How to fight China's cyber-warriors
We must persuade Beijing that it should do it as it would be done by in cyber space. Rules are much better than retaliation. Originally published in the Australian Financial Review.
Chinese cyber operations and related disinformation campaigns are getting a lot more attention in Canberra lately. In a rare speech last week, Foreign Minister Payne linked three recent events together: Chinese warnings that its tourists and students should reconsider visiting Australia “because of racism”, a European Commission report on Chinese and Russian “targeted disinformation”, and Twitter’s disclosure of 32,000 accounts linked to disinformation campaigns from China, Russia and Turkey.
A couple of days later, Prime Minister Scott Morrison warned Australians that a “state-based actor” was undertaking a large scale cyber “targeting” of Australian networks. The PM was not only sending a message to Australians, but also to Beijing – that if this activity continues, Australia will publicly name China as the perpetrator.
But what if that doesn’t work? What if the cyber intrusions keep growing, and China keeps pushing disinformation?
A lot of room for improvement
Canberra’s first approach should be to tighten cooperation - with traditional partners, and with the growing number of states aggrieved by Chinese bullying.
At the same time, Australia should buttress defences. The Australian Cyber Security Centre has made clear that Australian cyber hygiene still leaves a lot of room for improvement. Similarly, we can do more to reduce our, and others’, gullibility. Research suggests that target audiences can be “inoculated” through controlled exposure to misinformation.
But Canberra must also consider options for offensive action. Australia needs to deter this form of Chinese aggression. Prime Minister Turnbull sought to do so in 2016 by disclosing, for the first time, that Australia had an offensive cyber capability, housed in Australian Signals Directorate. And last year, the Chief of the Australian Defence Forces Angus Campbell raised the possibility that countries like Australia should reconsider engaging in so-called “political warfare”.
The best-known example of “political” or “information” warfare in recent memory is Russia’s meddling in the 2016 US election. That episode showed how Moscow has adapted a set of skills, honed during the Cold War, for the cyber age. Washington also undertook information operations in the Cold War but, since then, in Campbell’s words, “political warfare techniques went into decline … much to the chagrin of embittered advocates of the dark arts.”
But Canberra shouldn’t lose sight of the bush for the trees.
Australia needs to counter Chinese aggression, but it also seeks a world in which this sort of competition between states is bounded by rules and norms. After revealing Australia’s cyber-attack abilities, Turnbull immediately added that their use would be “consistent with our support for the international rules-based order.”
Though Payne talked about disinformation, the main purpose of her speech was to reaffirm Australia’s commitment to this order. Australia would work “to ensure that the development of new rules and norms to address emerging challenges is consistent with enduring values and principles”, she said.
An Australian information operation against China need not require any great wizardry. Canberra could directly target the Chinese Communist Party’s (CCP) chief anxiety – its legitimacy – simply by speaking openly about the party’s unrepresentative nature and increasingly authoritarian rule.
Trusting China to act responsibly
Lowy Institute Polling released on Wednesday suggests that Australians may already be getting hip to the CCP’s games - in 2020, less than a quarter of Australians trust China to act responsibly in the world, and only 22 per cent express confidence in Xi Jinping – both figures halving in the past two years to record lows.
But Canberra directly questioning another government’s legitimacy would be at odds with respect for state sovereignty. Reinforcing respect for state sovereignty will be an essential element of any effort to persuade China – and others - to recommit to any version of that order. Preservation of “rules that protect sovereignty” was top of Payne’s list of Australian objectives.
Canberra also needs to work through pathways for escalation and de-escalation. Beijing would likely view any attack on the party’s legitimacy as both validation of its paranoid theories and a major escalation. China’s reaction, and subsequent dynamics, including in cyberspace, would be hard to anticipate and control. That could harm Australia and the international order.
The breakdown in the rules-based order is both a symptom and a cause of Australia’s increasingly challenging security environment. That order, developed after World War II, helped manage the great power competition of the Cold War.
But it is now buffeted from all sides – by global power shifts, by populist and authoritarian governments and by growing state competition in poorly regulated domains like cyber.
Australian national security agencies need to operate effectively in this uncertain environment while simultaneously working to protect old rules and establish new ones.
So, the agencies need to present the government with nuanced options. Acting on these will require more policy finesse and fine-graded trade-offs than Canberra is accustomed to. But, our national security agencies have been adapting to this new reality faster than many of their peers. So it’s a challenge we should be able to meet.