An agenda for Australia’s lead cyber negotiator

| May 4, 2019

Together with 24 other states, Australia will serve on the new UN Group of Governmental Experts (UN GGE) on ‘developments in the field of information and telecommunications in the context of international security’. Following the adoption of UN General Assembly resolution 73/266 in December last year, Canberra kicked off a campaign kicked to get selected for this pre-eminent group.

Australia was holding the right cards. With the establishment of the position of ambassador for cyber affairs in the Department of Foreign Affairs and Trade and the launch of an ambitious international cyber engagement strategy in 2017, Australia could present itself as a global or at least a regional leader. Assertive high-profile attributions, the 5G decision, support to ASEAN and substantial investments in capacity building in Southeast Asia and the Pacific provided support for that claim.

The new UN GGE was set up in conjunction with a parallel—if not competing—group: an open-ended working group (OEWG) on ‘developments in the field of ICTs in the context of international security’.

The two groups are both mandated ‘to develop rules, norms and principles of responsible behaviour of states in cyberspace’. Both are also to focus on implementing non-binding agreements and the examining the application of international law to states using ICTs. Differences over presumed membership and the expected ‘spirit of the discussions’ are more subtly phrased, but are fundamental to the negotiation process.

The OEWG suggests a reconsideration of agreements made in reports of previous UN GGEs and a consideration of ‘regular dialogue … under the auspices of the United Nations’. That’s diametrically opposed to positions held by states such as the US, EU member states and Australia. Instead, this group wants to build on ‘the existing consensus’ and ensure that stability in cyberspace is a community-wide effort involving industry, the technology sector and civil society—rather than a UN-centric, and therefore state-centric, process.

The OEWG claims to be ‘more democratic, inclusive and transparent’ than the UN GGE, inviting any interested state to join it. While the UN GGE has capped participants at 25 experts, their states are geographically representative of the global community. It’s also the sixth in a series, while the OEWG starts from scratch.

The UN General Assembly’s adoption of the UN GGE outcome reports in 2010, 2013 and 2015 demonstrated an emerging consensus on what the global community of states deemed acceptable and unacceptable behaviour in cyberspace and on which so-called confidence-building measures would help minimise risks of miscalculation and misperceptions. It was also agreed that international law applies in cyberspace in the same way that it does in the physical world.

Much changed between 2015 and 2019.

Negotiations in the last UN GGE, which met between 2016 and 2017, broke down. Although the group reportedly managed to make progress on clarifying previous agreements, no common ground was found for a more detailed interpretation of how the principles in the UN Charter on the use of force and in international humanitarian law apply in the cyber context, nor was agreement reached on a right to apply countermeasures in situations below the threshold for the use of force.

Simultaneously, a series of state-sponsored incidents forced nations to take a much stronger, if not confrontational, stance towards perceived adversaries. Russia’s cyber-enabled interference in the 2016 US presidential election was a clear watershed, followed by the attribution by NATO, EU member states and Australia of the NotPetya virus to Russia; the attribution of the WannaCry malware to North Korea; and the exclusion of Huawei (and others) from the 5G markets in Australia and the US.

In these circumstances, when the current rules-based model is challenged, when military dominance is less effective and when others seem to have equal levels of pioneering zeal, diplomacy is hard. We’ll need some excellent diplomatic skills to overcome the ideological stand-off and define a rules-based system in cyberspace that accommodates the interests of the global community. The good news is that the past few years have produced an expanding corps of dedicated cyber ambassadors.

The American and Russian experts have been on the campaign trail for over 15 years. That brings the risk of formal positions and personal emotions getting blurred and entrenched, as can be observed in a statement by Michele Markoff (US) and an article by Andrei Krutskikh (Russia). It’s likely to be up to the others—presumably even member states outside of the P5—to build bridges and potentially foster a breakthrough.

Here Australia is in a unique position. The various states in the Indo-Pacific region will expect to be represented by Australia, together with Singapore and Indonesia. That comes with opportunities (since the region has been underrepresented thus far) and with responsibilities to a wider group of constituencies for which Australia will be the de facto representative.

What does this mean for Australia’s negotiation agenda?

As a member of the Five Eyes community, and given Canberra’s assertive posture in 2018, Australia needs to form sophisticated opinions about additional rules that constrain irresponsible state actions in cyberspace in situations of war and of international conflict and right below the threshold for the use of force. This includes debates about effective deterrence and retaliation against malicious behaviour.

In Southeast Asia, the interests of most states tend to concentrate on a rules-based environment that facilitates developing digital infrastructure, fighting transnational cybercrime and preventing ICT-enabled disinformation campaigns. Here the challenge will be to accommodate demands for sovereign rights in cyberspace while keeping these states aligned with the principle of a free and open internet.

The interests of the Pacific states are more mundane. As part of the Pacific ‘step-up’, which includes a cybersecurity component, Australia will have to look for measures that ensure that digital rookie states won’t fall prey to ICT-enabled crime, espionage and other forms of disruption. Their digital transformation is still regarded as a key enabler for achieving the Sustainable Development Goals.

Australia’s lead negotiator needs to play at multiple chessboards, each presenting a unique sociopolitical and development context. In stormy weather, she needs to walk a tightrope, keep her ears open to the concerns of Australia’s multiple constituencies, and find out more about the ulterior motivations of her fellow negotiators (and their constituencies) at the table.

This article was published by The Strategist.