Australia and Great Power Cyber Strategy after APEC

It is time to develop a more meaningful cybersecurity dialogue between Australia and China.

Australia and Great Power Cyber Strategy after APEC
Credit: China internet via pcruciatti / Shutterstock.com

Last week’s APEC forum was a game played with a smile. To recall advice Churchill gave to his officers, “if you can’t smile, grin. If you can’t grin, keep out of the way until you can.” So, despite lingering mistrust—and expectations of a “shirtfront”—world leaders smiled together.

One of the big omissions at APEC was progress on U.S.-China cyber relations. That came as a surprise, as both U.S. national security advisor Susan Rice and deputy Ben Rhodes had signalled prior to the Obama-Xi meeting that cybersecurity would be a major talking point. Any meaningful discussion was largely overshadowed by the climate change agreement (positive as it was). The most Obama stressed about cybersecurity was the “importance of protecting intellectual property as well as trade secrets, especially against cyber-threats.” There may have been a breakthrough in their half-day discussion, but it’s unlikely.

Also explaining the lack of progress is that, in the weeks leading up to the meeting, the U.S. began to pressure China on its cyberespionage activity, causing China to back away from the table. The FBI released a private warning to the tech industry about a group of Chinese government hackers running a campaign to steal data. That coincided with the release of a report by cybersecurity researchers, who allege that a state-led group, dubbed “Axiom,” is operating in areas of “strategic economic interest.” Furthermore, the U.S. Postal Service and the federal weather service—the National Oceanic and Atmospheric Administration—both confirmed that Chinese hackers had breached their networks.

A set routine is developing in U.S.-China cyber relations. Security companies and federal agencies build pressure by calling out cyber attacks, before leaders and top officials attempt to persuade China that the cyber-enabled theft of trade secrets will have to slow, if not cease. The U.S. hopes that it can influence China’s behaviour by building up sufficient evidence and pressure. Then, complemented by high-level talks, both sides can begin to establish norms of state behaviour in cyberspace. The most important norm would seem to be limiting intelligence activity that has a commercial, as opposed to a political, interest.

China has mirrored this strategy. Top cyber policy regulator Lu Wei, minister for the Cyberspace Administration of China (formerly the State Internet Information Office), has recently called out U.S. cyber attacks while simultaneously claiming that dialogue is “unhindered.” China’s motive is likely twofold: to undercut an international “cyber threat” narrative against it; and reorient its strategic competitor, the U.S., as the main protagonist in post-Snowden cyberspace.

In some private conversations here in Beijing, the belief is that the U.S. should first take measures to limit its cyberespionage activity. There’s also a conviction that the U.S. is engaged in the theft of trade secrets, and that allegations against China are part of a broader attempt to constrain China’s economic development. But the reality of the issue is that China has likely calculated that the benefits of continued theft of commercial secrets make the costs of doing so worthwhile.

It’s a witch’s brew. Each side believes that the critical first move needs to be made by the other, and pressure from the U.S. and denial by China is allowing distrust to fester. Although there’s potential for working-level arrangements, such as between the Department of Homeland Security and the Ministry of Public Security, more high-level discussion is needed.

There’s no easy way to reconcile differences between the U.S. and China. And defining rules of the road seems a long way off, particularly as competition increases in broader debates about the future of the internet. Over the last few days, China has hosted the World Internet Conference. Early commentary asked whether the meet could compete with the established “London process” that began in 2011—and is scheduled to be hosted in The Hague next year.

Australia’s interests are probably best served by staying away from moralizing. (Chinese all too often remind me of Julie Bishop’s comments on the ADIZ.) But with a freshly-inked free trade agreement and an elevated “comprehensive strategic partnership” with China, and an expectation from the U.S. that allies do more for security in the Asia-Pacific, it’s both appropriate and timely to develop a more meaningful cybersecurity dialogue between Australia and China.

As was the case in the Howard era, there’s a need to emphasise the importance of economic relations as a context for discussions about sensitive security issues. As trade and investment partners, there’s an expectation that a better understanding on cybersecurity will underwrite and support that relationship. Abbott told Xi in the House of Representatives that “we trade with people when we need them; we invest with people when we trust them.” A substantive cybersecurity dialogue to build trust with China would seem to be a rising priority on Canberra’s agenda—a point I argue in this recent Special Report.

Simon Hansen is a research intern in ASPI’s International Cyber Policy Centre. He is currently a visiting scholar at the China Institute of International Studies in Beijing. This article was first published in The Strategist, the Australian Strategic Policy Institute blog, and is reprinted with kind permission.