Marise Payne on Australia’s international cyber strategy

Thank you very much Michael and it's a great pleasure to be back at Lowy and for your very warm welcome, thank you.

Ladies and gentlemen, let me start by acknowledging the traditional owners of the land on which we meet here this afternoon and pay my respects to their elders past, present and emerging.

Let me welcome representatives of the diplomatic corps, many of the international partners with whom DFAT works and distinguished guests.

I didn't realise it was cyber month at Lowy. I'm going to have to pop back and listen to Mike Burgess myself just to see what he's putting on the record, but I can assure you that the government is particularly well served by senior officials like Toby Feakin and Mike Burgess who come to us with a wealth of experience and an absolute focus on our national security in terms of cyber.

Ladies and gentlemen, basically we're talking about technology and how we can leverage it, how it shapes our future and I see that as one of the greatest challenges and greatest opportunities of our lifetime.

No one single piece of infrastructure is more important to our future and our prosperity and our freedom than the internet.

It touches every part of our lives: It affects the way we work; the way we communicate with each other; how we express ourselves; how we run our homes; how we entertain ourselves; and it supports our democratic freedoms – freedoms of speech, political thought and of democratic choice.

We all know that the rapid development of new technologies and increasingly universal access is delivering vast opportunities for both economic and social development.

However, as our dependence on global networks grows, potential risks, our vulnerabilities also increase.

I want to do a little bit of a stocktake of where we are in 2019 and look at some of our future plans.

As Michael adverted to in April 2016, the Coalition government launched the landmark National Cyber Security Strategy to further develop our approach to these critical issues as individuals, businesses and government.

And I'm pleased to say that many of the initiatives that were announced have not only been established, but are now firmly part of the fabric of our nation's cyber security posture.

While there was a focus on increasing our domestic resilience, the strategy also included a number of initiatives to help ensure that Australia had a strong and effective voice on these issues on the world stage.

Chief amongst these was the establishment of a cyber ambassador to lead our engagement in advocating for a free, open and secure internet.

Toby Feakin well-known to many of you here was appointed later that year and has been a key part of Australia's effective engagement with the international community. It's been a great pleasure for me to work with Dr Feakin since I was appointed to this role last year.

While the internet has grown organically without the direction or control of any one government, it doesn't mean that governments don't have an abiding interest in ensuring it remains a positive force for global development.

However, not every nation shares Australia's view of how the internet should operate. Some countries see an open internet as a threat and they advocate for far greater state control that would limit connectivity and stifle innovation and freedoms.

As Prime Minister Turnbull said at the launch in 2016, ensuring that the architecture and administration of cyberspace remains free of government domination or control is one of the key global strategic issues of our time.

It's only become more pressing in the three years since 2016 and 2019 will be a pivotal year in shaping global views on these issues.

It's therefore critically important for Australia to have a robust cyber security posture at home. Not only to defend our citizens and business and institutions from cyber threats and interference, but to ensure we have a credible and effective voice on the world stage.

The first step towards effective international advocacy on these issues was to clearly articulate our own perspective. So we launched Australia's international cyber engagement strategy in 2017 – one of the first of its kind in the world.

Our strategy was and remains a strong statement about how our country approaches foreign and strategic policy aspects of cyberspace.

It addresses a broad range of digital issues but at its heart, it is simple. It sets out how Australia will advocate for and defend an open, free and secure cyberspace.

That means Australia pursues policies that deliver security, stability and reliability as well as opportunities afforded by confident, open and trusted cyber interactions.

And the opportunities before us are significant, especially in the Indo Pacific region.

More than half of the world's internet users reside in the Indo-Pacific, but less than half the region is online. The scale of the untapped opportunity in our region is immense.

Across our region increasing connectivity is driving access to health services, opening new education opportunities and, of course, facilitating global commerce.

This in turn drives opportunities for Australia.

Connectivity is opening up new markets to both Australian businesses and regional entrepreneurs, who were previously constrained by the tyranny of distance or reliance on paper-based transactional commerce.

Digital services, currently worth $6 billion, are Australia's fourth largest export sector.

Research estimates that Australia's digital exports could more than double by 2030, enabling almost $200 billion of economic value in our domestic economy.

This is why we are leading international discussions in the World Trade Organisation to make sure the rules guiding international digital trade are fit for purpose in the 21st Century.

Another key part of Australia's international engagement is to ensure the benefits of connectivity are realised across our region, including in the Pacific, and that all nations have an understanding of those challenges to which I referred.

For example, Australia is majority funding undersea telecommunications cables to Papua New Guinea and the Solomon Islands. This includes funding for a domestic network in the Solomon Islands linking Honiara with Auki in Malaita Province, Noro in Western Province and Taro in Choiseul Province.

The Coral Sea Cable System will deliver faster, cheaper and more reliable communications infrastructure, affording both countries significant economic and development benefits.

Since signing a $137 million contract with Vocus in June of last year, construction of the Coral Sea Cable and Solomon Islands Domestic Network is indeed well underway.

Just last month, together with Solomon Islands' caretaker Prime Minister Rick Hou, I took part in a slightly damp ground breaking ceremony in Honiara at the site of the cable landing station, which will soon connect the 4,700km international cable with the domestic network.

I have to say, if you're standing in Honiara and you're talking about delivering an internet capacity that cable will deliver, the anticipation, the excitement is absolutely palpable amongst young people looking forward to being able to study in a much more effective way, businesses looking forward to being able to do business in a much more effective way, government looking forward to being able to deliver to citizens in a much more effective way.

And at 6 March, last week, cable manufacture was 92 per cent complete – so 92 per cent of 4,700km of cable. Installation of the cable will take place from June of this year, with the cable scheduled to be ready for service by the end of 2019.

And we are working to ensure that nations in our region have the capability to defend these networks. This is occurring both via discussions through regional fora, including ASEAN, and through our bilateral programs.

I also wanted to note that in September of last year, at the Nauru Pacific Islands Forum meeting, member nations also affirmed the importance of cyber security in the Boe Declaration, focussed on both protection and opportunities.

In 2016 we started with an initial investment of $4 million in our National Cyber Security Strategy, and since then our strategy has supported over 40 projects across ASEAN and the Pacific, working with over 25 delivery partners, some of you have been able to join us today.

Last year the government funded the construction of a National Cyber Security Centre in Papua New Guinea, and I was proud to officially open it in Port Moresby in November with Papua New Guinea Ministers Sam Basil and Justin Tkatchenko.

It plays a vital role in protecting the APEC meeting for 2018, and we continue to build on our cyber security partnership with PNG to make sure the Centre is a sustainable national initiative that protects PNG's government, and its sovereignty, from cyber threats.

Meeting the team there in Port Moresby and seeing their deep interest in their work was very, very gratifying.

Next month in the Solomon Islands, the winner of the Tech for Development challenge will be selected from 51 ideas to use digital technology to enhance educational and employment outcomes for the country's youth.

These programs complement the Government's investment in telecommunications infrastructure in Solomon Islands and PNG, ensuring that our near neighbours benefit from an open, free and secure cyberspace.

We are also engaging with businesses across the region to strengthen cyber resilience.

For example, we are working with Qantas to improve the cyber security awareness of airlines from across South-East Asia.

We have worked with the Commonwealth Bank to translate their customer advice on cyber security into Bahasa Indonesia.

And the Government has translated into Thai, Vietnamese and, again, Bahasa Indonesia, and made freely available ASD's 'Essential Eight' cyber security steps for companies, in all of those languages, which can protect users from a significant number of cyber threats and risks.

We are eager to build on our success so far – and today I am very pleased to announce the Australian Government is committing a further $10 million to this program, increasing our total investment to over $48 million.

This is going to enable us to cooperate with more governments and businesses across the Indo‑Pacific, supporting the regional prosperity that flows from the spread of safe connectivity.

We are looking forward to working with more partners to deliver meaningful impact on the ground.

But three years after the launch of our Cyber Security Strategy it is, as I said, timely to take stock of where we are in 2019.

The good news is that through the government's efforts, both at home and abroad, through the initiatives I have outlined, there is far greater awareness of the issues around dealing in cyberspace.

In Australia our businesses, institutions and individuals are improving their own cyber hygiene, and we are getting better at detecting and identifying cyber vulnerabilities.

But we do all know that there is still much work to be done.

Thanks to our advocacy efforts there is also a deepening understanding among regional partners of the need for the establishment of, and observation of, global rules and norms in cyberspace.

However, over the past three years we have we have seen an increase in the willingness of states and non-state actors to use the internet for malicious and indiscriminate ends.

Certainly, in the past three years, more countries have developed cyber capabilities and demonstrated a willingness to use them.

These capabilities have the potential to threaten our economic and national security.

In May 2017, as Michael referred to, we saw the WannaCry ransomware incident cause global damage, affecting 150 countries and causing serious disruption of the health system in the United Kingdom.

This indiscriminate, state-sponsored activity, is just one example of the concerning activities that have prompted Australia and a number of our international partners to begin to name and shame, if you like, that conduct, to reject that behaviour as we did when we attributed responsibility for WannaCry to North Korea.

Since then, we have worked with like-minded partners and publicly attributed malicious cyber activity to Russia, to Iran, and most recently, at the end of last year, to China.

We have also seen deeply concerning attempts to undermine democratic processes – the highly publicised activities around the 2016 US elections, allegations of interference in France's 2017 Presidential elections, allegations of interference in the Ukraine.

Most recently the cyber intrusion into the Australian Parliament House computer network and the networks of the Liberal, Labor and the National political parties is a stark example and a timely reminder of the current cyber threat landscape.

We committed in 2016 to being transparent through our Cyber Security Strategy, which is why the Prime Minister, Scott Morrison, formally declared a state-sponsored intrusion on the floor of the parliament.

Attribution is a difficult, technical and time-consuming process, and we continue to investigate who was responsible for the attacks on our democratic institutions as a matter of priority.

Attribution brings welcome public attention to these issues. It brings further attention, potentially embarrassment, for the offending actor.

We stand by our commitment to being transparent about cyber incidents and our cyber strategy.

So in that spirit, today I am pleased to release the first update of our International Cyber Engagement Strategy, which hopefully you have a copy of. It outlines the progress we have made since its publication in 2017, and where and how we will continue to advocate for free, open and secure cyber space, and for change where needed.

We do this because we know that through transparency grows trust and predictability. Confidence in cyberspace is built through bringing the discussion of the risks, threats and policy into the light of open debate.

That is what Australia has done and will continue to do.

By updating our strategy, we are also fostering mature and productive conversations in the international community. This position will guide our engagement in international discussions of stability in cyberspace.

It will provide a marker of Australia's thought leadership and active approach to working with international partners for mutually beneficial collective gains.

The most recent attack on our own democratic institutions serves as a reminder that we cannot be complacent about the risks to our sovereignty and the pressing need for all nations to determine and stand by an agreed set of international rules and norms in cyber space.

It is now so fundamental to modern life that serious cyber incidents could, if mismanaged, escalate to a form of conflict between states.

There is a behavioural grey-zone in cyber space that unfortunately more actors appear willing to exploit.

That is way we need greater clarity on the application of international law in cyber space.

As I said earlier, 2019 will be a pivotal year in the development of the rules of the road in cyberspace.

Two key UN bodies will meet this year to further strengthen the international framework that governs cyberspace.

The UN Group of Governmental Experts, known as the UNGGE, consists of members chosen by the United Nations to provide broad geographic representation.

The UNGGE has evolved as technology and cyber participation have increased. It has made landmark agreements on international security and cyberspace in its five incarnations since being established in 1998. We were very proud to chair the UNGGE in 2013 when it agreed that existing international law applied in cyberspace.

Then in 2015 the UNGGE agreed to 11 norms of responsible state behaviour in cyberspace.

We have nominated to be a member of the sixth group commencing this year and if successful we are very eager to advance cybersecurity and to further clarify these rules and norms to reduce this grey zone.

The second UN group is the called the Open Ended Working Group. It is a newer body open to all UN members to discuss international law and norms of state behaviour in cyberspace. We are also committed to being an active and practical member of that working group as part of our close cooperation on these issues.

These two groups will have a considerable influence this year on the future of international cyber stability. Australians will be actively working with these two bodies to ensure the internet remains free and open and secure so that we can continue to reap the benefits that offers.

And we are urging like-minded nations to throw their support and resources behind these international efforts that will build trust and transparency.

Ladies and gentleman, Australia's international cyber engagement is world leading. Our continued advocacy for our vision for a cyberspace that balances, openness, freedom and security is important.

Australia is taking action, working with our partners and building the capacity of our region to ensure we preserve inclusive, open, free and secure that benefits Australia, the Indo-Pacific region and the world.

I am very proud of the contribution that Australia is making to the secure end of the spectrum, actively responding to malicious cyber behaviour, empowering our cyber security agencies and their capabilities, and contributing to international security with our partners.

I am equally proud of the work that we do to spread the concepts of open and free.

In politics there is a phrase that goes along the lines of: Not until you are bored with saying your message can you presume that those to whom you are speaking might be listening or hearing it.

So we can’t say often enough: secure, open and free. That is what we stand for, that is what we represent and that is what advocate.

From digital trade to human rights, cyberspace has enabled enormous social and economic advancements and Australia is working on all fronts to ensure that Australians and the international community can enjoy the fullest extent of technology's potential far into the future, and enjoy it with trust and with confidence.

Thank you very with the opportunity to make a few remarks to provide that stocktake this afternoon and I look forward to our conversation.