This report examines anti-ship cruise missiles (ASCM) possessed by the People’s Liberation Army (PLA), which is China’s armed forces, and the serious threat posed to Australian and allied naval forces operating in the Indo-Pacific region.
The PLA has spent over 20 years preparing to fight and win wars against technologically advanced adversaries, such as the United States and its allies. PLA preparations have included long-term investments in various capabilities that would be needed to facilitate and sustain ASCM strike operations, even whilst under heavy attack from technologically advanced powers.
This report has recommended a series of upgrades to Australian Navy capability. In the short term, military-off-the-shelf upgrades might significantly enhance the survivability of existing surface ships. In the medium term, a mix of crewed and uncrewed assets could not only deepen fleet magazines but also underpin offensive naval and air defence operations. In the longer-term, a range of options could be acquired to help break the PLA’s kill-chain – this refers to disrupting the PLA’s ability to find, track and engage naval assets with ASCMs.
https://aspi.s3.ap-southeast-2.amazonaws.com/wp-content/uploads/2024/12/14215858/VAMPIRE-VAMPIRE-VAMPIRE-banner.png4501350nathanhttps://aspi.s3.ap-southeast-2.amazonaws.com/wp-content/uploads/2025/04/10130806/ASPI-Logo.pngnathan2022-04-05 06:58:002024-12-14 22:04:10VAMPIRE VAMPIRE VAMPIRE: The PLA’s anti-ship cruise missile threat to Australian and allied naval operations
A case for elevating the cyber–maritime security nexus
Summary
A safe and secure Indo-Pacific maritime domain is vital to the UK, Australia and Southeast Asian states for their national prosperity. While there are common objectives, the three parties have different priorities, capabilities and areas of expertis.
There’s a long history of multilateral cooperation between Southeast Asia and Australia, among other key partners. In the post-Brexit context and in the light of the UK Government’s Indo-Pacific tilt, London would do well to harmonise its maritime engagements with allies such as Australia and align its activities with priorities of Southeast Asian partners.
While maritime security cooperation at sea tends to be dominated by activities, programs and operations of navies, we recommend taking a comprehensive approach to maritime security cooperation that includes partnerships with non-military actors and considers civilian-related aspects of maritime security.
In finding a value-added role in the crowded space of maritime security cooperation and capacity building, we suggest exploring UK–Australia–ASEAN cooperation on issues of technology, cybersecurity and maritime-based digital infrastructure. Those are transformational aspects that will define the future of maritime activities in the Indo-Pacific and affect Southeast Asia’s safety, security, livelihoods and regional economic competitiveness.
This scoping report recommends UK–Australia–ASEAN cooperation to elevate and further explore the cyber–maritime security nexus.
Introduction: Understanding maritime security in the Indo-Pacific
The Indo-Pacific strategic concepts promulgated by Japan (reaffirmed in 2016)1, the US (2017)2, Australia (2017)3, India (2018)4, Germany (2020)5, the Netherlands (2020)6, the EU (2021)7, France (reaffirmed in 2021)8, the UK (2021)9 and others demonstrate the region’s geostrategic significance. While the various concepts differ significantly in scope, essence and strategy, they share one commonality: the idea of connected oceans in which Southeast Asian nations sit at the heart and form the epicentre of great-power competition that has come to define the Indo-Pacific. The region has become a ‘crowded space’ as the long-term and newer actors increase various engagement initiatives.
But Southeast Asia isn’t only an arena of competition: the region—collectively and as individual economies—has agency. ASEAN nations are able to steer competitors and partners towards meeting their own priorities.10 They’ve also been able to steer the global involvement towards political–military, economic, infrastructure and environmental agenda. While their overarching interests converge, the UK, Australia and their closest allies should acknowledge there may at times be divergences in approaches, activities and underlying values compared to those of ASEAN states.
In ASEAN’s 2019 Outlook on the Indo-Pacific, the 10 member states recognised the maritime domain as the foremost area for cooperation.11 However, the exact meaning of ‘maritime security’ is far from neatly defined. Discussions on maritime security have mainly focused on law enforcement at sea, the protection of sea lines of communication (SLOCs), the adequate management of fisheries and offshore resources, and the maintenance of sovereign maritime borders. By and large, issues of maritime security tend to focus on areas of regional security, transnational crime activities, economic and resource management, the marine environment and marine safety.
The maritime agenda is shared by ASEAN and its partners in the most extensive (by membership) security-focused institution—the ASEAN Regional Forum (ARF), which includes Australia, Canada, China, the EU, India, Japan, New Zealand, the Republic of Korea, Russia and the US along with the ASEAN member states (Figure 1). Table 1 summarises the main forums for maritime security cooperation in the region.
Figure 1: The ASEAN Regional Forum members’ maritime security priorities
Data source: Annual security outlook 2021, ASEAN Regional Forum, 2021, online. Clustering and categorisation by the authors.
Table 1: Key forums for maritime security cooperation
a ‘15th ASEAN Regional Forum’, ASEAN, Singapore, 24 July 2008, online. Source: Authors’ compilation.
The UK’s Indo-Pacific tilt
The UK government’s Global Britain in a competitive age: the Integrated Review of Security, Defence, Development and Foreign Policy presents the Indo-Pacific as a region of increasing geopolitical and economic importance over the next decade and suggests that competition will play out in ‘regional militarisation, maritime tensions and contest over the rules and norms linked to trade and technology’.12 Therefore, seeking closer engagement with states in Southeast Asia is an essential part of a strategy that seeks to position the UK as a global actor in the era of strategic competition.The UK government’s Global Britain in a competitive age: the Integrated Review of Security, Defence, Development and Foreign Policy presents the Indo-Pacific as a region of increasing geopolitical and economic importance over the next decade and suggests that competition will play out in ‘regional militarisation, maritime tensions and contest over the rules and norms linked to trade and technology’. Therefore, seeking closer engagement with states in Southeast Asia is an essential part of a strategy that seeks to position the UK as a global actor in the era of strategic competition.
Anchors for the UK’s renewed engagement with Southeast Asia in maritime security
The UK became ASEAN’s newest dialogue partner in 2021,13 in what was a first milestone after the announcement of the government’s ‘Indo-Pacific tilt’.14 In the context of the UK’s exit from the EU, London has been looking at the right justifications for its priorities and for ways to meaningfully distinguish itself from, as well as coordinate where possible with, the Indo-Pacific approaches that the EU, France, Germany and the Netherlands have initiated in parallel.
While the Indo-Pacific tilt is new, the UK’s presence in the region, particularly its maritime presence, is not. London maintained a limited presence in Southeast Asia after the UK’s withdrawal in the 1960s and 1970s in the form of small-scale deployments aimed at maintaining bilateral engagements with selected countries. In the past two decades, the UK has also participated in established multilateral exercises that involve ASEAN countries, such as Exercise Bersama Lima and SEACAT (Table 2 and Figure 2). Those exercises involve a large number of ASEAN states and external partners and focus on capacity building in various maritime domains. They aim to address many issues, including current concerns about regional stability and security and long-term efforts in humanitarian assistance and disaster relief (HADR). The recent deployment of HMS Tamar and Spey to the Indo-Pacific are examples of the UK’s engagement with the Pacific. It would be interesting to see if it could become a possibility for future expansion of the scope to the wider Indo-Pacific.
Table 2: Selected flagship and regular multilateral exercises involving Australia, the UK and ASEAN countries
a The exercise was established under the Five Power Defence Arrangements (FPDA). It’s been through many iterations since the first Exercise Bersatu Lima in 1972, including multiple expansions and renamings over the years. Exercise Bersama Lima was inaugurated in 2004 and was replaced by Exercise Bersama Gold in 2021 to celebrate the FPDA’s 50th jubilee. Source: Authors’ compilation based on official information.
Figure 2: Key multilateral exercises by Australia or UK with ASEAN countries in the Indo-Pacific
This map includes naval exercises by the UK, Australia with Southeast Asian partners in the Indo-Pacific conducted since 2013. The multilateral and enduring exercises are marked in orange. The data set can further be filtered for partners involved, key exercise themes and frequency.
The UK’s new maritime security effort to engage ASEAN states has revolved around Operation Fortis which involved the CSG 21 to conduct a variety of exercises in and around Southeast Asia between June and December 2021. This included bilateral passing exercises (PASSEX) with Thailand,15 Malaysia16 and Vietnam17 navigating through the South China Sea in 2021.18
A factor in this effort is the UK’s ability to maintain sustainability and a regular at-sea presence. London’s early diplomacy and activities under the Indo-Pacific tilt still needs to be calibrated. With the new initiatives, however, London also needs to be sensitive to perceptions and even reputational risks in the region. Part of the scepticism about the UK’s role in the Indo-Pacific arises from the fact that the ‘Global Britain’ aspiration has a predominantly Euro-Atlantic focus.19 The arguments also stress the UK’s stronger reliance on the US at the expense of its interconnectedness with Europe.
Australia’s Indo-Pacific policy
As a maritime nation at the juncture of the Indian and the Pacific oceans, Australia pursues comprehensive and proactive maritime security engagement in the region. Canberra’s most recent policy expressions—the 2017 Foreign Policy White Paper20 and the 2020 Defence Strategic Update21—have emphasised the importance of the maritime rules-based order and the value of cooperation with regional partners. Australia perceives the maritime domain as one of the key battlegrounds for China’s coercive practices, particularly in the South China Sea.
The Royal Australian Navy has a history of participation in maritime security exercises in the region, including multilateral exercises. Unlike the UK, Australia served as host and initiator of exercises that engaged numerous ASEAN states and other Western allies, for example Indo-Pacific Endeavour and Exercise KAKADU (see Figure 2). The exercises also had sizable scale and scope, including antisubmarine warfare and live-firing training with the intent of sharpening proficiency and interoperability. These are signs of significant commitment.
Compared with the UK, Australia has the advantage of being a residential actor in the region. Combined with an enduring track record of working with a closely knit network of regional partners across different agendas, as well as the recently annualised Australia–ASEAN summit, the engagement from Australian partners has stretched beyond official channels through civil society, research, industry and think-tank communities.
In fact, stability in the maritime domain, particularly in the South China Sea, has been a common concern for Australia and the UK. Opposition to China’s militarisation of the artificial islands, the dangerous use of coast guard and maritime militia that undermined countries’ maritime rights and freedoms were reiterated in the most recent Australia-UK Ministerial Consultations (AUKMIN) in January 2022.22 Boris Johnson’s government recognises the value of Australia’s long standing connection to Southeast Asia. In the bilateral virtual meeting in February 2022, the UK committed £25 million to strengthen regional resilience in areas including cyberspace, state threats and maritime security.23 This complements Australia’s ongoing efforts in supporting regional security and reaffirms mutual shared commitment to working with ASEAN.
Anchors for Australia to partner with the UK and Southeast Asia
Australia—ASEAN’s first dialogue partner—has had a history of engagement, including naval exercises and maritime capacity building, for decades, including invitations to Southeast Asian partners to join as observers to local and regional exercises.
In recognising the importance of regional engagement, Australia secured commitment from Southeast Asian partners to directly address threats against their territory. Australia’s engagement focus has also shifted from support to countering illegal activities at sea and providing HADR to strengthening regional maritime security and stability. This probably reflects the intensity and volatility of the Indo-Pacific waters.
Australia doesn’t have claims in the regional maritime disputes in the South China Sea, but it has vested interests in supporting the applicability of the UN Convention on the Law of the Sea (UNCLOS24) and the safety of sea lines of communication (SLOCs) for trade and passage. As co-chair of the ARF inter-sessional meeting on maritime security 2018-21, Australia has overseen a variety of confidence-building, regional support, training and workshop activities on UNCLOS that were initiated by individual ARF member states.25
In the past, Australia has lent a diplomatic voice to Southeast Asian partners, including by supporting and calling for the implementation of the 2016 Permanent Court of Arbitration ruling in the case between the Philippines and China.26 Australia as a maritime nation is invested in securing the commercial interests of maritime trade,27 and the security of the maritime domain has also come to the forefront of strategic competition. This is in sync with the UK’s diplomatic support for a legal approach to the management of disputes. The UK has also supported the PCA ruling, as well as Southeast Asian nations’ note verbale to the UN in objection to China’s excessive claims.28
In Australia’s recent efforts to play a more influential role in Southeast Asia,29 the government announced a range of financial ‘packages’ that constituted the largest Australian funding for the region since assistance after the 2004 Indian Ocean tsunami.30 Measures announced by Prime Minister Scott Morrison in November 2020 included a A$65 million investment to further support regional maritime states to develop their marine resources sustainably and to address challenges, including through enhanced training, technical advice and cooperation.31
In Southeast Asia, where postcolonial sensitivities linger, it’s important for both London and Canberra to calibrate new initiatives with adequate diplomacy and make sure the engagements are sustained for mutual benefit. This is particularly pertinent when the concept of the ‘Anglosphere’ is invoked.32 The following section highlights the complexity of Southeast Asian positions towards UK–Australian ambitions to play a stronger role in the region. Their adequate understanding is critical for sustainable and effective engagement frameworks.
Southeast Asian views of the recent UK and Australian maritime security engagement
Southeast Asian nations’ attention to the UK’s role and interests in the region was heightened after the deployment of the UK’s Carrier Strike Group 21 (CSG-21) in 2021. Although the UK’s military role in Southeast Asia isn’t new, CSG- 21’s presence in Asian waters produced a wave of reactions. During its 28-week deployment, CSG-21 visited some 40 countries and took part in more than 70 defence diplomacy activities across Europe, Middle East and Asia, which included training exercises and port visits. It was the UK’s largest operational naval deployment to Asia since the 1997 handover of Hong Kong.33
While the deployment was welcomed in some capitals, others expressed concern. Jakarta found the British naval presence worrying and perhaps contributing to further militarisation of the region. Indonesia was never fond of the Five Power Defence Arrangements (FPDA) established in 1971, which involved the UK, Australia, New Zealand and its neighbours Malaysia and Singapore, but excluded Indonesia. The renewed activeness and ambitions of the UK in this domain invoked postcolonial discomfort. Indonesian strategists are concerned about an increasing ‘strategic overcrowdedness’34 caused by the renewed interest of ‘external powers’ in Southeast Asia. There is a feeling that too many naval ships exercising in the disputed waters may lead to incidents or accidents.
Hanoi, on the other hand, viewed the UK’s maritime activity positively. The Vietnamese government has applied a strategy of involving, rather than alienating, ‘external powers’. Due to power imbalances and China’s growing dominance in the South China Sea, its active militarisation activities and relentless challenge to other countries’ offshore resource rights, Vietnam has actively sought external partners’ involvement and engagement in the region. Moreover, for Hanoi, good relationships are also a function of improving trade relations. Vietnam and the UK have recently finalised a bilateral trade agreement, opening the post-Brexit British market to Vietnamese products and integrating the UK with the Asian economy.35 Singapore was also among the more welcoming Southeast Asian nations, although it stresses the need for a UK presence to be ‘principled, persistent and purposeful’.36
However, regional nations’ attention was most sharply focused by the announcement of the Australia–UK–US trilateral security partnership (AUKUS) in September 2021.
Predictably, individual countries reacted with varying degrees of concern. The dominating concern is that the new security arrangement could be a catalyst for a nuclear arms race in the region and might provoke some countries to act aggressively, especially in the South China Sea. Malaysian Prime Minister Ismail Sabri Yaakob expressed that view directly to Scott Morrison, while Indonesia’s Foreign Ministry stated that it was ‘deeply concerned’ about the ‘continuing arms race and power projection in the region’.37 Both cited commitments engraved in ASEAN norms: the Zone of Peace, Freedom and Neutrality (ZOPFAN) in 1971 and the Treaty of Amity and Cooperation (TAC) in 1976, to the latter of which Australia acceded to when it joined the East Asia Summit (EAS) in 2005.38 They called on Canberra to refrain from adding to regional tension. It was kept in the dark about AUKUS despite the fact that it had a ‘2 + 2’ dialogue (defence and foreign ministers’ meetings) with Australia just before the announcement.39 However, in the following months, after some efforts towards direct communications from the Australian Government, Indonesian Defence Minister Prabowo Subianto has been reported as saying that he understands and respects AUKUS.40 Cambodia was alarmed by AUKUS and the nuclear-powered submarine deal and invoked international commitments to non-proliferation.
The Philippines produced self-contradicting statements from the government. President Rodrigo Duterte labelled AUKUS as an ‘arms race’, while Secretary of Defence Delfin Lorenzana and Foreign Minister Teddy Locsin both said that Australia has every right, and capacity, to shore up its own defence.41 Thailand, a treaty ally of the US, maintained an enigmatic attitude, making no direct statements or comments on the AUKUS announcement. Singapore42 and Vietnam43 were more measured. Both agreed that each country is responsible for its own security, as long as it doesn’t contribute to a regional arms race. Both are strategically astute and are aware of the growing security concerns in the region and the region’s limited capability to respond to those challenges. So, while they comprehend the AUKUS rationale, they both emphasise the need for keeping nonproliferation commitments, as well as the need for greater transparency in communicating new security partnerships that may affect the region as a whole.
Despite disparities in their assessments of the strategic value of AUKUS, the overall Australia–ASEAN relationship is wide-ranging and didn’t seem to suffer, and, just a month after the AUKUS announcement, the elevation of the relationship to a comprehensive strategic partnership was announced.44
The fact that there was no joint ASEAN statement on the issue reflects divergence of views internally. This granularity of regional interests and views is to remind London and Canberra that receptiveness to their individual as well as collective initiatives will remain varied. Given those political sensitivities, and the concern that the UK’s Indo-Pacific involvement has been too defence-focused, it would be good for London to consider areas for maritime security cooperation and capacity building that would include more civilian elements of maritime security. It is also the reason why our report recommends practical areas of cooperation—ones that prioritise collective benefit.
It is important to note that, despite Southeast Asian diplomatic narratives, there are real concerns about the fragile regional stability. China’s active militarisation in the South China Sea and gradual control of the waters put increasing pressure on the littoral states. Recent reports suggest that Beijing has fully militarised three islands with anti-ship and anti-aircraft missile systems, laser and jamming equipment and fighter jets,45 which undeniably adds to the already asymmetric balance of power in the region. In such a context, cooperation with external partners on all fronts, particularly when the resources are limited and especially in the post-Covid circumstances, should be welcomed.
And there’s no shortage of areas where Southeast Asians would be open to cooperative efforts and collaborative mechanisms. Many studies have defined the prospects and challenges around the application of international law, resolving territorial disputes, maritime deterrence, protecting offshore resources, combating unregulated fishing, piracy, transnational crime, strengthening law enforcement, and addressing the more pressing environmental crisis.46
While we agree with the severity of these issues and the need for the involvement of multiple stakeholders involvement in this report, and through the specific prism of UK-Australian-ASEAN cooperation, we suggest a focus on the nexus of maritime security and cyber and emerging technologies. This is an under-studied area but which has the potential to drastically shape the nature of maritime security in the years ahead. It is related to the safety and security of deep-sea vessels at sea and maritime commercial on-shore infrastructure as well as the monitoring of human and natural activities at, below and above sea level; the security of sea lines of communication, maritime supply chains and increasingly critical submarine communications infrastructure.
Exploring UK-AU-ASEAN maritime security cooperation: a case for cyber and technology capacity building
Our main recommendation for UK–Australia–ASEAN collaboration is to explore the newer and rapidly developing, but far less chartered areas of cybersecurity and emerging technologies and their application in the maritime security domain.
In cyber and technology issues, the UK and Australia have a demonstrated track record and expertise, experience and approaches. It’s also an area in which the UK and Australia can reasonably expect to have resources, drawn from the public and private sectors, to sustain this effort. Most of all, it’s also an area of growing interest from partners in Southeast Asia which are putting digital transformation and Industry 4.0 at the forefront of their (post-Covid) development strategies.47
At the nexus of cyber, technology and maritime security, limited qualitative data currently exists on cybersecurity in Southeast Asia or the take-up of emerging technologies in the maritime sector. Given the UK’s and Australia’s global credibility in this space, and the importance of cyber and tech for the future stability of the region, we explore four potential areas of cooperation: cybersecurity and digital transformation in the maritime industry; digital and emerging tech in the maritime domain; supply chains; and the security of submarine digital infrastructure.
Cybersecurity and the maritime industry’s digitisation transformation
The digitisation of shipping processes and the automation of oceangoing vessels, operators, insurers, certifiers, onshore facilities, and maritime safety and security agencies have surged in the past few years. IT and OT (operational technology48) systems have become critical to the functioning of ships and the safety of their crews and cargoes, and also help shipping to navigate safely and securely through troubled Indo-Pacific waters. That said, given the lifespan of industrial assets (for ocean-going vessel about 25–30 years), much offshore and onshore infrastructure operate with legacy software, which is a known ICT security risk.49
Various maritime-specific cybersecurity incidents have occurred that have resulted in the malfunctioning of critical control systems, in ships and onshore facilities; the exfiltration of sensitive data that’s monetised by criminals, including pirates; the manipulation of systems to allow for trafficking and smuggling activities to occur unnoticed; commercial and military espionage, for instance of ship designs, lading and trading routes; spoofing of navigation systems; and manipulation of identification transmissions.50
The maritime sector is known to lag other comparable industries in its level of cybersecurity maturity. ‘C-suite’ boardrooms still don’t adequately acknowledge cybersecurity as a business continuity risk.51 That isn’t unique to the maritime industry and, in fact, is unfortunately common practice across Southeast Asian industries. However, the potential consequences of cybersecurity incidents for ships, logistics or port facilities are massive and long term.
An incident in 2021, in which the MS Ever Given obstructed traffic in the Suez Canal, immediately reverberated through global supply chains and demonstrated the dependence of the world economy’s on accurate forecasting capabilities.52 There’s little room for errors or delays. The maritime domain in and around Southeast Asia is becoming of greater geopolitical and geo-economic importance, and there’s an increased likelihood that non-state and state actors will try to disrupt, manipulate or coerce actors. With the automation of navigation and the vulnerability of navigation systems, for instance to spoofing, a crisis could be easily caused.
Other examples include some shippers being complicit in manipulating their own IT systems. In 2018, a Singapore-managed oil tanker spoofed its GPS data to conceal from authorities a mid-sea transfer of petroleum to a North Korean ship, thereby circumventing UN sanctions.53 The same thing occurred with an Iranian ship in 2013 off the coast of Malaysia.54 Those tactics are also being used to disguise illegal, unreported and unregulated fishing, which is an issue pertinent to maritime security for most Southeast Asian nations.
Initial efforts to boost cyber resilience by the Southeast Asian shipping industry are underway, but they’re far from concerted. In late 2021, Singapore’s Maritime and Port Authority organised a first cybersecurity exercise involving two port terminal operators and a shipping company.55 In 2021, the International Maritime Organization issued recommendations for maritime cyber risk management, mirroring standing international good practices but with compliance and enforcement remaining voluntary.56
A first stepping stone for cybersecurity capability is access to incident-response resources. In 2018, a private-sector initiative was announced by Wärtsilä Corporation and Templar Executives to establish an international maritime cyber centre of excellence, including a maritime-sector computer emergency response team, based on similar capabilities for the financial sector.57 The UK Government has supported British cybersecurity company CyberOwl to establish a footprint in the region.58 The Australian Government has been promoting business opportunities in Southeast Asia for the Australian local cybersecurity industry, too, although that effort is yet to have a specific maritime focus.59 At DEFCON, one the world’s largest annual hacking and security conferences, a Hack the Sea competition is being organised to specifically test cybersecurity in a maritime environment.60 For now, however, these efforts are just a drop in the ocean, given the magnitude of Southeast Asia’s maritime activity and the lack of an industry- and region-wide approach and apprehension of the risk.
Emerging digital technologies in the maritime domain
Digital and emerging technologies are starting to disrupt conventional business models and operations in the maritime industry. Gains in efficiency are achieved through the introduction of digital components in the shipping ecosystem, such as smart ships and e-ports.61 Next-level steps will include the introduction of partly autonomous surface ships, additional robotics and further automation of loading and offloading procedures.
Access to ‘maritime big data’, in combination with applications based on artificial intelligence and machine learning (AI/ML), will help to inform decisions on most efficient routing, precise and reliable forecasting of scheduled arrivals, subsequent docking, off-boarding, load forwarding and reloading decisions, and risks related to maintenance and accidents.62 These emerging technologies also play a fundamental role in gathering and analysing meteorological, oceanographic and hydrographic data. They are also being applied to efforts related to responsible fishing (and combating illegal, unreported and unregulated fishing), the tracking of maritime pollution and the monitoring of maritime economic resources and biodiversity. For instance, Verumar, a programme focused on increasing situational awareness and fisheries management and supported by the UK’s Space Agency, identified nine groups of technologies that are disrupting fishing and other marine economic activities. They include space-based observation technologies, such as low-Earth orbit (LEO) satellites; global navigation satellite systems, such as GPS, Galileo, Beidou and GLONASS; sensors and Internet of Things (IoT) devices; 5G connectivity; and data infrastructure and data processing (AI/ML, analytics.)63
These opportunities for broader and deeper maritime domain awareness (MDA), both onshore and offshore, have been at the centre of ongoing ARF attention. MDA is currently perceived fairly narrowly and restricted to highly traversed routes and those maritime areas under the supervision of coastguards. Human activities, marine animal movements and climatic trends occurring farther out to sea and below the surface remain largely unknown. LEO satellites will provide greater connectivity and coverage, especially in less serviced and remote areas,64 and better AI/ML is already helping to map and forecast movements in the ocean, such as sea-level change, currents65 and pollution dispersion.66 Unfortunately, Southeast Asia is also the world’s epicentre of marine pollution, especially plastics.67
The application of those technologies can also extend to assisting maritime operators in complying with existing international and domestic security provisions, such as the UN sanctions list, and helping maritime security agencies with oversight and compliance.68
Boosting the adoption of emerging technologies in parallel with improving cybersecurity in Southeast Asia’s maritime domain will contribute to strengthening overall awareness of civil and maritime security agencies, which not only supports security operations and law enforcement efforts but also offers new opportunities for more effective forms of marine protection and sustainable maritime socio-economic development. In global technology and standards-setting debates, the UK, Australia and Southeast Asia should consider how to reflect maritime requirements in those negotiations.
The Southeast Asian maritime sector will probably be best served by applications that rely on open, interoperable and secure digital infrastructure, given the sector’s global character, the many and diverse port infrastructures in Southeast Asia operated by many multinational service providers, and the traffic density in regional waters.
In the light of increasing risks of rising political, military and economic tensions in the Indo-Pacific, maritime nations in Southeast Asia should seek multinational and multi-stakeholder partnerships to adequately consider and address the potential risks of digitalising critical economic sectors. It appears Southeast Asian partners would benefit from access to expertise and opportunities to exchange experiences with peer communities in North and Northwestern Europe as well as in Oceania.
Digital technology and maritime supply chains
The maritime sector is a critical avenue for shipping resources and components for the world’s production and deployment of ICTs, tech hardware and batteries. For instance, supplies of critical, strategic or pivotal metals extracted in Australia that need to be transported to processing facilities in Southeast Asia and China. As acknowledged by the Australian Government, ‘technology supply chains are increasingly global, interdependent and complex’ and that there’s a need for transparency as ‘some states seek to leverage supply chain vulnerabilities for strategic advantage and as a possible vector for coercion.’69
In January 2022, due to delays and disruptions in global shipping, Australia’s Lynas Rare Earths opted to charter its own vessel and secure continuity of supply to customers through a processing facility in Malaysia.70 Overall, the industry is expected to need to meet demands for faster and more accurate and predictive shipping. As in particular Southeast Asia has been riding the wave of e-commerce71 , major manufacturers will require logistics partners that can ship more smaller loadings more instantly. That requires maritime transporters to be more flexible and agile. An ‘Uberisation’72 of maritime transport is already taking shape which may involve, in due course, a greater number of shippers operating with more small- and medium-sized transporters.73
Onshore, attention is shifting to the digitisation of processes at ports. This includes the establishment of interoperable data hubs where shippers, ports, buyers and sellers can instantly exchange data and communicate across the different transport segments; effective track and trace systems; the digitisation of the paper trail that accompanies international shipping, such as customs clearances and bills of lading; and the use of blockchain technology to ensure the safety and integrity of official documents and compliance with regulations.74
Altogether, these technological applications contribute to improvements in the transparency and security of financial transactions, including through government efforts to tackle trafficking, money laundering, tax evasion, organised crime and terrorism financing.
Security of marine-based digital infrastructure
A fourth component at the intersection of maritime security and cyber and tech is the security of submarine infrastructure. This mainly refers to the fibre-optic comms cables and relay stations that have been laid on the ocean floor and now transport 95% of the world’s data (Figure 3).75
Southeast Asia is not only a choke-point for maritime trade but also for internet connectivity. With a high concentration of fibre-optic cables landing in and traversing through the region, Southeast Asia is gradually developing into a hub for hyperscale data providers in the region’s digital economy.76 At the same time, Southeast Asian nations have been tightening ICT-related regulation and have imposed requirements on technology and connectivity providers that amount to establishing sovereign borders on the internet.77
While deliberate disruptions to physical submarine communication systems won’t be difficult to cause, especially when exact locations are known, cables are more likely to get damaged as the result of natural disasters or accidental collisions.78 The Indonesian government recognised that vulnerability when, in March 2021, the Ministry of Fisheries and Maritime Affairs tasked the Indonesian Navy’s Hydrography and Oceanography Centre to map and potentially rearrange its underwater geophysical landscape of cable and pipes to mitigate potential threats.79 For unconfirmed reasons, Chinese survey vessels have been extensively surveying contested waters in the South China Sea.80 The survey areas coincide with the locations of major internet cables that connect mainland China with the rest of the world, predominantly through Singapore.
Another important factor to consider is the increasing imbalance in demand and supply. While private and public investors are keen to expand the regional cable network, the market is dominated by only five companies that provide cable-laying and maintenance services: Nokia Alcatel (Finland, France, UK); TE-Subcom (Switzerland, US); NEC (Japan); Fujitsu (Japan); and Huawei Marine (China). Submarine communications infrastructure has become a matter of geo-economic importance, particularly in places that are contested or have a low density of connection points. Australia, Japan and the US have ramped up investments in new and redundancy cables in the Indo-Pacific in efforts to head off competing Chinese investments.
Given the inherent physical vulnerability of the cable system and its critical importance to economies across the Indo-Pacific, boosting its resilience is an important priority. This includes up-to-date domain awareness, regular and updated security and safety reviews, consideration of the expected global shortage of maintenance and repair resources and adequate redundancy. With Britain’s world-leading expertise in hydrography and as host to the International Cable Protection Committee, the UK government could facilitate and stimulate greater knowledge in the Indo-Pacific of the maritime security dimensions of (dense networks of) submarine cables and shape effective regional risk mitigation responses.
Recommended next steps for cooperation
Integrating cyber and tech considerations into maritime security engagements offers the UK, Australia and Southeast Asia ample opportunities to construct a holistic agenda that will help to underpin regional security, and ward off threats to it. Moreover, given the nature of the agenda, it doesn’t require either a permanent, or even a physical, presence in the region.
The cyber and tech area enables the three partners to start collaborating in practical efforts that are shareable and scalable, are inherently civil in nature, and don’t require full political alignments from the outset. It’s a suitable area not only for regional but also for interagency cooperation.
Three recommended areas for next steps are:
Investigate the needs and interests for a Southeast Asia-focused maritime sector-focused information sharing and analysis centre (ISAC). ISACs are non-profit organisations formed by critical infrastructure owners and operators to share information between government and industry.81 The ISAC should look at potential financial, staffing and infrastructure requirements. Given the current level of cybersecurity awareness and apprehension of the industry, a maritime-sector ISAC may initially require public funding before it can operate on a not-for-profit commercially viable basis. Such a service could be explored as part of a review of the mandate of ReCAAP.
Explore developing a program of work on standards and norms related to emerging technologies and their impact on the maritime sector and maritime security, for instance through the Global Partnership on AI of which the UK, Australia and Singapore are members, and with a focus on maritime domain awareness.
Facilitate the establishment of (informal) maritime and tech security communities of practice on issues such as cybersecurity trends and responses, and the security of submarine cable infrastructure and risk mitigation; and between individual governments’ hydrographic offices.
A further and deeper exploration of operational objectives for these areas is required, alongside a review of potential partners and delivery mechanisms. It will be crucial to work with existing and emerging local capabilities that can be supplemented by targeted UK and Australian expertise and enablers.
Since most cyber and tech dialogues take place outside of Southeast Asia’s conventional governance forums, it’s important for the UK to ascertain its ambitions, roles and representation, ideally in close coordination with Australia.
Conclusion
In this report, we’ve considered the landscape for maritime security cooperation, with a focus on exploring opportunities for new, practical and critical areas for cooperation that equally leverage the strengths of the UK, Australia and Southeast Asian partners. We’ve looked at potential areas of common interest in the military and civilian domains and reviewed the UK’s and Australia’s own national strategies in the Indo-Pacific and their respective national assets, as perceived by Southeast Asia. We’ve also noted that maritime security capacity building is seen as a crowded domain in which many international actors are already seeking to win the hearts and minds of partners in Southeast Asia.
There is a plethora of areas where the UK, in partnership with Australia, could contribute to maritime security in Southeast Asia. We suggest a reinvigorated plurilateral cooperation among the UK, Australia and Southeast Asian countries to focus on newly emerging areas that are yet underserved with attention, resources and policies. This isn’t a one-way engagement in which Southeast Asia is merely the beneficiary or recipient of engagements or technical assistance.
We’re making the case for elevating cybersecurity and emerging tech dimensions of maritime security. Managing the advent of new technologies in Southeast Asia’s maritime operations—military, civil and commercial—and securing the confidentiality, integrity and availability of systems and networks will increasingly underpin the safety and security of the maritime domain, including the legal aspects of maritime borders. Securing the digital components of the maritime domain is of common interest to all stakeholders, which is exemplified by our joint political and economic dependence on the region’s undersea fibre-optic cable systems.
For future steps, we recommend further in-depth studies to explore key priority areas for cooperation and to grasp the diverging and converging perceptions of urgency among Southeast Asian, Australian and British maritime security community groups. Such a survey should look with granularity at capacities, interests and priorities of and among ASEAN member states. A follow-up quantitative survey would be able to demonstrate the views of larger groups of stakeholders—governments, security services and the maritime industry—across the region. This would involve a systematic study that extends beyond security dialogues, discussions and roundtables of known experts and policymakers.
An in-depth study would be able to recognise individual countries’ preferences, measure capacity gaps among them and thus precisely identify the most effective modalities of cooperation. By having an understanding of converging priorities, the UK and Australia will be able to design an engagement and capacity-building framework that’s as sustainable as possible. That way, the UK and Australia could better position themselves as preferred partners of choice in maritime security in the Indo-Pacific.
Above all, we emphasise that, regardless of the issue-specific area of maritime security cooperation, engagements by the UK and Australia and jointly with Southeast Asia need to be enduring and continuous, based on mutual understanding and built on existing practices. Those are the key foundations for a lasting and effective cooperation with mutual benefit at the core.
Acknowledgements
The authors thank Dr Collin Koh Swee Lean (RSIS), Dr Anthony Bergin (ASPI), Charles Brown (Booz Allen Hamilton) and Jocelinn Kang (ASPI) for their helpful comments on an earlier draft of the report. We also acknowledge the contributions from consultations with colleagues from Australia’s Department of Foreign Affairs and Trade, the Royal Australian Navy’s Sea Power Centre, King’s College London, and various Southeast Asian think tanks and Southeast Asian maritime and cybersecurity industry.
Other ASPI research staff have also contributed to this report.
The conclusions are the authors’ own, and represent neither the views of any government nor a consensus of the experts consulted.
About ASPI
The Australian Strategic Policy Institute was formed in 2001 as an independent, non‑partisan think tank. Its core aim is to provide the Australian Government with fresh ideas on Australia’s defence, security and strategic policy choices. ASPI is responsible for informing the public on a range of strategic issues, generating new thinking for government and harnessing strategic thinking internationally. ASPI’s sources of funding are identified in our Annual Report, online at www.aspi.org.au and in the acknowledgements section of individual publications. ASPI remains independent in the content of the research and in all editorial judgements. It is incorporated as a company, and is governed by a Council with broad membership. ASPI’s core values are collegiality, originality & innovation, quality & excellence and independence.
ASPI’s publications—including this paper—are not intended in any way to express or reflect the views of the Australian Government. The opinions and recommendations in this paper are published by ASPI to promote public debate and understanding of strategic and defence issues. They reflect the personal views of the author(s) and should not be seen as representing the formal position of ASPI on any particular issue.
Important Disclaimer
This publication is designed to provide accurate and authoritative information in relation to the subject matter covered. It is provided with the understanding that the publisher is not engaged in rendering any form of professional or other advice or services. No person should rely on the contents of this publication without first obtaining advice from a qualified professional.
This publication is subject to copyright. Except as permitted under the Copyright Act 1968, no part of it may in any form or by any means (electronic, mechanical, microcopying, photocopying, recording or otherwise) be reproduced, stored in a retrieval system or transmitted without prior written permission. Enquiries should be addressed to the publishers. Notwithstanding the above, educational institutions (including schools, independent colleges, universities and TAFEs) are granted permission to make copies of copyrighted works strictly for educational purposes without explicit permission from ASPI and free of charge.
First published March 2022. Cover image: Abstract low poly 3d cargo ship/vectorstock.com
Funding
Funding support for this report was provided via a grant from the UK Foreign, Commonwealth and Development Office through the UK High Commission in Canberra through a competitive grant proposal bidding process.
Ministry of Foreign Affairs, ‘Foreign policy: Free and open Indo-Pacific’, Japanese Government, 2022, online. ↩︎
The White House, National Security Strategy of the United States of America, December 2017, online. ↩︎
Department of Foreign Affairs and Trade (DFAT), 2017 Foreign Policy White Paper, Australian Government, 2017, online. ↩︎
Ministry of External Affairs, ‘Prime Minister’s keynote address at Shangri-La Dialogue’, Indian Government, 1 June 2018, online. ↩︎
Federal Foreign Office, Policy guidelines for the Indo-Pacific region, German Government, September 2020, online. ↩︎
Indo-Pacific: Guidelines for strengthening Dutch and EU cooperation with partners in Asia, Netherlands Government, 2020, online. ↩︎
EU Strategy for cooperation in the Indo-Pacific, European Union, 2021, online. ↩︎
‘France’s Indo-Pacific Strategy’, French Embassy, Canberra, 2021, online. ↩︎
Louisa Brooke-Holland, Integrated review 2021: The defence tilt to the Indo-Pacific, UK Parliament, October, 2021, online. ↩︎
Huong Le Thu, ‘Southeast Asia: Between asserting agency and muddling through’, in Ashley J Tellis, Alison Szalwinski, Michael Wills (eds), Strategic Asia 2021–2022: Navigating tumultuous times in the Indo-Pacific, National Bureau of Asian Research, 11 January 2022, online. ↩︎
ASEAN Outlook on the Indo-Pacific 2019, ASEAN, 23 June 2019, online. ↩︎
https://aspi.s3.ap-southeast-2.amazonaws.com/wp-content/uploads/2025/03/14141710/UK-Australia-and-ASEAN-cooperation-for-safer-seas_banner.png4501350nathanhttps://aspi.s3.ap-southeast-2.amazonaws.com/wp-content/uploads/2025/04/10130806/ASPI-Logo.pngnathan2022-03-31 06:00:002025-03-14 14:26:44UK, Australia and ASEAN cooperation for safer seas
ASPI’s International Cyber Policy Centre has launched the Understanding Global Disinformation and Information Operations website alongside this companion paper. The site provides a visual breakdown of the publically-available data from state-linked information operations on social media. ASPI’s Information Operations and Disinformation team has analysed each of the data sets in Twitter’s Information Operations archive to provide a longitudinal analysis of how each state’s willingness, capability and intent has evolved over time. Our analysis demonstrates that there is a proliferation of state actors willing to deploy information operations targeting their own domestic populations, as well as those of their adversaries. We find that Russia, Iran, Saudi Arabia, China and Venezuela are the most prolific perpetrators. By making these complex data sets available in accessible form ASPI is broadening meaningful engagement on the challenge of state actor information operations and disinformation campaigns for policymakers, civil society and the international research community
https://aspi.s3.ap-southeast-2.amazonaws.com/wp-content/uploads/2024/12/14221110/infoops_snap.png4501350nathanhttps://aspi.s3.ap-southeast-2.amazonaws.com/wp-content/uploads/2025/04/10130806/ASPI-Logo.pngnathan2022-03-30 06:00:002024-12-14 22:13:26Understanding Global Disinformation and Information Operations: Insights from ASPI’s new analytic website
Guidance on implementation for Member States of ASEAN
Foreword
Global digital growth is continuing to fundamentally transform the lives of people, businesses and institutions, bringing people out of poverty, increasing wider prosperity, welfare and enabling new ways for governments and citizens to engage with each other. It is also creating a more connected world and supporting globalisation with greater access to free markets, democratic systems, prosperity and innovation.
But as we become more reliant on cyberspace, malicious cyber activity has grown in intensity, complexity and severity over recent years, with rising incidents of cybercrime and hostile states targeting critical national infrastructure, democratic institutions, business and media. There is too much at risk to allow cyberspace to become a lawless world and we need to continue to work together to identify the rules of the road in how international law applies to state behaviour in cyberspace just as it does to activities in other domains.
The 11 norms, as part of the UN framework of responsible state behaviour in cyberspace, is a way to help develop those rules of the road and the UK, as part of our outreach, is committed to supporting partners across all continents be better able to both implement the norms but also be better empowered to join in the international debate in the UN.
This ASPI programme has provided an insight into meaningful measures being put in place across ASEAN to deliver the norms, showcasing the region as trailblazing good practice and policies. Sharing and communicating these is in itself a confidence building measure and the examples shared in this report will have an impact across the global debate.
The UK, as a responsible democratic cyber power is proud to have supported this report and we look forward to future activity in the ASEAN region and globally to help shape the future frontiers of an open and stable international order in cyberspace.
– Will Middleton, Foreign, Commonwealth and Development Office, UK
Advances in cyber and critical technology underpin our future prosperity but they also have the potential to harm national and economic security interests and undermine democratic values and principles. The countries that can harness the current wave of innovation while mitigating its risks will gain significant economic, political and security advantages and will be at the forefront of 21st century leadership.
As states increasingly exert power and influence in cyberspace, it is important that there are clear rules in place. In other words, cyberspace is not the Wild West, all countries have agreed that existing international law applies in cyberspace and all countries have endorsed UN norms of responsible state behaviour.
The Plan of Action to Implement the ASEAN Australia Strategic Partnership 2020–2024 details our joint commitment to an open, secure, stable, accessible and peaceful ICT environment. Australia will continue to work closely with our ASEAN partners to deepen understanding and implementation of longstanding agreements of international law and norms in cyberspace.
This report, produced by APSI in partnership with Australia’s Cyber and Critical Technology Cooperation Program and the UK Foreign, Commonwealth and Development Office, is the result of a multi-year cyber-capacity building program focused on supporting the effective implementation of UN norms throughout ASEAN.
These 11 norms lay the groundwork for collective expectations for state behaviour in cyberspace. They are the bedrock on which regional and bilateral agreements around state behaviour in cyberspace are built and create a mutually reinforcing set of agreements and expectations.
Australia is grateful for ASPI’s tireless work on this important cyber-capacity building project helping to kickstart the process of understand and actioning the norms and behaviours which are central to an open, free, safe and secure cyberspace.
– Dr Tobias Feakin, Ambassador for Cyber Affairs and Critical Technology, Australia
Introduction
This document is the result of a multi-year cyber capacity-building program by ASPI in partnership with the UK Foreign, Commonwealth and Development Office and the Australian Department of Foreign Affairs and Trade (Cyber and Critical Technology Cooperation Program). Through the project, the partners sought to support member states of the Association of Southeast Asian Nations (ASEAN) with the implementation of the United Nations (UN) norms of responsible state behaviour in cyberspace. The content of this publication is primarily based on experiences, inputs and outputs from activities run under this program.
What are norms?
Norms in international affairs are generally defined as ‘a collective expectation for the proper behaviour of actors with a given identity’.
Norms are norms for the following reasons:
They are widely shared and agreed among a large group of states; norms exist only because we all believe they exist and apply.
They exert a moral attractiveness for states to conform to norms; states prefer to be seen to endorse, follow and promote norms, and to be responsible members of the international community.
They assign specific duties and obligations, albeit non-legal, for specific actors; most norms in cyberspace are regulative in character at the national level, as they recommend that states prescribe, prohibit or permit certain activities.
They are dynamic; they develop as expectations and opinions in society about what’s responsible and acceptable change over time.
People, organisations and states will—from time to time—contest or violate norms; this doesn’t mean that a norm does not exist as long as the norm remains accepted by a large and influential enough community, and the violator is held to account.
Source: Based on Martha Finnemore, Cybersecurity and the concept of norms, Carnegie Endowment for International Peace, 30 November 2017, pp. 1–2.
The UN norms were first agreed by a UN group of governmental experts in 2015. The group’s report was subsequently endorsed by consensus at the UN General Assembly in 2015 through resolution 70/237. It called on all member states ‘to be guided in their use of ICTs’ by the 2015 report. The focus on the operationalisation and implementation of the UN norms was also front and centre in the 2019–2021 round of UN First Committee negotiations. The report of the OEWG recommended that states ‘further support the implementation and development of norms’. The 2021 UNGGE report offers an additional layer of understanding to help governments with their implementation.
In 2018, the ASEAN leaders expressed a commitment to operationalise the UN norms as a core element in ASEAN’s approach to promoting regional stability in cyberspace. That same year, the ASEAN ministers responsible for cybersecurity subscribed in principle to the norms. At the 2019 ASEAN Ministerial Conference on Cybersecurity, they agreed to establish a working committee to develop a framework for implementation.
Participants reaffirmed the importance of a rules-based cyberspace as an enabler of economic progress and betterment of living standards,and agreed in-principle that international law, voluntary and non-binding norms of State behaviour, and practical confidence building measures are essential for stability and predictability in cyberspace.
– Chairman’s statement of the third ASEAN Ministerial Conference on Cybersecurity, 2018.
In compiling this document, ASPI intends to contribute to the ongoing UN and ASEAN working groups, and offer participants region-specific perspectives based on real and observed examples of good practice. The information was gathered through various regional workshops and training activities that took place between 2019 and 2021, and supplemented with open-source research.
This document consists of two main parts:
An explanation of the norms implementation process.
Practical guidance on implementation with examples from the ASEAN region.
Each government is responsible for its own pathway to implementation and for informing other states of its efforts. Expectations of national and regional implementation will alter as states start to focus on local implementation and as understanding of the norms’ meaning grows.
This document should help kickstart that process of understanding and actioning. It should be considered a living document that supports a gradually maturing regional approach.
This document will help policymakers and state officials answer questions such as:
What examples can governments consider to demonstrate their efforts in implementing the UN norms?
How can a state demonstrate that it is implementing and following the UN norms of responsible state behaviour in cyberspace?
Where can a state find advice, assistance and support to advance further implementation efforts?
PART A – THE IMPLEMENTATION PROCESS EXPLAINED
Part A: the implementation process explained
In this first part of the document, the process for implementation of the UN cyber norms is explained. It starts with a clarification of the concept of international norms, how the cyber norms work and what practical steps make up an implementation effort. Examples of mechanisms and tools to demonstrate implementation efforts are also provided. At the end, we elaborate on the reasons why states would want to make an effort to implement the UN norms of responsible state behaviour in cyberspace.
Full text of the UN cyber norms
Consistent with the purposes of the United Nations, including to maintain international peace and security, States should cooperate in developing and applying measures to increase stability and security in the use of ICTs and to prevent ICT practices that are acknowledged to be harmful or that may pose threats to international peace and security;
In case of ICT incidents, States should consider all relevant information, including the larger context of the event, the challenges of attribution in the ICT environment and the nature and extent of the consequences;
States should not knowingly allow their territory to be used for internationally wrongful acts using ICTs;
States should consider how best to cooperate to exchange information, assist each other, prosecute terrorist and criminal use of ICTs and implement other cooperative measures to address such threats. States may need to consider whether new measures need to be developed in this respect;
States, in ensuring the secure use of ICTs, should respect Human Rights Council resolutions 20/8 and 26/13 on the promotion, protection and enjoyment of human rights on the Internet, as well as General Assembly resolutions 68/167 and 69/166 on the right to privacy in the digital age, to guarantee full respect for human rights, including the right to freedom of expression;
A State should not conduct or knowingly support ICT activity contrary to its obligations under international law that intentionally damages critical infrastructure or otherwise impairs the use and operation of critical infrastructure to provide services to the public;
States should take appropriate measures to protect their critical infrastructure from ICT threats, taking into account General Assembly resolution 58/199 on the creation of a global culture of cybersecurity and the protection of critical information infrastructures, and other relevant resolutions;
States should respond to appropriate requests for assistance by another State whose critical infrastructure is subject to malicious ICT acts. States should also respond to appropriate requests to mitigate malicious ICT activity aimed at the critical infrastructure of another State emanating from their territory, taking into account due regard for sovereignty;
States should take reasonable steps to ensure the integrity of the supply chain so that end users can have confidence in the security of ICT products. States should seek to prevent the proliferation of malicious ICT tools and techniques and the use of harmful hidden functions;
States should encourage responsible reporting of ICT vulnerabilities and share associated information on available remedies to such vulnerabilities to limit and possibly eliminate potential threats to ICTs and ICTdependent infrastructure;
States should not conduct or knowingly support activity to harm the information systems of the authorized emergency response teams (sometimes known as computer emergency response teams or cybersecurity incident response teams) of another State. A State should not use authorized emergency response teams to engage in malicious international activity.
What are the UN norms of responsible state behaviour in cyberspace?
The UN norms of responsible state behaviour in cyberspace (Figure 1) are 11 voluntary and non-binding rules that describe what states should and should not be doing in cyberspace.
Figure 1: The UN norms of responsible state behaviour in cyberspace
The content of the 11 norms reflects the expectations that the broader international community has of each state and regional organisation.1 They express a common opinion of what is considered to be responsible behaviour by states. Naturally, this collective opinion of what is responsible and what is irresponsible behaviour develops over time as understanding of cybersecurity deepens, incidents occur, and more governments contribute to the process.
The purposes of the norms as reflected in UNGA Resolution 70/237 are to reduce risks to international peace and security, and to contribute to conflict prevention.2 They have been crafted to deal with state-to-state actions that could potentially carry the highest risks to international peace and security and the welfare of citizens.
Norms in international affairs are political agreements. They do not infringe on a state’s sovereignty or impose legal obligations on states.3 In fact, the norms provide a common basis for a state to design strategic direction, develop capabilities and execute actions in a responsible manner.
The UN norms process
International efforts to establish norms of responsible state behaviour in cyberspace concentrate around the work of two groups: the UNGGE and the OEWG.
The first UN group of governmental experts convened between 2004 and 2005, and a sixth round of negotiations concluded in 2021. Four rounds concluded with consensus reports, in 2010, 2013, 2015 and 2021. The OEWG was first established in 2019, and a second round has commenced in 2021 for a period of five years.
The UNGGE and OEWG are predominantly intergovernmental negotiation processes with—at times—opportunities for consultations with non-government organisations and civil society. Those consultations have, however, a non-official character.
The UN cyber groups
UN Group of Governmental Experts (UNGGE) on Developments in the Field of Information and Telecommunications in the Context of International Security
UN Group of Governmental Experts (UNGGE) on Advancing responsible state behaviour in cyberspace in the context of international security
2019-21
UN Open-ended working group (UN OEWG) on developments in the field of information and telecommunications in the context of international security
2019-21 ֍ 2021-25
Member states of ASEAN have been participating in all the meetings of the UNGGE and the OEWG that have convened since 2004. Figure 5 shows ASEAN member states’ participation in the UNGGE and OEWG since 2004. Stars indicate a country’s membership of the UNGGE, and its active participation in the OEWG as determined by written submissions or oral statements.
Figure 5: ASEAN member states’ participation in UN norms processes 2004-2021.
Notes: * Although Brunei has not participated in the UNGGE or the OEWG, it did offer a national views document in 2017; it was the first ASEAN member state to do so. # Although Vietnam did not offer written submissions or made any statements, representatives formally attended OEWG meetings in New York.
In parallel to the UN-facilitated intergovernmental negotiation processes, various multistakeholder and other government-led initiatives have formed too. Examples include:
Cyber Tech Accord: a commitment of 150+ companies to work together and follow a set of principles that seeks to protect and empower users and customers
Paris Call for Trust and Security in Cyberspace: a multistakeholder commitment to work together to reduce risks to the stability of cyberspace and to build up confidence, capacity and trust
Agreement on Cooperation in the Field of ICTs: a proposal by the Shanghai Cooperation Organisation’s six member countries for an international code of conduct
World Wide Web Foundation Contract for the Web: an internet community-led initiative to advance principles of accessibility, affordability, availability and rights-based principles of respect for human rights and privacy for all in the operations of the internet.
What do norms do?
Norms typically codify existing state practice. The UN norms, as introduced in UNGA Resolution 70/237, set the standards of what the international community considers responsible on the basis of observed behaviour by state actors in the past and currently. With these agreed norms, activities and intentions of states can be subjected to assessments. States can be complimented on their response to an incident, or national practices can be heralded as global good practice. Also, states can be reprimanded if they haven’t done enough to prevent an incident, or if they have used cyber capabilities in an irresponsible manner.
In practice, governments will use international norms, such the UN norms of responsible state behaviour in cyberspace, in three ways:
To serve as a point of reference to reassure other states of their good intentions and to demonstrate that they are constructive members of the international community.
To serve as a point of reference to guide national cybersecurity policy and national cybersecurity investments.
To serve as a point of reference to hold other actors responsible for behaviour that is not in line with the UN norms for responsible state behaviour.
Governments that embrace the UN norms and can report on their efforts contribute to predictability, trust and confidence in cyberspace.
How do norms work?
The implementation of internationally agreed political agreements is always challenging. As they have been crafted through an intergovernmental negotiation process, their language and terminology can be ambiguous. For that reason and in the absence of an overall blueprint, it is important that states find their own way and form their own view and approach to embracing the UN’s normative framework.
Figure 2: The four components that make up the UN framework of responsible state behaviour in cyberspace.
The 11 norms should be seen in their entirety and not as a ‘pick-and-choose’ menu. It is important that governments review their efforts in a comprehensive manner covering aspects that touch on issues of national (cyber)security, security of ICTs as well as on constructive inter-state relations.
Furthermore, governments need to keep in mind that the 11 norms are part of a broader framework that also includes the recognition that international law applies to state conduct in cyberspace, a set of confidence-building measures and a commitment to coordinated capacity building.4 Together, those four components make up the UN framework of responsible state behaviour in cyberspace (Figure 2).
In general, the more states show commitment to the norms and actively engage in their implementation, the more robust the norms become and the more compelling the call for compliance becomes.
What does the implementation of international norms involve?
States can demonstrate their implementation of international norms of behaviour in various ways (see figure 3). Typically, implementation occurs at three different levels: at the level of political endorsement, national laws and policies, and actions on the ground (Figure 3).
First, political endorsement can be demonstrated, for example, through voting in favour of relevant resolutions at the UN General Assembly, by subscribing to ASEAN leaders’ statements and by (prime) ministerial statements.
Second, states can integrate or internalise norms (explicitly or implicitly) in national legal frameworks, strategies and national policies.
Third, a state can demonstrate implementation by referring to its government practices in the form of its institutional capabilities, doctrine and procedures, and actions. Those practices can offer de facto evidence of a state’s effort to follow norms of responsible behaviour, as they demonstrate an ability and willingness to act.
Implementation of international norms of responsible state behaviour
Figure 3: A framework for the implementation of norms. Source: The author.
Responsibility for the implementation of the UN norms rests with governments. In practice, however, meaningful implementation will rely on individual governments’ ability and willingness to consult and collaborate with industry, civil society organisations, the internet technical community and academia, and on governments’ ability to ensure a whole-of-government approach.
Meaningful implementation requires the involvement of multiple stakeholders and a whole-of-government approach.
For the purpose of including views, expertise and capabilities of non-government stakeholders, mechanisms such as a national action plan or a national road map are proven methods that help build a national or whole-of-economy approach to cybersecurity.
A National Action Plan is an effective method to form an integrated approach to implementation.
What’s a trajectory for the implementation of norms?
Building a national approach to cybersecurity let alone the implementation of the UN norms is neither straightforward nor instant. Typically, stakeholders go through a step-by-step process of gradually increasing their understanding, maturity and comfort with the topic (see figure 4).
A first step is to build awareness across the government of its international responsibilities. This could be achieved through a dedicated training program or awareness campaign on the UN norms.
This should lay the foundation for a cross-governmental recognition that the government is committed to the UN’s normative approach and is willing to be guided by it in its national and international cybersecurity activities.
What follows could be an assessment of where the country stands in its implementation efforts. Such a baseline assessment could be done by a third party or through a whole-of-government mapping process. Figure 4: A step-by-step process towards implementation.
The outcome of the baseline assessment will inform the government of its strengths and areas for improvement.
This could then lead to domestic investments in particular areas of cybersecurity, to requesting assistance from the global cyber capacity-building community, or to offers of expertise to others.
At the end of these steps, one can presume a state to be implementing the UN norms commensurate with its own means and capabilities.
The implementation of norms is a dynamic process that evolves as a country’s maturity in cybersecurity grows over time. At the same time, it’s unlikely that any state will ever reach a state of ‘full implementation’, just as no state will ever be 100% cybersecure.
How can governments demonstrate implementation?
For the purpose of the UN norms (to reduce risks to international peace and security, and to contribute to conflict prevention), it is critical that states demonstrate what they’re doing and what they intend to do. Therefore, documenting and reporting are critical in implementation.
There are several ways for states to make their views, achievements and known capacity shortfalls known.
1. Reporting through the UN Secretary-General
On regular occasions, the UN Secretary-General invites member states to share their views and assessments (see figure 6). Governments can share their ‘general appreciation of the issues of information security; efforts taken at the national level to strengthen information security and promote international cooperation in this field; the content of concepts such as the application of international law; and possible measures that could be taken by the international community to strengthen information security at the global level’.
Figure 6: UN member states’ views and assessments
2. Submissions through UN working groups
As part of the ongoing OEWG process, member states are encouraged to provide written submissions or statements to the working group. The statements are shared by the UN Secretariat to other member states, the chair(s) and non-government stakeholders. States are also encouraged to participate in a UN-facilitated survey of their national efforts and experiences.
3. ASEAN Regional Forum
The ARF’s semi-annual Inter-Sessional Meeting on ICT Security offers participants an opportunity to exchange their views on the regional and global ICT landscape and their efforts and initiatives. For the ARF’s annual security outlook, member countries are asked to submit a contribution that includes a section for ‘cyber/ICT security’.
4. Recognition by third party/ies
A state can engage third-party organisations to perform an external assessment and prepare a report. This could be done through a capacity-building relationship, such as ASPI’s national norms implementation reports (see figure 7). ASEAN member states can also make use of their academic and think-tank organisations such as those represented in ASEAN–ISIS and the Council for Security Cooperation in the Asia Pacific (CSCAP).
Figure 7: ASPI national norms implementation reports
Why would states make an effort to implement the UN cyber norms?
There are a few reasons why states would make the effort to implement international norms, such as the UN norms of responsible state behaviour in cyberspace.
Cyber resilience. By following the recommendations from the norms and through acts of implementation, States are effectively strengthening their national cybersecurity maturity. Therefore, implementation of the norms is directly contributing to a nation’s ability to protect against malicious cyber activity, reduce exposure to risks and vulnerabilities in ICTs, and respond to malicious ICT activity.
International credibility. Most states want to be, and be seen as, responsible members of the international community. Showing demonstrable support for norms of responsible behaviour adds to a country’s international and regional credibility. Domestically, the implementation of international norms helps governments provide direction to their national cybersecurity policy and developments.
Contribute to norm-setting. The effective demonstration of implementation allows states to shape the common opinion of what is and what is not considered responsible behaviour of states and ensure that international expectations align with the local and regional context.
Reassurance, accountability and transparency. In a situation in which a large enough group of states can show demonstrable implementation of the UN norms, each within its own means and capabilities and within its national and regional context, a global environment is created in which states can be reassured of each other’s willingness and ability to prevent unnecessary tensions and unintended conflict. Altogether, this adds to the accountability and transparency of state activities in cyberspace.
PART B – PRACTICAL GUIDANCE ON IMPLEMENTATION, WITH EXAMPLES FROM THE ASEAN REGION
To read part B, please download the full report here.
ASPI’s Bart Hogeveen provides a brief overview of the project.
Acknowledgements
The author would like to acknowledge contributions by officials and participants working with the governments of Brunei Darussalam, Cambodia, Indonesia, Lao PDR, Malaysia, the Philippines, Singapore, Thailand and Vietnam.
Our particular appreciation goes to:
the Department of Foreign Affairs, Department of ICT, Office of the President and the National Security Council, the Philippines
the Ministry of Foreign Affairs and Badan Siber dan Sandi Negara, Indonesia
the Ministry of Information and Communications, Ministry of Foreign Affairs, and the Diplomatic Academy Vietnam, Vietnam
the National Cybersecurity Agency, Ministry of Foreign Affairs, and CyberSecurity Malaysia, Malaysia
In addition, the author is indebted to contributions from Dr Fitriani, Ms Farlina Said, Dr Moonyati Yetid, Mr Eugene Tan, Mr Ben Ang and the Global Forum on Cyber Expertise and support from the UK Foreign, Commonwealth and Development Office and the Australian Department of Foreign Affairs and Trade and their embassies and high commissions in Southeast Asia.
This publication is the output of a project funded by the UK Government and the Australian Government (Cyber and Critical Technology Cooperation Program). More information can be found at https://www.aspi.org.au/cybernorms. The views expressed in this work are not necessarily those of the UK or Australian governments or of the participating governments. The author is responsible for its content, any views expressed or mistakes.
What is ASPI?
The Australian Strategic Policy Institute was formed in 2001 as an independent, non‑partisan think tank. Its core aim is to provide the Australian Government with fresh ideas on Australia’s defence, security and strategic policy choices. ASPI is responsible for informing the public on a range of strategic issues, generating new thinking for government and harnessing strategic thinking internationally.
ASPI International Cyber Policy Centre
ASPI’s International Cyber Policy Centre (ICPC) is a leading voice in global debates on cyber, emerging and critical technologies and issues related to information and foreign interference and focuses on the impacts those issues have on broader strategic policy. The centre has a growing mixture of expertise and skills and teams of researchers who concentrate on policy, technical analysis, information operations and disinformation, critical and emerging technologies, cyber capacity building, satellite analysis, surveillance and China-related issues. The ICPC informs public debate in the Indo-Pacific region and supports public policy development by producing original, empirical, data-driven research. The ICPC enriches regional debates by collaborating with research institutes from around the world and by bringing leading global experts to Australia, including through fellowships. To develop capability in Australia and across the Indo-Pacific region, the ICPC has a capacity-building team that conducts workshops, training programs and large-scale exercises for the public and private sectors.
Important disclaimer
This publication is designed to provide accurate and authoritative information in relation to the subject matter covered. It is provided with the understanding that the publisher is not engaged in rendering any form of professional or other advice or services. No person should rely on the contents of this publication without first obtaining advice from a qualified professional.
This publication is subject to copyright. Except as permitted under the Copyright Act 1968, no part of it may in any form or by any means (electronic, mechanical, micro-copying, photocopying, recording or otherwise) be reproduced, stored in a retrieval system or transmitted without prior written permission. Enquiries should be addressed to the publisher. Notwithstanding the above, educational institutions (including schools, independent colleges, universities and TAFEs) are granted permission to make copies of copyrighted works strictly for educational purposes without explicit permission from ASPI and free of charge.
First published February 2022.
Funding support for this publication was provided by the UK and Australian governments.
UN General Assembly, Group of Government Experts on Developments in the field of ICTs in the context of international security, A/70/174, 22 July 2015, paragraph 10. ↩︎
UN General Assembly, Group of Government Experts on Advancing responsible state behaviour in cyberspace in the context of international security, A/76/135, 14 July 2021, paragraph 15; UN General Assembly, Open-ended working group on developments in the field of ICTs in the context of international security, A/75/816, 18 March 2021, paragraph 24. ↩︎
UN General Assembly, Group of Government Experts on Developments in the field of ICTs in the context of international security, A/70/174, 22 July 2015, paragraphs 26-28. ↩︎
It is important to distinguish between ‘norms of responsible state behaviour’ (that is, the UN norms) and what are called ‘norms of international law’. In this document, the term ‘norms’ refers only to the former. ↩︎
https://aspi.s3.ap-southeast-2.amazonaws.com/wp-content/uploads/2025/03/14143838/CYBER-NORMS.png5051524nathanhttps://aspi.s3.ap-southeast-2.amazonaws.com/wp-content/uploads/2025/04/10130806/ASPI-Logo.pngnathan2022-03-22 06:00:002025-03-14 14:39:48The UN norms of responsible state behaviour in cyberspace
This brief report explores the challenge of producing policy-relevant China research and analysis. Policy-relevant research is defined as work that drives action, affects decision-making, or both. It’s the kind of research think tanks seek to do, bridging the gap between academia and civil servants who work on policy.
This paper focuses on two key findings:
There’s a distinction between conducting policy-relevant research and the process of disseminating it in a way that will effectively shape and influence the policy process in particular places by particular policy- and decision-makers. In practice, the difference between the two isn’t always clearly understood and perhaps not clearly taught.
There’s limited training that prepares the China analytical community to deal with the challenges of producing policy-relevant research under conditions of restricted access to China. Researchers require more support in navigating the research environment and filling skill-set gaps.
https://aspi.s3.ap-southeast-2.amazonaws.com/wp-content/uploads/2024/12/14223233/China-research-and-analysis_banner-Feb22.jpg4501350nathanhttps://aspi.s3.ap-southeast-2.amazonaws.com/wp-content/uploads/2025/04/10130806/ASPI-Logo.pngnathan2022-02-28 06:00:002024-12-14 22:34:46Producing policy-relevant China research and analysis in an era of strategic competition
Climate change is much more than an environmental crisis—it’s a systemic crisis that will transform the geopolitical landscape. And the consequences for the Indo-Pacific, already the most exposed region in the world to climate hazards and home to the world’s fastest growing populations, economies and geopolitical rivalries, will be profound.
In this volume, leading experts explore the impacts of this rapidly emerging climate threat on regional systems by interrogating a 1.5°C 2035 climate change scenario developed by the ASPI Climate and Security Policy Centre.
The chapters here attempt to understand the unpredictable effects of climate change on the region’s already fragile human systems, from great-power competition and militaries, governance and politics, food and water insecurity, and ethnic separatism, to energy and trade systems, sovereign risk and digital disinformation.
What emerges is a vivid demonstration of the dangers of underestimating the systemic connections between those factors, including how risks in one thematic area amplify risks in others, completely reshaping the regional security picture.
Watch the publication launch event.
https://aspi.s3.ap-southeast-2.amazonaws.com/wp-content/uploads/2024/12/13225126/geopolitics-climate-security-IndoPacific_banner.jpg4781434nathanhttps://aspi.s3.ap-southeast-2.amazonaws.com/wp-content/uploads/2025/04/10130806/ASPI-Logo.pngnathan2022-02-24 06:00:002025-03-06 16:51:09The geopolitics of climate and security in the Indo-Pacific
Domestic telecommunications companies assist law enforcement by the lawful interception of otherwise private communications when presented with a valid warrant.
This has been a powerful tool to combat crime. In the 2019–20 financial year, for example, 3,677 new warrants for telecommunications interception were issued, and information gained through interception warrants was used in 2,685 arrests, 5,219 prosecutions and 2,652 convictions. That was in the context of 43,189 custodial sentences in the same year.
But law enforcement and security officials assert that the usefulness of ‘exceptional access’, as it’s called in this paper, has declined over time as strong encryption has become increasingly common.
Australian Security Intelligence Organisation (ASIO) Director-General Michael Burgess has stated that encryption ‘damages intelligence coverage’ in 97% of ASIO’s priority counter-intelligence cases.
The problem of increasingly powerful encryption degrading the usefulness of exceptional access is often referred to as ‘going dark’.
The Australian Government has committed to the reform of Australia’s electronic surveillance legislative framework.5 Although its discussion paper mentions encryption only in passing,6 we can expect that encryption and going dark will be a topic of debate as reform is considered. This paper contributes to that debate by examining how firms that provide digital communications services can provide assistance to law enforcement even as strong encryption is increasingly common.
Although exceptional access is primarily concerned with evidence collection, it may be better in some cases to focus on crime prevention, when it comes to achieving society’s broader aim of safety and security. This may be especially true for serious offences that cause significant harms to individuals, such as child exploitation and terrorism.
Accordingly, in this paper I divide assistance to law enforcement into two broad types:
Building communications services so that criminal harm and abuse that occur on the service can be detected and addressed, or doesn’t even occur in the first place. Examples of harms that might be avoided include cyberbullying or child exploitation that occur online.
Assisting law enforcement with exceptional access for crimes that are unrelated to the communications service. Examples of such crimes might include an encrypted messaging service being used to organise drug smuggling or corruption.
I start by exploring the justification for exceptional access and then examine how encryption has affected assistance to law enforcement, as well as the differences between transport encryption and end-to-end (E2E) encryption and the implications those differences have for law enforcement.
I examine encryption trends and discuss the costs and benefits of exceptional access schemes.
I then examine some of the approaches that can be used by service providers to provide these two different forms of assistance as E2E encryption becomes increasingly common. I also summarise some of the advantages and disadvantages of those different approaches.
A number of initiatives seek to embed safety and security into the design, development and deployment of services. They encourage industry to take a proactive and preventive approach to user safety and seek to balance and effectively manage privacy, safety and security requirements. Those initiatives have relatively few big-picture privacy or security drawbacks, but there are many issues on which there isn’t yet consensus on how to design platforms safely. Such initiatives may also need extensive resources for employee trust and safety teams.
Providing law enforcement access to E2E encrypted systems is very challenging. Proposals that allow access bring with them some potentially significant risks that exceptional access mechanisms will be abused by malicious actors.
Watch the launch webinar here.
https://aspi.s3.ap-southeast-2.amazonaws.com/wp-content/uploads/2024/12/14221637/IP58-End-to-End-Encryption_banner.jpg4501350nathanhttps://aspi.s3.ap-southeast-2.amazonaws.com/wp-content/uploads/2025/04/10130806/ASPI-Logo.pngnathan2022-02-23 06:00:002025-03-06 17:02:07The future of assistance to law enforcement in an end-to-end encrypted world
This report describes current security and environmental policy challenges related to Antarctica and proposes options for Australia and the United States to address them. It assesses the current and potential future actions of strategic competitors like China and Russia, and proposes policy responses.
It suggests ways in which the US and Australian governments can work more closely to protect and promote the Antarctic Treaty System (ATS), advancing support for an approach to governance that the two nations have felt for decades is in their respective national interests. This requires both countries (as well as others) to make a clear-eyed assessment of current and future fault lines and move more quickly to address political and environmental challenges that have implications well beyond Antarctica. In particular, this involves determining when it’s necessary to counter the ambitions of strategic competitors, such as China and Russia, in the Antarctic context, and when cooperation may be the more appropriate objective.
The current Antarctic governance regime, while far from perfect… achieves a great deal that’s in the long-term national interests of Australia and the US. The ATS shouldn’t be dismissed as out of date; it can still be effective in addressing core regional concerns of both countries. Both countries can use their influence to insist on the implementation by all countries of ATS rules and can invoke those rules to fight for environmental protection and policies that support scientists. It’s unlikely that a more effective set of treaties could be negotiated today. Australia and the US should spend more time at both senior and working levels to coordinate positions and on outreach to other governments on Antarctic issues.
https://aspi.s3.ap-southeast-2.amazonaws.com/wp-content/uploads/2024/12/14224602/MeetingAntarcticasDiplomaticChallenges_banner.png4501350nathanhttps://aspi.s3.ap-southeast-2.amazonaws.com/wp-content/uploads/2025/04/10130806/ASPI-Logo.pngnathan2022-02-16 06:00:002024-12-14 22:59:50Meeting Antarctica’s diplomatic challenges: Joint approaches for Australia and the United States
In November 2020 a Chinese official passed a list of 14 grievances to Australian journalists, highlighting what Beijing regarded as missteps in the Australian government’s relations with China. A striking feature of the list is that many concern Australian Government attempts to limit Chinese engagement with the states and territories, or state-based institutions such as universities.
Why did state and territory relations with China concern Canberra? This study explores the changing nature of China’s engagement with Australian states and territories, local governments, city councils, universities, research organisations and non-government organisations, all nested in Australian civil society. What emerges is the astonishing breadth and depth of China’s engagement, much of it the welcome outcome of Australia’s economic and people-to-people engagement with China over many decades. But it’s equally apparent that China has made covert attempts to influence some politicians and overt attempts to engage states, territories and key institutions in ways that challenge federal government prerogatives and have brought the two levels of government into sharp public dispute.
Here we provide a detailed analysis of how China has worked to build its political influence and build dependence through trade and economic ties with each Australian state and territory. In addition, unique cross-cutting chapters review the impact of Chinese engagement with Australian universities and show how Beijing’s ‘United front’ organisation is designed to build influence. We assess the impact on Australian businesses and the constitutional challenges presented by Chinese engagement with the states and territories.
The study methods and analytical approaches adopted in this book will be a model for similar research in many parts of the world. Understanding the nature of Chinese engagement with subnational jurisdictions is an important way for national governments to shape their security policies and to resist covert and, indeed, unwanted overt interference.
This book provides original insights into the scale of the challenge and distils practical policy recommendations for governments at all levels to consider and adopt.
Launch Webinar
https://aspi.s3.ap-southeast-2.amazonaws.com/wp-content/uploads/2024/12/13220915/Taking-the-low-road_banner.jpg4501350nathanhttps://aspi.s3.ap-southeast-2.amazonaws.com/wp-content/uploads/2025/04/10130806/ASPI-Logo.pngnathan2022-02-15 06:00:002025-03-06 15:08:45Taking the low road: China’s influence in Australian states and territories
This report outlines how and why Australia has under-appreciated diplomacy and under-invested in diplomatic capability—and why things should change.
The prominence of deterrence, alliances and border controls in Australian security thinking has pushed diplomacy into the shadows.
Over the last twenty years, Australian governments, sensibly, have invested massively in defence, intelligence and border control. Over the same period, though, the operating budget for DFAT’s foreign policy and diplomatic work, has been cut by 9 per cent.
In a more contested and multipolar international environment, lightweight diplomacy reflects lightweight thinking. Australia will be safer, richer, better regarded and more self-respecting if our diplomatic influence is enlarged, not if it remains stunted.
A properly funded DFAT can improve the government’s understanding of the motivations, intentions and capabilities of others, and help the government to develop policies and coalitions that enable Australia to navigate risks and exploit opportunities.
The report recommends that the government prepare a comprehensive capability assessment for DFAT, followed by a financial plan to match capability needs.
The report will help analysts calculate whether governments are increasing or decreasing the critical operating budget for DFAT’s policy function—an important bellwether of their commitment to the role of diplomacy in Australia’s national security.
https://aspi.s3.ap-southeast-2.amazonaws.com/wp-content/uploads/2024/12/14230901/SI168-Discounted-diplomacy_banner.jpg4501350nathanhttps://aspi.s3.ap-southeast-2.amazonaws.com/wp-content/uploads/2025/04/10130806/ASPI-Logo.pngnathan2022-02-11 06:00:002024-12-14 23:11:30The costs of discounted diplomacy