Australia is putting cyber at the heart of its new realpolitik as it works to counter China

Data security and infrastructure resilience are enmeshed with Australia’s regional leadership.

An image of an Australian map includes Tasmania [altas style, Australia]
omersukrugoksu / Getty Images

An increasingly confrontational cybersecurity climate and escalating geopolitical tensions are shaping investments by Australian government and industry to shore up regional data and security infrastructure and protect data-driven innovation.

The impact of these tensions became apparent with the federal government’s unusual decision to co-fund, along with Telstra, the acquisition of troubled Papua New Guinea telecommunications carrier Digicel Pacific — whose presence across five South Pacific island nations had been floated as a potential reason for a Chinese government takeover.

The Department of Foreign Affairs and Trade has attributed the investment to the government’s strategic ‘step-up’ in the Pacific region — yet the $1.9 billion it contributed towards the $2.1b Digicel deal represents such a large investment that it nearly matches the $2b Australian Infrastructure Financing Facility for the Pacific (AIFFP).

With Australia in the process of establishing diplomatic missions in five additional Pacific island nations, the Digicel investment likely reflects the desire to control the telecommunications narrative and avoid a repeat of the ongoing security concerns over Chinese telecommunications provider Huawei.

China’s reported intervention in global telecommunications infrastructure was a wake-up call for governments and has set the bar higher as multinational agreements like the recently announced AUKUS partnership unite Australia, the UK and the US around cybersecurity, quantum computing, AI, and other technologies.

Laying down the law around cybersecurity and data protection will be crucial to protecting national innovation and aligning next-generation data architectures with national strategies, James Clapper, a former US director of intelligence and principal intelligence advisor to US President Barack Obama, said during the recent Australian Cyber Conference 2021.

“We’ve got a real challenge here with China,” he explained, “and the challenges it poses with respect to some of these more exotic, advanced technologies.”

“There are a lot of opportunities not just for the three governments to collaborate, but for industries in our three countries to collaborate on those great issues of the future — and we are much better served to act collectively, and pool our resources and our brains.”

Within the narrative of a broader government conversation about standardising data policy — the nature of which will soon be revealed as the government launches its Australian Data Strategy — major domestic data-centre operator NEXTDC has been moving to provide on-shore support to anchor the government’s data-driven Pacific pivot.

Regional resilience

Its October announcement of a Tier III data centre facility in Darwin — a small, tropical city whose climate and small population wouldn’t normally attract a major data-centre investment in its own right — was followed this month with the announcement of a new ‘edge data centre’ site in Maroochydore, on Queensland’s Sunshine Coast.

Positioned at the terminus of the 7000km Japan-Guam-Australia South (JGA-S) international submarine cable, the new data centre is the first such site on the country’s east coast outside of Sydney — reflecting, as does the Darwin facility, an attempt to diversify and decentralise Australia’s data links to the region and the world.

The combination of domestic infrastructure hardening and multinational collaboration is a tactical response to a steadily changing geopolitical climate in which cybersecurity has rapidly emerged from the shadows as a major geopolitical issue.

“Some people think that the world of cyber as we see it today, is how it has always been,” noted University of Western Australia Professor Stephen Smith, a former foreign affairs and defence minister who worked with Clapper a decade ago as cybersecurity crept into the public discourse, “but we’ve seen it come from being a very small portion of government and industry activities to being front and centre.”

“There has been a profound increase in sharing among our Five Eyes alliance.”

Shaping the global cybersecurity climate

The combination of domestic infrastructure hardening and multinational collaboration — both domestically and across a region where the country is taking a more proactive leadership role to counter China’s ‘New Silk Road’ strategy and the Belt and Road Initiative that Australia recently rejected in bold style — is part of a strategic repositioning that experts believe will be shaped by increasingly data-driven agendas.

Just as it is supporting the construction of new data highways across the region and encouraging industry to participate, the Australian government will push regional and global partners to help establish the new status quo around cybersecurity protection and cooperation.

That effort remains a challenge given that even leading nations are “at a very immature stage with respect to cybersecurity,” said Clapper, who along with Smith currently sits on the board of Perth-based Sapien Cyber.

“We don’t really have international norms that are established, recognised and, importantly, enforceable,” he explained, noting that it took “hundreds of years” for the analogous globally-respected Law of the Sea to evolve.

Engendering equally broad norms around cybersecurity activities is proving challenging — particularly given the broad “lack of deterrence” necessary to stop activities such as ransomware attacks — and despite some progress at the United Nations level, Clapper said, Australia and other countries would have to continue developing and protecting data architectures on the assumption that there are no enforceable geopolitical norms.

“It’s not enough just to have norms,” Clapper said. “There has to be some enforcement mechanism, but we’re a long way from that.”

“Until such time as the likes of Russia, China, and the US can see their way clear to agree on at least some of these — and that would be a centre of mass that everybody else could just jump on — it’s going to be very much a Wild West situation in cyber.”

Data security

In this context, protecting Australian interests with heightened data security and resilience will be crucial as Australian government policy increasingly recognises the fundamental role data will play in the Asia-Pacific region’s new geopolitics.

Thinking about how to respond to attacks — has evolved, in particular around the way cybersecurity investigations, attribution and negotiations were kept behind closed doors.

“There’s been an awakening that that probably is not the right approach,” Clapper said, “and that we’re actually better served to be transparent and open, and to name and shame offenders in the cyber realm.”

Ultimately, continuing policy adjustments from the Australian government will help extend and maintain online freedoms as a digital bloc across a region where differences of opinion have continued to grow and fester.

“Australia is committed to playing our part so that the rules and norms around technology reflect the values of our open societies,” Prime Minister Scott Morrison said during a recent address to the Australian Strategic Policy Institute’s Sydney Dialogue.

“We want technology to protect our citizens, protect their autonomy and their privacy and their data — but not all governments see technology that way.”

“Technology isn’t developed in a vacuum,” he continued, “[but] reflects the values of the society that creates it and uses it.”

Copyright © 2021 IDG Communications, Inc.

7 hot cybersecurity trends (and 2 going cold)