever, cyber-threats wield an immense amount of power in determining international relations, and such issues must be addressed by traditional diplomacy.
A state with harmful intentions – like China, perhaps – might use cyber-threats and cyberattacks against another state – Australia, for example – to coerce the latter to get what it wants. On top of that, it is very likely that such countries would take advantage of any existing power imbalances to further pressure victim countries.
Targeted countries, in such instances, should consider ways to improve state-to-state relations and build trust with these nations in efforts to defend themselves. This could help reduce the risk of future cyberattacks.
Politicians and policymakers may also be inclined to unilaterally portray some states as unfriendly adversaries – even in official documents. For example, Australia’s White Paper adopts a markedly negative image of Russia, painting it as an aggressive and volatile country.
Assume that, with its current representation and despite real evidence arguing otherwise, Russia is accused of being a suspect behind another cyberattack. Such allegations don’t contribute to building healthy bilateral relations. On the other hand, dropping this negative portrayal could actually help decrease the frequency of cyberattacks.
While precise detection of an intruder into a nation-state’s cyberspace may prove difficult, keeping an eye on states with a possible political vendetta is plausible. In the case of Australia, China undoubtedly tops the list of potential intruders with existing suspicion of its influence over Australian politics and national security.
Moreover, cybersecurity issues become more complex when they involve non-state actors who, undetected by governmental radars, could initiate their own cyberattacks.
Understanding whether a government or a non-government competence was attacked also helps identify internal political and socio-economic problems.
Before it was recently confirmed that "a sophisticated state actor" may have been behind recent events in Australia, the cyberattack on its Parliament could have been considered an attack from within the country resultant from conflict within its own political system. It could have also been that a hacker had simply been testing their ability to penetrate the nation’s cyber-baseline.
Whoever the culprit, this breach serves as a poignant reminder for Australia to increase its investment in cyber-defense strategies. But more importantly, it points to the need for better bilateral diplomacy – especially with countries where relations may be tense.
Furthermore, when mutually beneficial economic cooperation is at stake, the risk of cyberattacks is low. As it stands, there are hardly any cases of cyber-violence between trade partners with substantial economic relations.
If a state has lax economic connections with another, however, the ratio of cyberattacks also increases significantly with the lack of real economic risks being posed.
For example, Australia relies significantly on economic connections with China, but the opposite is not necessarily true. This gives China the ability to attack Australia in the cyberspace without any major risks.
To give another example, Australia and Russia have unsubstantial economic connections. Compounded with its adversary image, Russia could well threaten Australia without risking its own economic stability.
A state with greater economic power can also manipulate its less influential partner with very little risk to its own economy. For instance, the US has skillfully put economic sanctions on several states that it considers an adversary and a potential security risk.
Traditional diplomacy can help penetrate this vicious cycle as it increases trust between countries. Highly advanced but mid-sized countries like Australia might defend themselves more effectively in cyberspace with this in mind.
For Australia, improving diplomacy with countries like China and Russia may be a long-term strategy, but it is worth every immediate and sincere effort.
It must be taken into account that building trust with China is an achievable but difficult task considering their historic and societal differences. Therefore, it may be easier for Australia to achieve better outcomes with Russia, even though the latter currently suffers from political and economic constraints.
Russian diplomats and ambassadors are, moreover, usually open to dialogue and cooperation with their host countries. For example, the Russian ambassador to Australia – Grigory Logvinov – and the Australian ambassador to Russia – Peter Tesch – both seem very enthusiastic and keen on improving bilateral relations.
Logvinov took part in the latest Australasian Association for Communist and Post-Communist Studies conference – an emblematic international event devoted to the study of Russia and the post-Soviet era with participation of political scientists from Russia, Australia, the US, China, and Japan.
All of Tesch's Tweets are in Russian as well, making it possible to engage with the general Russian public while positively representing the relationship between both countries. This could potentially be a foundation for improved bilateral relations, ultimately leading to improved diplomacy and state-to-state relations.
All told, cybersecurity must first and foremost be thought of from a geopolitical perspective. Intensive efforts on a diplomatic frontline might become a silver bullet in reducing future risks of cyberattacks, and countries like Australia should rethink their cybersecurity strategies accordingly.
As published at APPS PolicyForum on 27 February 2019.