Down to business: Australia–China cyber relations
The Australia–China relationship has seen impressive positive momentum over the last year. In April 2014, Prime Minister Tony Abbott led a well-received trade mission to Beijing, and President Xi Jinping reciprocated with a visit to Canberra following November’s G20 summit in Brisbane. Addressing a joint sitting of Parliament, President Xi spoke of elevating the relationship into a ‘comprehensive strategic partnership’ and announced the conclusion of negotiations for the China–Australia Free Trade Agreement (ChAFTA). But the momentum doesn’t necessarily extend to cyber matters, where media headlines suggest only conflict. There’s no doubt that both China and Australia have serious disagreements over commercial cyber espionage, the Snowden revelations, and internet governance among other issues. But cyber isn’t an all-or-nothing issue. There’s room for constructive dialogue between China and Australia, as exemplified by the fact that the two countries have already held their first bilateral cyber dialogue.
Any discussion of China–Australia cyber cooperation needs to be realistic. We won’t agree on everything, but it’d be prudent to take a step back from the rhetoric of cyber war and cyber conflict. Australia isn’t the United States and it wouldn’t be sensible for it to pursue measures similar to the Department of Justice’s indictments of PLA officers or the US-China Commission’s recommendation to explore the use of sanctions in response to commercial cyber espionage. Instead Australia should engage with a focus on commonalities and with the aim of establishing practical, concrete avenues for engagement.
President Xi and Prime Minister Abbott have provided the top-level impetus for cyber cooperation, agreeing to ‘jointly address global challenges including…cyber security’. Top-level and ministerial engagement must be maintained to keep cyber on the bilateral agenda. A baseline understanding must also be built between both sides. That includes establishing clear points of contact, clearing up basic definitional differences, decoding cyber policy and structures, increasing transparency through the sharing of cyber strategies, and engaging in cyber confidence-building measures.
After that foundation is established, Australia and China should habitualise cooperation with a focus on working-level cooperation. The CERT-to-CERT relationship between CERT Australia and CNCERT is an exemplar for how a focus on common challenges and solutions can build a constructive relationship. Of course building such a dialogue beyond this limited space is challenging.
Australia and China should look to the central tenet of the bilateral relationship—economics—to provide the impetus to expand cyber engagement. With Australia committed to the digital economy and China pursuing informatisation, the economic imperative is the most compelling driver of cyber cooperation. Reports from Alibaba, Tencent, and Baidu all point to mobile e-commerce as the driving market for growth. But e-commerce offers rich pickings for cyber criminals. Over the last year in China, 32% of mobile payments were targeted by phishing or other online scams, 11.35 million computers were infected with Trojan horse viruses, and the total cost of losses to cybercrime quadrupled over the comparable 2013 figure. In Australia, the government estimates cybercrime costs around $1.2 billion a year. Continued growth in the digital economy requires a trusted, safe and secure internet environment. Given the geography of cyberspace, international cooperation is vital to achieve that.
The key outcomes of ChAFTA recognise that imperative, calling for Australia and China to develop a framework for the growth of electronic commerce between the two countries and to engage in efforts to boost online consumer protection. To address that need, Australia and China should pursue increased engagement on cybercrime issues and public awareness efforts as the next level of engagement. As more users and services move online, cybercrime will become an increasingly pressing issue in both China and Australia, with the migration to mobile devices making it even more challenging. The Australian Federal Police have a strong track record of engagement on this front and this is a clear area for improvement in the bilateral relationship. Public awareness raising is also a low-hanging fruit that can pay dividends. Sharing of best practices such as the StaySmartOnline initiative will improve overall cyber hygiene and help to build stronger links between Australian and Chinese practitioners.
On the surface, cooperating with China on cyber-crime issues may seem like a small step, but given the immaturity of Australia–China cyber dialogue, its importance shouldn’t be discounted. Cybercrime and public awareness can be the next brick in building a foundation of trust and cooperation. From there the relationship can continue to mature to a point where both Australia and China can respectfully address contentious bilateral cyber challenges.