Transpacific pragmatism on cybersecurity
Each year the US Department of Homeland Security holds a National Cyber Security Awareness Month. By virtue of time zones, this year’s edition got a bit of a headstart, (unofficially) kicking off in Brisbane at the 50th Asia Pacific Economic Cooperation Telecommunications and Information Working Group (APECTEL50). This year saw the Security and Prosperity Steering Group (SPSG) hold an awareness-raising activity via live-webcast on issues ranging from mobile device security to adapting policing to tackle cybercrime. While a useful exercise, given the proliferation of international cyber fora, what value can APEC bring to the cybersecurity space?
Cybersecurity is a natural fit for Asia Pacific Economic Cooperation (APEC), with APECTEL in a clear position to own the space. The organisation has long recognised that its economic goals are dependent on the ‘integrity and security of the e-commerce environment’ and the interdependence of networked economies makes international efforts critical. And while APEC has long faced scrutiny over its existence, there’s real work to be done in smoothing economic transactions, building norms, and sharing best practices.
In the APEC model, members implement measures voluntarily. That sometimes results in uneven adoption. Still, market forces push member economies towards synchronisation. And while such a model can’t be applied to all aspects of cyber policy, there’s plenty of room for APEC’s collaborative and cooperative culture to feed into some much-needed international cyber initiatives.
In fact, APEC has a history of tackling cyber issues, tracing back to 2001 when critical sector protection came to the fore. Cybersecurity became a regular feature in APEC statements on counterterrorism and, behind a push by the United States, the 2002 APEC Telecommunications and Information Ministers endorsed a broad APEC Cybersecurity Strategy. In the spirit of the organisation, the document was fully voluntary but it did outline seven clearways forward for economies and avenues for cooperation on cyber issues. In 2005, the document evolved into the Trusted, Secure and Sustainable Online Environment (TSSOE) that provides a solid reference point for APEC-member economies on cyber issues.
Many will understandably baulk at such documents, seeing them as far too soft to meaningful change. However the networks of habit built and the sharing of best practices can and do lead to much-needed progress. There’ll never be a single solution to ‘solve cyber’ and APECTEL shouldn’t attempt to find one. Instead it should play to its strengths, using the prism of economics and non-binding discussion to bring together traditional rivals in the cyber domain to push for pragmatic solutions to critical matters.
Areas of natural confluence, as demonstrated at APECTEL50, include issues of mobile security (long on the agenda for SPSG), Domain Name System Security Extensions (DNSsec), and Internet Protocol version 6 (IPv6). Capacity building, information sharing, CERT to CERT cooperation, and even cybercrime initiatives can also be folded easily into the group’s efforts. There’s an acute awareness of the vitality of security in maintaining confidence in, and the vibrancy of, digital economies, and within a collaborative environment dominated by pragmatic line agencies, clear avenues for cooperation can be built. The space allows for commonalities to come to the fore and progress to be made without letting specific disagreements scuttle all efforts. By selectively focusing on areas where cooperation can succeed, incremental progress can be made and new benchmarks be set, rather than waiting for wholesale consensus on all aspects of any effort. APECTEL acts as a facilitator to build partnerships and adapt general best practices to economy-specific contexts.
APEC’s primary mandate is ‘to support sustainable economic growth and prosperity in the Asia-Pacific region,’ and as Communications Minister Malcolm Turnbull has said, ‘there isn’t a digital economy, there is an economy and its digital.’ Taken together, the confluence of interest is clear. APECTEL’s pragmatic working culture allows for progress without letting the quest for perfection become the enemy of the good. That approach was on show in spades in Brisbane. And while not nearly as sexy as cyber war, cyber espionage or the ideological bickering rampant at other international meetings, it’s equally if not more vital to the vibrancy of the global economy. APECTEL51 in the Philippines will again fly largely under the radar, but under the leadership of an ambitious TEL chair in Malaysia and armed with a capable SPSG steering group, this is certainly a space to watch.