Cyber-security as Foreign Policy: The Need for Political Leadership

The 21st century has witnessed the proliferation of cyber-crime ranging from small-scale instances of identity theft to large-scale disruptions of government websites. In the midst of this purported era of cyber-insecurity, a number of surveys have been conducted to interrogate the reactions of Australians to this ostensible threat of cyber-crime. In 2012, a survey undertaken by CERT found that over 20% of Australian organisations had been victims of cyber-crime, with a further 20% of these organisations having experienced over 10 separate incidents. Similarly, the 2007 Community Attitudes to Privacy survey conducted by the Office of the Privacy Commissioner Australia found that 81% of Australians had grown concerned about providing information over the Internet due to heightened fears of cyber-crime.

The Australian government has subsequently reacted to such anxieties through a number of measures including positioning cyber-security as a core tenet of its 2013 National Security Strategy. This, amongst other policies, will see the establishment of a new centralised cyber-security operations centre headquartered at the Defence Signals Directorate. However, despite cyber-security’s increasing status in Australia’s domestic security policies, Australia has seemingly avoided pursuing cyber-security as a primary issue of its foreign policy agenda.

There have of late, however, been sporadic attempts at bringing cyber-security within the ambit of Australia’s foreign policy. For example: the introduction of the Cybercrime Legislation Amendment Bill 2012 which saw Australia become party to the Council of Europe Convention on Cybercrime, the 2011 expansion of the ANZUS treaty to cover cyber war, and a strategic partnership with Germany which seeks to “explore opportunities” for bilateral cooperation over cyber-security, amongst a host of other issues. Overall, however, Australia has remained somewhat reticent in further entrenching cyber-security within its foreign policy priorities  the question that begs is why?

The source of this reluctance may lie in the purported threat of reprisal attacks posed by internationally based hackers, protestors and cyber-criminals should the government further pursue internationally oriented mechanisms of cyber-security. This fear was aptly articulated by ASIS Director-General Nick Warner who, in making a landmark public speech, acknowledged that: “Government departments and agencies, together with corporate Australia, have been subject to concerted efforts by external actors seeking to infiltrate sensitive computer networks.” This, according to Warner, has resulted in cyber-crime becoming “one of the most rapidly evolving and potentially serious threats to our national security”.

It appears however, that such fears may be well founded. In the past, Australia’s cyber-security policies have seen it become the target of a number of cyber-protest and ‘hacktivist’ operations. For example, in 2009, the Rudd Government’s internet filter proposal was met with a spate of Distributed Denial of Service (DDOS) attacks which suspended operations of the Prime Minister’s website, as well as the launching of hacktivist organisation Anonymous’ ‘Operation Titstorm’ in January 2010 which saw parliamentary e-mails bombarded with pornographic images. Most recently, the Gillard government’s data retention proposal saw the AAPT Internet Service Provider hacked and 40gb of customer data being published in July 2012, whilst the ASIO website was subsequently brought down by DDOS attacks in August 2012.

The rationality underpinning such attacks, however, should not be reduced to being mere ‘acts of hooliganism’. Instead, they stem from a widespread belief that Australia’s cyber-security measures have impinged upon a number of fundamental human rights, such as the right to free speech, freedom of information and the right to privacy. For example, the Gillard government’s data retention proposal, which aimed at curtailing cyber-crime by requiring Internet service providers to store their customers’ Communications Data for up to two years, was met with overwhelming condemnation. Anthony Bendall, the acting Victorian Privacy Commissioner, for instance, declared that the proposal “is characteristic of a police state” and is “premised on the assumption that all citizens should be monitored.” This, Bendall suggested, goes against both “the presumption of innocence which all persons are afforded” as well as “one of the essential dimensions of human rights and privacy law: freedom from surveillance and arbitrary intrusions into a person’s life.”

Nevertheless, as evidenced by the surveys discussed previously, the Australian public wishes to overcome their anxieties concerning cyber-crime whilst simultaneously demanding that cyber-security measures are used to support and foster fundamental human rights, rather than undermining them. Political leadership is therefore needed to pursue a balanced approach to cyber-security and human rights – an approach that would see issues of cyber-security catapulted to the forefront of Australia’s foreign policy agenda, rather than being obscured behind a fear of reprisal attacks. Therefore, if such a balanced approach is indeed adopted, Australia may be able to participate in more cohesive and cost-effective international measures to mitigate cyber-crime, devoid of any fears concerning reprisal ‘cyber-protest’ attacks. To date however, both the Government and the Opposition have neglected to discuss such possibilities.