Australia has made it clear it will “deter and respond to unacceptable behaviour in cyberspace” as part of its International Cyber Engagement Strategy, which was launched by Foreign Minister Julie Bishop in Sydney on Wednesday.
In her strongly worded speech, Bishop also called out alleged Russian interference in recent elections.
“Just as we have international rules that guide how states behave, and how states should behave towards each other, the international rules-based order that’s been in place for about 70 years, so too must states acknowledge that activities in cyberspace are governed by the same set of rules as military and security activities in traditional domains,” Bishop said.
“Having established a firm foundation of international law and norms, we must now ensure that there are consequences that flow for those who flout the rules,” she said.
“Australia has developed offensive cyber capabilities. We are open about that, and this strategy that I’m launching today provides more detail on how we authorise and use these tools. We put this information on the public record because we want to be clear that our capabilities must be used in accordance with domestic and international law, as well as norms of responsible behaviour.”
Australia has been pivotal to the creation of international peacetime norms for cyberspace, including chairing the first United Nations Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security (UN GGE) in 2013, and helping develop the 11 international norms agreed to in subsequent UN GGE meetings.
Having helped develop these norms, Australia is now prepared to help enforce them.
“The international community has made good progress delineating what states should and should not do in cyberspace, but boundaries are being tested,” Bishop said.
“The 2016 US presidential election focused the world’s attention on the potential for cyber operations to interfere with democratic processes. This cannot be allowed to continue. It strikes at the very heart of the sovereignty of nations.”
Australia will guard against attempts to “interfere in Australia’s domestic affairs, or seek to undermine our institutions”, Bishop said.
“Though we champion an open and free and secure internet, I believe it is important for the security of our nation, and the security of all Australians, that cyber space is not an ungoverned space,” she said.
According to the strategy, Australia aims to develop an international “architecture for cooperation”.
“This includes mechanisms to respond to unacceptable behaviour in cyberspace in a timely and agile manner, within the existing framework of international law. Achieving this cooperation requires creative thinking to build a flexible range of existing and novel response tools, and a nimble coordination mechanism to implement them effectively,” the strategy says.
“Australia’s responses to malicious cyber activity could comprise law enforcement or diplomatic, economic, or military measures as appropriate for the circumstances. This could include, but is not restricted to, offensive cyber capabilities that disrupt, deny, or degrade the computers or computer networks of adversaries. Regardless of the context, Australia’s response would be proportionate to the circumstances of the incident, would comply with domestic law, and be consistent with our support for the rules-based international order and our obligations under international law,” it says.
The strategy also hints that Australia has a robust capability to identify the source of cyber attacks.
“Depending on the seriousness and nature of an incident, Australia has the capability to attribute malicious cyber activity in a timely manner to several levels of granularity — ranging from the broad category of adversary through to specific states and individuals.”
As ZDNet previewed last week, the strategy also covers digital trade, cybersecurity, cybercrime, and internet governance and cooperations. It’s particularly robust in the topics of human rights and democracy.
“Some countries deny human rights online. In some countries, people are increasingly subject to undue restrictions on and contraventions of their rights. Illicit monitoring and targeted hacking, the arrest and intimidation of online activists, content censorship, and internet shutdowns are just some of the approaches taken to restrict human rights online. These measures are regularly employed under the pretext of national security, but are often vehicles for states to maintain political control and economic advantage,” the strategy says.
“Australia is committed to seeing freedom of expression protected online, just as it is offline. Australia condemns politically motivated internet censorship, internet shutdowns, illicit monitoring, targeted hacking, and the arrest and intimidation of online activists, journalists, and others.”
Bishop also announced a further AU$10 million in funding for the Australian government’s Cyber Cooperation Program, which aims to improve cybersecurity in the Indo-Pacific region. This is in addition to the AU$4 million over four years announced last year.
CERT Australia is leading the establishment of a Pacific Cybersecurity Operational Network, with 11 nations already expressing interest in becoming founding members.