Recent event developments
In an explosive revelation last week, Australian Prime Minister Scott Morrison warned of a “sophisticated state-based cyber actor” targeting the Australian government and a wide range of organizations. “This act is targeting Australian organizations across a range of sectors including all levels of government, industry, political organizations, education, health, essential service providers and operators of other critical infrastructure”, Morrison told reporters at a press conference.
The high frequency and complex algorithm of the attacks demand more national security initiative from Morrison than just an “awareness drive.” After all, the Australian Signals Directorate – the government’s chief cyber intelligence agency – noted that while interacting with victim networks, “the actor [attacker] was identified making use of compromised legitimate Australian web sites as command and control servers.”
Some of Australia’s most influential policy experts, including Peter Jennings, have also come forward to support a change in the country’s cyber security standards. It is against this backdrop, that Prime Minister Morrison’s reluctance to come clean on the identity and strategy of the aggressor – despite repeated questioning – runs contrary to top intelligence assessments, which flagged similarities between current offensives and the March 2019 parliament attack – an attack authorities linked to Beijing.
Also, it wasn’t until September of last year that the parliament attack findings were revealed to the press and made part of public knowledge. Much of the delay could be attributed to fruitless rhetorical spats with Beijing and a tendency to skirt the identity of the aggressor. Both dynamics are currently at play as well.
Australia in need of long-term cyber-resilience strategy
Considering the fact that there is little concrete evidence to establish Beijing’s direct involvement, Canberra must use ongoing tensions to consolidate a long-term cyber-resilience strategy. It can begin by taking the lead on Mutually Tolerated Vulnerabilities (MTV).
MTV is code for documenting basic threat vulnerability levels that both Beijing and Canberra deem acceptable. There is evidence to suggest that when nations define specific strategic risks and critical vulnerability thresholds, they are better positioned to effect cyber deterrence. Since the latest spike in state-backed attacks has spread over several months, Australia could definitely use some tangible deterrence leverage.
There is also good reason to believe Beijing won’t pass on the offer. First, several of the advisory tactics, techniques, and procedures (TTPs) underlined by the Australian Signals Directorate this week are built into China’s own threat assessment capabilities, indicating a shared understanding of adversarial risk. As Carnegie Visiting Scholar Lyu Jinghua points out, Beijing’s defense of core information infrastructure is also based on the belief that it must ensure information security of critical areas, which is both “defensive and non-destructive.”
Second, the Morrison administration has no recent history of pursuing Beijing with an agreement to document mutually acceptable norms of cyber behavior. Over the years, a documented consensus on cyber offensives has helped assuage bilateral tensions and temporarily reduce active threat presence, as illustrated by the 2015 agreement between Chinese President Xi Jinping and US President Barack Obama. Hence, a joint consensus between Canberra and Beijing on Mutually Tolerated Vulnerabilities can become a vehicle for measuring cyber transgressions, and establishing potential state complicity.
Shortly after last week’s revelations, the Chinese Ministry of Foreign Affairs (MFA) said Beijing “firmly opposed all forms of cyber attacks”, indicating little respite in long-standing bilateral tensions. On the other hand, U.S. Secretary of State Mike Pompeo said he voiced China’s “coercion of Australia” during a secret meeting with Beijing’s top diplomat Yang Jiechi in Hawaii.
In light of two sharply contrasting postures, Prime Minister Morrison walks the tightrope with commendable statecraft. For one, his prompt engagement with Canberra’s Five Eyes intelligence partners is a welcome step for collectively raising threat perceptions. On the other hand, Morrison’s decision not to endorse Secretary Pompeo’s “coercion” thesis saves Australia from a broader digression, which includes a range of extreme Wuhan conspiracies and proposals to suspend business ties with China. It is also fair to point out that Canberra has distanced itself from both of these positions recently.
In a rare move, select officials from the Australian government and opposition appear skeptical of Beijing’s direct involvement. Labor frontbencher Amanda Rishworth said “singling out an individual actor” fails to achieve anything meaningful, at the same time urging the Australian government and businesses to take future precautions.
Defense Minister Linda Reynolds also confirmed “no large-scale personal breaches of data” as a result of the attacks – an assessment backed by the Australian Cyber Security Centre’s advisory this week. The absence of a large-scale breach is of particular significance because most internet experts have cited ‘heavy costs’, an intensifying ‘aggression level’ and access to ‘mind-boggling quantities of data’ as part of their rationale for Beijing’s involvement.
Hence, Defense Minister Reynolds’ remarks and the ACSC Advisory collectively contest that premise, indicating a broader reality for future gains: it is data – not conjecture – that must inform Australia’s pursuit for foreign accountability.
(Image: A man holds a laptop computer as cyber code is projected on him in this illustration picture taken on May 13, 2017; Source: REUTERS )
Subscribe to us to receive our China Focus Newsletters!