Tag Archive for: Cyber

A new Sino-Russian high-tech partnership

Authoritarian innovation in an era of great-power rivalry

What’s the problem?

Sino-Russian relations have been adapting to an era of great-power rivalry. This complex relationship, categorised as a ‘comprehensive strategic partnership of coordination for a new era’, has continued to evolve as global strategic competition has intensified.1 China and Russia have not only expanded military cooperation but are also undertaking more extensive technological cooperation, including in fifth-generation telecommunications, artificial intelligence (AI), biotechnology and the digital economy.

When Russia and China commemorated the 70th anniversary of the establishment of diplomatic relations between Soviet Union and the People’s Republic of China in October 2019,2 the celebrations highlighted the history of this ‘friendship’ and a positive agenda for contemporary partnership that is pursuing bilateral security, ‘the spirit of innovation’, and ‘cooperation in all areas’.3

Such partnerships show that Beijing and Moscow recognise the potential synergies of joining forces in the development of these dual-use technologies, which possess clear military and commercial significance. This distinct deepening of China–Russia technological collaborations is also a response to increased pressures imposed by the US. Over the past couple of years, US policy has sought to limit Chinese and Russian engagements with the global technological ecosystem, including through sanctions and export controls. Under these geopolitical circumstances, the determination of Chinese and Russian leaders to develop indigenous replacements for foreign, particularly American technologies, from chips to operating systems, has provided further motivation for cooperation.

These advances in authoritarian innovation should provoke concerns for democracies for reasons of security, human rights, and overall competitiveness. Notably, the Chinese and Russian governments are also cooperating on techniques for improved censorship and surveillance and increasingly coordinating on approaches to governance that justify and promote their preferred approach of cyber sovereignty and internet management, to other countries and through international standards and other institutions. Today’s trends in technological collaboration and competition also possess strategic and ideological implications for great-power rivalry.

What’s the solution?

This paper is intended to start an initial mapping and exploration of the expanding cooperative ecosystem involving Moscow and Beijing.4 It will be important to track the trajectory and assess the implications of these Sino-Russian technological collaborations, given the risks and threats that could result from those advances. In a world of globalised innovation, the diffusion of even the most sensitive and strategic technologies, particularly those that are dual-use in nature and driven by commercial developments, will remain inherently challenging to constrain but essential to understand and anticipate.

  • To avoid strategic surprise, it’s important to assess and anticipate these technological advancements by potential adversaries. Like-minded democracies that are concerned about the capabilities of these authoritarian regimes should monitor and evaluate the potential implications of these continuing developments.
  • The US and Australia, along with allies and partners, should monitor and mitigate tech transfer and collaborative research activities that can involve intellectual property (IP) theft and extra-legal activities, including through expanding information-sharing mechanisms. This collaboration should include coordinating on export controls, screening of investments, and restrictions against collaboration with military-linked or otherwise problematic institutions in China and Russia.
  • It’s critical to continue to deepen cooperation and coordination on policy responses to the challenges and opportunities that emerging technologies present. For instance, improvements in sharing data among allies and partners within and beyond the Five Eyes nations could be conducive to advancing the future development of AI in a manner that’s consistent with our ethics and values.
  • Today, like-minded democracies must recognise the threats from advances in and the diffusion of technologies that can be used to empower autocratic regimes. For that reason, it will be vital to mount a more unified response to promulgate norms for the use of next-generation technologies, particularly AI and biotech.

Background: Cold War antecedents to contemporary military-technological cooperation

The history of Sino-Russian technological cooperation can be traced back to the early years of the Cold War. The large-scale assistance provided by the Soviet Union to China in the 1950s involved supplying equipment, technology and expertise for Chinese enterprises, including thousands of highly qualified Soviet specialists working across China.5 Sino-Russian scientific and technical cooperation, ranging from the education of Chinese students in the Soviet Union to joint research and the transfer of scientific information, contributed to China’s development of its own industrial, scientific and technical foundations. Initially, China’s defence industry benefited greatly from the availability of Soviet technology and armaments, which were later reverse-engineered and indigenised. The Sino-Soviet split that started in the late 1950s and lasted through the 1970s interrupted those efforts, which didn’t resume at scale until after the end of the Cold War.6

Russia’s arms sales to China have since recovered to high levels, and China remains fairly reliant upon certain Russian defense technologies. This is exemplified by China’s recent acquisition of the S-400 advanced air defence system,7 for which China’s Central Military Commission Equipment Development Department was sanctioned by the US.8 Traditionally, China has also looked to Russia for access to aero-engines.9 Today, China’s tech sector and defence industry have surpassed Russia in certain sectors and technologies. For instance, China has developed unmanned aerial vehicles (UAVs) that are far more advanced than those currently operational in Russia.10 Nonetheless, the Russian military has been unwilling to acquire Chinese UAVs, instead deciding to attempt to develop indigenous counterparts in mid-range and heavy unmanned combat models.11 Nonetheless, for Russia, nearto mid-term access to certain Chinese products, services and experience may become the very lifeline that Russia’s industry, government and military will require in order to wean themselves off high-tech imports12, although even that approach may be challenged by limited availability of Chinese components.13

Underscoring the apparent strength of this evolving relationship, China and Russia have recently elevated their military-to-military relationship. In September 2019, the Russian and Chinese defence ministers agreed to sign official documents to jointly pursue military and military–technical cooperation.14 According to the Russian Defence Minister, ‘the results of the [bilateral] meeting will serve the further development of a comprehensive strategic partnership between Russia and China.’15

Reportedly, Russia plans to aid China in developing a missile defense warning system, according to remarks by President Putin in October 2019.16 At the moment, only the United States and Russian Federation have fully operationalized such technology, and according to Moscow, sharing this technology with Beijing could ‘cardinally increase China’s defense capability’.17 For China, access to Russian lessons learned in new conflicts such as Syria may prove extremely valuable as Beijing digests key data and lessons.18 Of course, this technological cooperation has also extended into joint exercises, including joint air patrols and naval drills.19

A strategic partnership for technological advancement

The strategic partnership between China and Russia has increasingly concentrated on technology and innovation.20 Starting with the state visit of Xi Jinping to Moscow in May 2015, in particular, the Chinese and Russian governments have signed a series of new agreements that concentrate on expanding into new realms of cooperation, including the digital economy.21 In June 2016, China’s Ministry of Science and Technology and Russia’s Ministry of Economic Development signed the ‘Memorandum of Understanding on Launching Cooperation in the Domain of Innovation’.22 With the elevation of the China–Russia relationship as a ‘comprehensive strategic partnership of coordination for a new era’, the notion of these nations as being linked in a ‘science and technology cooperation partnership for shared innovation’ (作共同创新的科技合作伙伴) has been elevated as one of the major pillars of this relationship.23

To some degree, this designation has been primarily rhetorical and symbolic, but it has also corresponded with progress and greater substance over time. The Chinese and Russian governments have launched a number of new forums and mechanisms that are intended to promote deeper collaboration, including fostering joint projects and partnerships among companies. Over time, the Sino-Russian partnership has become more and more institutionalised.24 This policy support for collaboration in innovation has manifested in active initiatives that are just starting to take shape.

This section outlines five areas where the Sino-Russian relationship is deepening, including in dialogues and exchanges, the development of industrial science and technology (S&T) parks, and the expansion of academic cooperation.

Dialogues and exchanges

Concurrently, a growing number of dialogues between Chinese and Russian governments and departments have attempted to promote exchanges and partnerships, and those engagements have also become particularly prominent since 2016. While the initiatives listed below remain relatively nascent, these new mechanisms constitute a network of science, technology, engineering and mathematics (STEM) cooperation that could continue to expand in the years to come and provide the two countries with new vehicles for engagement and information sharing across their respective scientific communities.

  • Starting in 2016, the Russian–Chinese High-Tech Forum has been convened annually. During the 2017 forum, both sides worked on the creation of direct and open dialogue between tech investors of Russia and China, as well as on the expansion and diversification of cooperation in the field of innovations and high technologies.25 During the 2018 forum, proposed initiatives for expanded cooperation included the introduction of new information technologies. This forum wasn’t merely a symbolic indication of interest in cooperation but appeared to produce concrete results, including the signing of a number of bilateral agreements.26 In particular, the Novosibirsk State University of Architecture and Civil Engineering signed an agreement with Chinese partners on the development of technologies for construction and operation in cold conditions.27 The specific projects featured included China’s accession to the Russian project of a synchrotron accelerator.28
  • Beginning in 2017, the Sino-Russian Innovation Dialogue has been convened annually by China’s Ministry of Science and Technology and Russia’s Ministry of Economic Development.29 In the first dialogue, in Beijing, more than 100 Chinese and Russian enterprises participated, from industries that included biomedicine, nanotechnology, new materials, robotics, drones and AI, showcasing their innovative technologies and concluding new agreements for cooperation. During the second dialogue, in Moscow, the Russian and Chinese governments determined the 2019–2024 China–Russia Innovation Cooperation Work Plan.30 Each country regards the plan as an opportunity for its own development, as it combines the advantages of China’s industry, capital and market with the resources, technology and talents of Russia.31 Contemporaneously, forums have been convened in parallel on ‘Investing in Innovations’ and have brought together prominent investors and entrepreneurs.32 When the third dialogue was convened in Shanghai in September 2019, the agenda included a competition in innovation and entrepreneurship, a forum on investment cooperation and a meeting for ‘matchmaking’ projects and investments.33 The 70th anniversary of diplomatic relations will also be commemorated with the Sino-Russian Innovation Cooperation Week.34

Science and technology parks

The establishment of a growing number of Sino-Russian S&T parks has been among the most tangible manifestations of growing cooperation. Moscow and Beijing believe that scientific and industrial parks can create a foundation and an infrastructure that’s critical to sustained bilateral cooperation. Since so many of these efforts remain relatively nascent, it’s too early to gauge their success—yet the growing number of such efforts reflects growing bilateral cooperation.

  • As early as 2006, the Changchun Sino-Russian Science and Technology Park was established as a base for S&T cooperation and innovation. It was founded by the Jilin Provincial Government and the Chinese Academy of Sciences, in cooperation with the Russian Academy of Sciences’ Siberian Branch and the Novosibirsk state of the Russian Federation.35 The park has specialised in creating new opportunities for collaboration and for the transfer and commercialisation of research and technology.36 Over more than a decade, it has built an ‘innovation team’ composed of colleges and universities, scientific research institutions and private enterprises.37
  • In June 2016, the plan for the China–Russia Innovation Park was inaugurated with support from the Shaanxi Provincial Government, the Russian Direct Investment Fund and the Sino-Russian Investment Fund. The park was completed in 2018, with information technology, biomedical and artificial intelligence enterprises invited to take part. According to the development plan, the park aims at research and development of new technologies and the integration of new tech with the social infrastructure of both countries.38
  • Also in June 2016, the Sino-Russian Investment Fund and the Skolkovo Foundation signed an agreement to build a medical robot centre and to manufacture medical robots in China with support from experts at the Russian Academy of Sciences’ School of Design and Technology.39 The state-funded Skolkovo initiative, launched in 2010, is Russia’s leading technology innovation space. The foundation manages many high-tech projects that include deep machine learning and neural network techniques.40
  • In June 2016, the China–Russia Silk Road Innovation Park was established in the Xixian New District of Xian.41 This initiative is framed as an opportunity to construct a modern industrial system as the main line of development, ‘striv[ing] to create an innovation and entrepreneurship centre with the highest degree of openness and the best development environment in the Silk Road Economic Belt’. This park welcomes entrepreneurs from China and Russia.
  • In December 2017, S&T parks from China and Russia agreed to promote the construction of a Sino-Russian high-tech centre at Skolkovo, which aims to become Russia’s Silicon Valley.42 The Skolkovo Foundation, which manages the site, agreed to provide the land, while Tus-Holdings Co Ltd and the Russia–China Investment Fund will jointly finance the project. This high-tech centre is intended to serve as a platform to promote new start-ups, including by attracting promising Chinese companies.
  • In October 2018, the Chinese city of Harbin also emerged as a major centre for Sino-Russian technological cooperation.43 This initiative is co-founded by GEMMA, which is an international economic cooperation organisation registered in Russia, and the Harbin Ministry of Science and Technology.44 At present, 19 companies are resident in the centre, which is expected to expand and receive robust support from the local government. Harbin’s Nangan District has expressed interest in cooperation with Russian research institutes in the field of AI.45
  • The cities of Harbin and Shenzhen have been selected for a new ‘Two Countries, Four Cities’ program, which is intended to unite the potentials of Moscow, Yekaterinburg, Harbin and Shenzhen.46 As of 2019, there are plans for the opening of another Russian innovation centre in the city of Shenzhen—a high-tech park that will concentrate on information technology47—enabling resident companies to enter the China market with their own software and technologies, such as big data and automation systems for mining.48

Joint funds

China and Russia are also increasing investments into special funds for research on advanced technology development.

  • The Russia–China Investment Fund for Regional Development signed on as an anchor investor in two new funds at Skolkovo Ventures to the tune of US$300 million in October 2018.49 This fund will also pour money into Skolkovo’s funds for emerging companies in information technology, which each currently have US$50 million in capital.50
  • The Russia–China Science and Technology Fund was established as a partnership between Russia’s ‘Leader’ management company and Shenzhen Innovation Investment Group to invest as much as 100 million yuan (about US$14 million) into Russian companies looking to enter the China market.51
  • The Chinese and Russian governments have been negotiating to establish the Sino-Russian Joint Innovation Investment Fund.52 In July 2019, the fund was officially established, with the Russian Direct Investment Fund and the China Investment Corporation financing the $1 billion project.53

Contests and competitions

Engagement between the Chinese and Russian S&T sectors has also been promoted through recent contests and competitions that have convened and displayed projects with the aim of facilitating cooperation.

  • In September 2018, the first China–Russia Industry Innovation Competition was convened in Xixian New District.54 The competition focused on the theme of ‘Innovation Drives the Future’, highlighting big data, AI and high-end manufacturing.55 The projects that competed included a flying robot project from Beijing University of Aeronautics and Astronautics and a brain-controlled rehabilitation robot based on virtual reality and functional electrical stimulation.
  • In April 2019, the Roscongress Foundation together with VEB Innovations and the Skolkovo Foundation launched the second round of the EAST BOUND contest, which gives Russian start-ups an opportunity to tell foreign investors about their projects. This time, the contest will support AI developments.56 The finalists spoke at SPIEF–2019 (the St Petersburg International Economic Forum) and presented their projects to a high-profile jury consisting of major investors from the Asia–Pacific region.57

Expansion of academic cooperation

In July 2018, the Russian and Chinese academies of sciences signed a road-map agreement to work on six projects.58 The agreement joins together some of the largest academic and research institutions around the world and includes commitments to expand research collaboration and pursue personnel exchanges. The Chinese Academy of Sciences has more than 67,900 scientists engaged in research activities,59 while the Russian Academy of Sciences includes 550 scientific institutions and research centres across the country employing more than 55,000 scientists.60

These projects include a concentration on brain functions that will include elements of AI.61 The Russian side is motivated by the fact that China occupies a world-leading position in the field of neuroscience,62 including through the launch of the China Brain Project.63 The Russian Academy of Sciences delegation visited laboratories in Shanghai in August 2019 and commented on their counterpart academy’s achievements:

Brain research is a whole range of tasks, starting with genetics and ending with psychophysical functions. This includes the study of neurodegenerative diseases and the creation of artificial intelligence systems based on neuromorphic intelligence. Participation in this project is very important for Russia. China is investing a lot in this and has become a world leader in some areas …64

Priorities for partnership

Chinese–Russian technological cooperation extends across a range of industries, and the degree of engagement and productivity varies across industries and disciplines. As Sino-Russian relations enter this ‘new era’, sectors that have been highly prioritised include, but are not limited to, telecommunications; robotics and AI; biotechnology; new media; and the digital economy.

Next-generation telecommunications

The ongoing feud between the US and China over the Huawei mobile giant has contributed to unexpectedly rapid counterbalancing cooperation between Russia and China. In fact, President Vladimir Putin went on the record about this issue, calling the American pressure on the Chinese company the ‘first technological war of the coming digital age’.65 Encountering greater pressure globally, and this year in particular, Huawei has expanded its engagement with Russia, looking to leverage its STEM expertise through engaging with Russian academia. Since 2018, Huawei has opened centres first in Moscow, St Petersburg and Kazan and then in Novosibirsk and Nizhny Novgorod.66

Huawei also began monitoring the research capabilities of Russian universities, searching for potential joint projects, and in August 2019 the company signed a cooperation agreement on AI with Russia’s National Technology Initiative, which is a state-run program to promote high-tech development in the country.67 Based on a competition run by the Huawei Academy and Huawei Cloud, Russia’s best academic STEM institutions were selected.68 In May 2019, Huawei and the Siberian Branch of the Russian Academy of Sciences outlined areas and means of future cooperation.69

Underscoring its bullishness, China recently announced plans for a fourfold increase in its R&D staff in Russia going forward. In May 2019, the Huawei Innovation Research Program in Russia was launched, and Russian institutions have received 140 technological requests from Huawei in various areas of scientific cooperation.70 By the end of 2019, the company intends to hire 500 people, and within five years it will attract more than 1,000 new specialists.71 Huawei now has two local R&D centres in Moscow and St Petersburg, where 400 and 150 people work, respectively.72 By the end of the year, it plans to open three new R&D centres, and Russia will then be ranked among the top three Huawei R&D centres, after Europe and North America.73 The company plans to engage in close cooperation with Russian scientific communities, universities and other research centres.

At present, Russia doesn’t appear to share deep American concerns about security related to Huawei technology.74 Huawei has started actively expanding its 5G testing in the Russian Federation, partnering with Russia’s Vimplecom to test a 5G pilot area in downtown Moscow starting in August 2019.75 Commentators have stated that Russia, which isn’t considered a technological leader, has ‘the potential to get ahead globally’ now that it has Chinese high-tech enterprises as allies.76 During the summer of 2019 at SPIEF, Huawei continued to discuss with Skolkovo plans to develop 5G network technology at the innovation centre, and also to do research in AI and internet of things (IoT) projects.77

In fact, at that forum, Russia and China outlined a large-scale cooperation program in order to prepare a road map for future investment and cooperation on issues such as cybersecurity and the IoT.78 As US pressure on Huawei continues, there’s even a possibility that the Chinese company might abandon the Android operating system (OS) altogether and replace it with the Russian Avrora OS.79 If this transaction goes through, it would be the first time that a Russian OS has contributed to a significant global telecoms player.

Whether Huawei can become a trusted name in Russia’s tech sector and defence industries remains to be seen. There are also reasons to question whether Russia truly trusts the security of Huawei’s systems, but it may be forced to rely upon them, absent better options. As an illustration of potential complications, in August 2019, Russia’s MiG Corporation, which builds Russia’s fighter jets, was caught in a legal battle with one of its subcontractors over software and hardware equipment.80 The subcontractor in question, Bulat, has been one of Russia’s most active companies in riding the wave of the ‘import substitution’ drive in effect since Western sanctions were imposed on the Russian defence industry. However, in this case, Bulat didn’t offer Russian-made technology; rather, it used Huawei’s servers and processors.81 Although MiG did not say publicly why it didn’t pay Bulat, it appears that the aircraft corporation actually requested Chinese technology for its operations. 82

Big data, robotics and artificial intelligence

For China and Russia, AI has emerged as a new priority in technological cooperation. For instance, the countries are seeking to expand the sharing of big data through the Sino-Russian Big Data Headquarters Base Project,83 while another project has been launched to leverage AI technologies, particularly natural language processing, to facilitate cross-border commercial activities, intended for use by Chinese and Russian businesses.84 China’s Ambassador to Russia, Li Hui, said at an investment forum in the autumn of 2018 that the two countries should increase the quality of bilateral cooperation and emphasise the digital economy as a new growth engine, highlighting opportunities for collaboration in AI, along with big data, the internet and smart cities.85 Ambassador Li emphasised:

Russia has unique strength in technological innovation and has achieved significant innovations in many fields of science and technology. China and Russia have unique economic potential and have rich experience in cooperation in many fields. Strengthening collaboration, promoting mutual investment, actively implementing promising innovation projects, expanding direct links between the scientific, business and financial communities of the two countries is particularly important today.86

This bilateral AI development will benefit from each country’s engineers and entrepreneurs.87 From Russia’s perspective, the combined capabilities of China and Russia could contribute to advancing AI, given the high-tech capabilities of Russia’s R&D sector.88 While Russia’s share of the global AI market is small, that market is growing and maturing.89 In Russia, a number of STEM and political figures have spoken favourably about the potential of bilateral R&D in AI. At the World Robotics Forum in August 2017, Vitaly Nedelskiy, the president of the Russian Robotics Association, delivered a keynote speech in which he emphasised that ‘Russian scientists and Chinese robot companies can join hands and make more breakthroughs in this field of robotics and artificial intelligence. Russia is very willing to cooperate with China in the field of robotics.’90 According to Song Kui, the president of the Contemporary China– Russia Regional Economy Research Institute in northeast China’s Heilongjiang Province, ‘High-tech cooperation including AI will be the next highlight of China–Russia cooperation.’91

In fact, bilateral cooperation in robotics development has some Russian developers and experts cautiously optimistic. According to the chief designer at Android Technologies, the Russian firm behind the FEDOR (Skybot F-850) robot that was launched to the International Space Station on 22 August 2019, ‘medicine may be the most promising for cooperation with China in the field of robotics.’92

However, hinting at potential copyright issues with respect to China, he further clarified:

[M]edical robotics is better protected from some kind of copying, because if we [Russians] implement some components or mechatronic systems here [in China], then we can sell no more than a few pieces … But since medical robotics is protected by technology, protected by the software itself, which is the key, the very methods of working with patients, on the basis of this, this area is more secure and most promising for [Russian] interaction with the Chinese.93

Revealingly, concerns about copying are a constraint but might not impede joint initiatives, given the potential for mutual benefit nonetheless.

Indeed, advances in AI depend upon massive computing capabilities, enough data for machines to learn from, and the human talent to operate those systems.94 Today, China leads the world in AI subcategories such as connected vehicles and facial and audio recognition technologies, while Russia has manifest strengths in industrial automation, defence and security applications, and surveillance.95 Based on recent activities and exchanges, there are a growing number of indications that Chinese–Russian collaboration in AI is a priority that should be expected to expand.

  • In August 2017, the Russian Robotics Association signed agreements with the China Robotics Industry Alliance and the China Electronics Society with support from China’s Minister of Industry and Information Technology and Russia’s Minister of Industrial Trade.96
  • In October 2017, Chinese and Russian experts participated in a bilateral engagement, hosted by the Harbin Institute of Technology and the Engineering University of the Russian Federation, that focused on robotics and intelligent manufacturing, exploring opportunities for future cooperation in those technologies.97
  • In April 2018, Russia hosted the Industrial Robotics Workshop for the first time.98 The workshop participants included the leading suppliers of technology and robotic solutions, including Zhejiang Buddha Technology.99 The Chinese participants noted that the Chinese market in robotics is now stronger than ever and advised Russian colleagues to seek help from the state.100
  • In May 2019, NtechLab, which is one of Russia’s leading developers in AI and facial recognition, and Dahua Technology, which is a Chinese manufacturer of video surveillance solutions, jointly presented a wearable camera with a face recognition function, the potential users of which could include law enforcement agencies and security personnel.101 According to NtechLab, the company sees law enforcement agencies and private security enterprises among its potential customers.102
  • In September 2019, Russian and Chinese partners discussed cooperation in AI at the sixth annual bilateral ‘Invest in Innovation’ forum held in Shanghai. The forum outlined the possibility of a direct dialogue between venture investors and technology companies in Russia and China.103 There, the head of Russian Venture Company (a state investor) noted that ‘artificial intelligence seems to be promising, given the potential of the Chinese market, the results of cooperation, and the accumulated scientific potential of Russia.’104

Biotechnology

Chinese and Russian researchers are exploring opportunities to expand collaboration in the domain of biotechnology. In September 2018, Sistema PJSFC (a publicly traded diversified Russian holding company), CapitalBio Technology (an industry-leading Chinese life science company that develops and commercialises total healthcare solutions), and the Russia–China Investment Fund agreed to create the largest innovative biotechnology laboratory in Russia.105 The laboratory will focus on genetic and molecular research. Junquan Xu, the CEO of CapitalBio Technology, said:

[W]e are honoured to have this opportunity to cooperate with the Russia–China Investment Fund and Sistema … We do believe that the establishment of the joint laboratory will further achieve resource sharing, complementary advantages and improve the medical standards.106

New media and communications

Chinese and Russian interests also converge on issues involving new media. In 2019, Russia intends to submit to the Chinese side a draft program of cooperation in the digital domain.107 China recently hosted the 4th Media Forum of Russia and China in Shanghai with the goal of creating a common digital environment conducive to the development of the media of the two countries, the implementation of joint projects and the strengthening of joint positions in global markets.108 In fact, China’s side discussed joint actions aimed at countering Western pressure against the Russian and Chinese media.109 Both Russia and China aim to develop common approaches and response measures to improve their capacity to promote their point of view—a dynamic that the Chinese Communist Party characterises as ‘discourse power’ (话语权).110 According to Alexey Volin, the Russian Deputy Minister of Digital Development, Telecommunications and Mass Media:

If Twitter, YouTube or Facebook follow the path of throwing out Russian and Chinese media from their environment, then we will have nothing else to do but create new distribution channels, how to think about alternative social networks and instant messengers.111

Such cooperation in new media, internet governance, and propaganda extends from technical to policy-oriented engagements. For instance, at SPIEF–2019, Sogou Inc. (an innovator in research and a leader in China’s internet industry) announced the launch of the world’s first Russian-speaking AI news anchor, which was developed through a partnership with ITAR-TASS, which is Russia’s official news agency, and China’s Xinhua news agency.112 According to the official announcement, the Russian-speaking news anchor features Sogou’s latest advances in speech synthesis, image detection and prediction capabilities, introducing more engaging and interactive content for Russian audiences.113 ‘AI anchors,’ which are starting to become a fixture and feature of China’s media ecosystem, can contribute to the landscape of authoritarian propaganda. During the World Internet Conference in October 2018, China and Russia also plan to sign a treaty involving the Cyberspace Administration of China and Roskomnadzor about ‘combatting illegal internet content.’114

The digital economy

China’s tech giants see business opportunities in Russia’s nascent digital economy. Russia’s data centres are gaining increased capabilities as Chinese companies move into this market. Over the past year, more than 600 Tencent racks have been installed in IXcellerate Moscow One, becoming its largest project. Tencent’s infrastructure will be used for the development of its cloud services and gaming. This project opens up new prospects for Tencent in Russia, which has the highest number of internet users in Europe (about 100 million—a 75% penetration rate).115 All provided services, including the storage and processing of personal data, are expected to be in full compliance with Russian legislation.116 In late 2018, Alibaba Group Holding Ltd started establishing a US$2 billion joint venture with billionaire Alisher Usmanov’s internet services firm Mail.ru Group Ltd to strengthen the Chinese company’s foothold in Russian e-commerce.117 Usmanov is one of Russia’s richest and most powerful businessmen, and his fortunes depend upon the Kremlin’s goodwill as much as on his own business acumen. In this deal, Alibaba signed an accord with Mail.ru to merge their online marketplaces in Russia, which is home to 146 million people. The deal was backed by the Kremlin through the Russian Direct Investment Fund, and the local investors will collectively control the new business.118

Problems in partnership and obstacles to technological development

To date, Sino-Russian cooperation in S&T has encountered some problems. Those issues have included not only insufficient marketisation but also initial Russian reservations about China’s One Belt, One Road initiative, which has been closely linked to scientific and technological collaboration.119 Additionally, there’s evidence that there may still be significant trust issues that impede adopting or acquiring Chinese-made high-tech products for the Russian markets. For example, in a February 2019 interview, Evgeny Dudorov, the CEO of Android Technologies (which built the FEDOR robot), said in a public interview that his company did not want to adopt Chinese robotics parts ‘due to their poor quality’.120

China’s track record over IP theft may be a concern, but it doesn’t seem that Russia is presently as anxious as others about this issue.For instance, Vladimir Lopatin, the Director of the Intellectual Property Department at the Russian Republican Centre for Intellectual Property, sounded a warning about Chinese activities back in 2013:

[T]he prevailing practice of theft and illegal use of Russian intellectual property in the production of counterfeit products by Chinese partners has led to a widespread critical decline in the level of confidence in them from Russian academic and university science centres and enterprises. This is a significant factor in restraining the implementation of strategic initiatives of innovative cooperation between the two countries …121

However, such sentiment does not appear to be so widespread at present. For instance, the Russian media typically concentrates on US–China IP disputes while presenting Sino-Russian high-tech activity in a primarily positive light. Moscow today may be merely resigned, given the long history of Chinese reverse-engineering of Russian defence technologies, but it’s notable that the Chinese Government is publicising promises to enforce IP protection vis-a-vis its Russian counterpart, implying that perhaps a detente has been reached.122 At this point, Russia seems to be more concerned about China possibly stealing its best and brightest scientists—in September 2019, the head of the Russian Academy of Sciences expressed concern that Beijing seems to be successful in starting to attract Russian STEM talent with better pay and work conditions.123 He also seemed concerned that, due to its better organisation and development goals, China was becoming a ‘big brother’ to Russia in not just economic but scientific development and called for a study of China’s overall STEM success.124

At the same time, such bilateral cooperation isn’t immune to the internal politics and certain economic realities in both nations. For instance, in what was obviously an unexpected setback, Tencent admitted back in 2017 it was ‘deeply sorry’ that its social media app WeChat had been blocked in Russia, adding that it was in touch with authorities to try to resolve the issue.125 Russian telecoms watchdog Roskomnadzor listed WeChat on the register of prohibited websites, according to information posted on the regulator’s website. ‘Russian regulations say online service providers have to register with the government, but WeChat doesn’t have the same understanding [of the rules],’ Tencent said in a statement at the time. Equally important is Russia’s ongoing uphill battle in import-substitution of high-tech and industrial components, as a result of the sanctions imposed by the West in 2014 and 2015. Despite significant progress, Russia is still reliant upon Western technology procured by direct or indirect means, and Moscow is not always keen to embrace Chinese high-tech as a substitute.

In Russia, the most lucrative companies are entangled within semi-monoplistic structures close to the Russian Government. Those players are few in number and tend to wield enormous influence in the Russian economy. As a result, the possible high-tech contact nodes between Moscow and Beijing lead through a small number of offices belonging to the most powerful and connected individuals. The true test of the Sino-Russian bilateral relationship concerning high-tech products and services may be in attempting to expand to the medium- and small-sized businesses and enterprises offering the most nimble and capable solutions. For example, the head of Russian Venture Company, a state investor, noted the difficulties in creating tools for a joint venture fund:

We did not resolve the problem of investing in a Russian venture fund. Withdrawing money from China to Russian jurisdictions under an understandable partnership and an understandable instrument is nevertheless difficult.126

Moreover, for both China and Russia, a significant challenge remains: promising young scientists in both countries would prefer to work elsewhere, namely in the US. Some recent polls and anecdotal evidence point to a continuously strong desire for emigration among the best educated, and especially among those with already established international professional relationships.127 This is especially true for Russia. However, as its National Technology Initiative has observed:

We believe that everybody for whom the Californian comfort, sun, wine, mountains and oceans are important has already left Russia. Others realise that the wine, mountains and sea in Sevastopol are just as good.128

For China, the current paradox is that, while Beijing offers plenty of incentives for its STEM community to stay in the country, many researchers choose, in fact, to work overseas, particularly in American institutions.129 The establishment of numerous S&T initiatives outlined in this paper is meant to offset that trend, but the trajectory of so many efforts launched recently remains to be seen.

Conclusions and implications

The Chinese–Russian high-tech partnership may continue to progress in the coming years, as both countries look to leverage each other’s capabilities to advance high-tech developments. China is clearly approaching Russia for its STEM R&D and S&T proficiencies, and Russia seems to be happy to integrate itself more into Chinese high-tech capabilities, and yet it is Beijing that emerges as a dominant player in this bilateral cooperation, while Russia tends to find itself in a position of relative disadvantage. Russia lacks such giants as China’s Baidu, Tencent and Alibaba, which are starting to expand globally, including into the Russian market.130 Nonetheless, as the Russian Government seeks to jump-start its own indigenous innovation, China is seen as a means to an end—and vice versa.

After all, Russian Deputy Prime Minister Maxim Akimov told reporters on the sidelines of the VI Russia–China Expo in Harbin that Russia is interested in cooperation with China in the cybersecurity sphere and in the development of technology solutions: ‘We keep a close eye on the experience of Chinese colleagues.’131

However, the future trajectory of this relationship could be complicated by questions of status and standing, not to mention politics and bureaucracy, as such projects, financing and research accelerate.

Russia may benefit from its embrace of China’s technology prowess and financing, but the full range of risks and potential externalities is still emerging and perhaps poorly understood. As Sino-Russian partnership has deepened, observers of this complex relationship have often anticipated some kind of ‘break’ in the ongoing Russo-Chinese ‘entente’.132 Many commentators find it difficult to believe that countries with such global ambitions and past historical grievances can place much trust in each other.

Certainly, there have been subtle indications of underlying friction, including Russia’s initial reluctance to embrace Xi’s signature One Belt, One Road initiative, to which Moscow has since warmed, or so it seems.

Going forward, high-tech cooperation between Moscow and Beijing appears likely to deepen and accelerate in the near term, based on current trends and initiatives. In a world of globalised innovation, scientific knowledge and advanced technologies have been able to cross borders freely over the past quarter of a century. China and Russia have been able to take advantage of free and open STEM development, from life sciences to information technology and emerging technologies, applying the results to their own distinctive technological ecosystems. Today, however, as new policies and countermeasures are introduced to limit that access, China and Russia are seeking to develop and demonstrate the dividends from a new model for scientific cooperation that relies less and less on foreign, and especially American, expertise and technology, instead seeking independence in innovation and pursuing developments that may have strategic implications.

Policy considerations and recommendations

In response to these trends and emerging challenges, like-minded democracies, particularly the Five Eyes states, should pursue courses of action that include the following measures.

  • Track the trajectory of China–Russia tech collaborations to mitigate the risks of technological surprise and have early warning of future threats. This calls for better awareness of Sino-Russian joint high-tech efforts among the Five Eyes states, in conjunction with allies and partners and relevant stakeholders, that goes beyond the hype of media headlines by developing better expertise on and understanding of the strengths and weaknesses of Russian and Chinese technological developments.
  • Monitor and respond to tech transfer activities that involve IP theft or the extra-legal acquisition of technologies that have dual-use or military potential, including those activities where there is a nexus between companies and universities with Russian and Chinese links. The US and Australia, along with their allies and partners, should coordinate on export controls, screening of investment and restrictions against collaborations with military-linked or otherwise problematic institutions in China and Russia. Otherwise, unilateral responses will prove inadequate to counter the global threat of Chinese industrial espionage, which is undertaken through a range of tech transfer tactics and is truly international in scope at scale.133
  • Deepen cooperation among allies and partners on emerging technologies, including by pursuing improvements in data sharing. The US and Australia should promote greater technological collaboration between Five Eyes governments in the high-tech sectors that are shared priorities in order to maintain an edge relative to competitors. For instance, arrangements for sharing of data among allies and partners could contribute to advances in important applications of AI. To compete, it will be critical to increase funding for STEM and high-tech programs and education in the Five Eyes countries.
  • Promulgate norms and ethical frameworks for the use of next-generation technologies, particularly AI, that are consistent with liberal values and democratic governance. In the process, the US and Australia, along with concerned democracies worldwide, should mount a more coordinated response to Russian and Chinese promotion of the concept of cyber sovereignty as a means of justifying repressive approaches to managing the internet and their advancement of AI for censorship and surveillance.

Acknowledgements

The authors would like to thank Danielle Cave, Fergus Hanson, Alex Joske, Rob Lee and Michael Shoebridge for helpful comments and suggestions on the paper.

What is ASPI?

The Australian Strategic Policy Institute was formed in 2001 as an independent, non‑partisan think tank. Its core aim is to provide the Australian Government with fresh ideas on Australia’s defence, security and strategic policy choices. ASPI is responsible for informing the public on a range of strategic issues, generating new thinking for government and harnessing strategic thinking internationally.

ASPI International Cyber Policy Centre

ASPI’s International Cyber Policy Centre (ICPC) is a leading voice in global debates on cyber and emerging technologies and their impact on broader strategic policy. The ICPC informs public debate and supports sound public policy by producing original empirical research, bringing together researchers with diverse expertise, often working together in teams. To develop capability in Australia and our region, the ICPC has a capacity building team that conducts workshops, training programs and large-scale exercises both in Australia and overseas for both the public and private sectors. The ICPC enriches the national debate on cyber and strategic policy by running an international visits program that brings leading experts to Australia.

Important disclaimer

This publication is designed to provide accurate and authoritative information in relation to the subject matter covered. It is provided with the understanding that the publisher is not engaged in rendering any form of professional or other advice or services. No person should rely on the contents of this publication without first obtaining advice from a qualified professional.

© The Australian Strategic Policy Institute Limited 2019

This publication is subject to copyright. Except as permitted under the Copyright Act 1968, no part of it may in any form or by any means (electronic, mechanical, microcopying, photocopying, recording or otherwise) be reproduced, stored in a retrieval system or transmitted without prior written permission. Enquiries should be addressed to the publishers. Notwithstanding the above, educational institutions (including schools, independent colleges, universities and TAFEs) are granted permission to make copies of copyrighted works strictly for educational purposes without explicit permission from ASPI and free of charge.

  1. ‘China, Russia agree to upgrade relations for new era’, Xinhua, 6 June 2019, online. ↩︎
  2. ‘Russia and China celebrate 70 years of the establishment of diplomatic relations’ [Россия и Китай отмечают 70-летие установления дипотношений], TVC.ru, 30 September 2019, online. ↩︎
  3. Official evening commemorating 70th years of diplomatic relations between Russia and China (Вечер, посвящённый 70-летию установления дипломатических отношений между Россией и Китаем), Official website of the Russian President, June 5, 2019 ↩︎
  4. This paper uses entirely open sources, and there are inherently limitations in the information that is accessible. Nonetheless, we hope this is a useful overview that leverages publicly available information to explore current trends. ↩︎

Engineering global consent: The Chinese Communist Party’s data-driven power expansion

The Chinese party-state engages in data collection on a massive scale as a means of generating information to enhance state security—and, crucially, the political security of the Chinese Communist Party (CCP)—across multiple domains. The party-state intends to shape, manage and control its global operating environment so that public sentiment is favourable to its own interests. The party’s interests are prioritised over simply the Chinese state’s interests or simply the Chinese people’s interests. The effort requires continuous expansion of the party’s power overseas because, according to its own articulation of its threat perceptions, external risks to its power are just as likely—if not more likely—to emerge from outside the People’s Republic of China’s (PRC) borders as from within.

This report explains how the party-state’s tech-enhanced authoritarianism is expanding globally. The effort doesn’t always involve distinctly coercive and overtly invasive technology, such as surveillance cameras. In fact, it often relies on technologies that provide useful services. Those services are designed to bring efficiency to everyday governance and convenience to everyday life. The problem is that it’s not only the customer deploying these technologies—notably those associated with ‘smart cities’, such as ‘internet of things’ (IoT) devices—that derives benefit from their use. Whoever has the opportunity to access the data a product generates and collects can derive value from the data. How the data is processed, and then used, depends on the intent of the actor processing it.

Tweeting through the Great Firewall

Preliminary Analysis of PRC-linked Information Operations on the Hong Kong Protests

Introduction

On August 19th 2019, Twitter released data on a network of accounts which it has identified as being involved in an information operation directed against the protests in Hong Kong. After a tip-off from Twitter, Facebook also dismantled a smaller information network operating on its platform. This network has been identified as being linked to the Chinese government. 

Researchers from the International Cyber Policy Centre (ICPC) at the Australian Strategic Policy Institute have conducted a preliminary analysis of the dataset. Our research indicates that the information operation targeted at the protests appears to have been a relatively small and hastily assembled operation rather than a sophisticated information campaign planned well in advance.

However, our research has also found that the accounts included in the information operation identified by Twitter were active in earlier information operations targeting political opponents of the Chinese government, including an exiled billionaire, a human rights lawyer, a bookseller and protestors in mainland China. The earliest of these operations date back to April 2017.

This is significant because—if the attribution to state-backed actors made by Twitter is correct—it indicates that actors linked to the Chinese government may have been running covert information operations on Western social media platforms for at least two years. 

Methodology

This analysis used a mixed-methods approach combining quantitative analysis of bulk Twitter data with qualitative analysis of tweet content.

The dataset for quantitative analysis was the tweets and accounts identified by Twitter as being associated with a state-backed information operation targeting Hong Kong and is available here.

This dataset consisted of 

  • account information about the 940 accounts Twitter suspended from their service
    • The oldest account was created in December 2007, although half of accounts were created after August 2017 
  • 3.6 million tweets from these accounts, ranging from December 2007 to May 2019

The R statistics package was used for quantitative analysis, which informed phases of social network analysis (using Gephi) and qualitative content analysis.

Research limitations: ICPC does not have access to the relevant data to independently verify that these accounts are linked to the Chinese government; this research proceeds on the assumption that Twitter’s attribution is correct. It is also important to note that Twitter has not released the methodology by which this dataset was selected, and the dataset may not represent a complete picture of Chinese state-linked information operations on Twitter.

Information operation against Hong Kong protests

Indications of a hastily constructed campaign

Carefully crafted, long-running influence operations on social media will have tight network clusters that delineate target audiences. We explored the retweet patterns across the Twitter take-down data from June 2019 – as the network was mobilising to target the Hong Kong protests – and did not find a network that suggested sophisticated coordination. Topics of interest to the PRC emerge in the dataset from mid-2017 but there is little attempt to target online communities with any degree of psychological sophistication.

There have been suggestions that Taiwanese social media, during recent gubernatorial elections, had been manipulated by suspicious public relations contractors operating as proxies for the Chinese government. It is notable that the network targeting the Hong Kong protests was not cultivated to influence targeted communities; it too acted like a marketing spam network. These accounts did not attempt to behave in ways that would have integrated them into – and positioned them to influence – online communities. This lack of coordination was reflected in the messaging. Audiences were not steered into self-contained disinformation ecosystems external to Twitter, nor were hashtags used to build audience, then drive the amplification of specific political positions. As this network was mobilising against the Hong Kong protests, several nodes in the time-sliced retweet data (see Figure 1) were accounts to promote the sex industry, accounts that would have gained attention because of the nature of their content. These central nodes were not accounts that had invested in cultivating engagement with target audiences (beyond their previous marketing function). These accounts spammed retweets at others outside the network in attempts to get engagement rather than working together to drive amplification of a consistent message.

Figure 1: Retweet network from June 2019, derived from Twitter’s take-down data, showing the significant presence of likely pornography-related accounts within the coordinated network that targeted the Hong Kong protests.

This was a blunt–force influence operation, using spam accounts to disseminate messaging, leveraging an influence-for-hire network. The predominant use of Chinese language suggests that the target audiences were Hong Kongers and the overseas diaspora.

This operation is in stark contrast to the efforts of Russia’s Internet Research Agency (IRA) to target US political discourse, particularly through 2015-2017.

The Russian effort displayed well-planned coordination. Analysis of IRA account data has shown that networks of influence activity cluster around identity or issue-based online communities. IRA accounts disseminated messaging that inflamed both sides of the debates around controversial issues in order to further the divide between protagonist communities. High-value and long-running personas cultivated influence within US political discourse. These accounts were retweeted by political figures, and quoted by media outlets.

The IRA sent four staff to the US to undertake ‘market research’ as the IRA geared up its election meddling campaign. The IRA campaign displayed clear understanding of audience segmentation, colloquial language, and the ways in which online communities framed their identities and political stances.

In contrast, this PRC-linked operation is clumsily re-purposed and reactive. Freedom of expression on China’s domestic internet is framed by a combination of top-down technocratic control managed by the Cyberspace Administration of China and devolved, crowdsourced content regulation by government entities, industry and Chinese netizens. Researchers have suggested that Chinese government efforts to shape sentiment on the domestic internet go beyond these approaches. One study estimated that the Chinese government pays for as many as 448 million inauthentic social media posts and comments a year. The aim is to distract the population from social mobilisation and collective forms of protest action. This approach to manipulating China’s domestic internet appears to be much less effective on Western social media platforms that are not bounded by state control.

Yet, the CCP continues to use blunt efforts to grow the reach, impact and influence of its narratives abroad. Elements of the party propaganda apparatus – including the foreign media wing of the United Front Work Department – have issued (as recently as 16 August) tenders for contracts to grow their international influence on Twitter, with specific targets for numbers of followers in particular countries.

In the longer term, China’s investments in AI may lift its capacity to target and manipulate international social media audiences. However, this operation lacks the sophistication of those deployed by other significant state proponents of cyber-enabled influence operations; particularly Iran and Russia, who have demonstrated the capacity to operate with some degree of subtlety across linguistic and cultural boundaries.

This was the quintessential authoritarian approach to influence – one-way floods of messaging, primarily at Hong Kongers.

Use of repurposed spam accounts

Many of the accounts included in the Twitter dataset are repurposed spam or marketing accounts. Such accounts are readily and cheaply available for purchase from resellers, often for a few dollars or less. Accounts in the dataset have tweeted in a variety of languages including Indonesian, Arabic, English, Korean, Japanese and Russian, and on topics ranging from British football to Indonesian tech support, Korean boy bands and pornography.

This graph shows the language used in tweets over time, (although Twitter did not automatically detect language in tweets prior to 2013). The dataset includes accounts tweeting in a variety of languages over a long period of time. Chinese language tweets appear more often after mid-2017.

This map shows the self-reported locations of the accounts suspended by twitter, color-coded for the language they tweeted in. These locations do not reliably indicate the true location of the account-holder, but in this data set there is a discrepancy between language and location. The self-reported locations are likely to reflect the former nature of the accounts as spam and marketing bots – i.e., they report their locations in developed markets where the consumers they are targeting are located in order to make the accounts appear more credible, even if the true operators of the account are based somewhere else entirely.

Evidence of reselling is clearly present in the dataset. Over 630 tweets within the dataset contain phrases like ‘test new owner’, ‘test’, ‘new own’, etc. As an example, the account @SamanthxBerg tweeted in Indonesian on the 2nd of October 2016, ‘lelang acc f/t 14k/135k via duit. minat? rep aja’ – meaning that the @SamanthxBerg account with 14,000 followers and following 135,000 users, was up for auction. The next tweet on 6th October 2016 reads ‘i just become the new owner, wanna be my friend?.’

  • tweetid: 782380635990200320
  • Time stamp: 2016-10-02 00:44:00 UTC
  • userid: 769790067183190016
  • User display name: 阿丽木琴
  • User screen name: SamanthxBerg
  • Tweet text: PLAYMFS: #ptl lelang acc f/t 14k/135k via duit. minat? rep aja

Use of these kinds of accounts suggests that the operators behind the information operation did not have time to establish the kinds of credible digital assets used in the Russian campaign targeting the US 2016 elections. Building that kind of ‘influence infrastructure’ takes time and the situation in Hong Kong was evolving too rapidly, so it appears that the actors behind this campaign effectively took a short-cut by buying established accounts with many followers.

 

Timeline of activity

The amount of content directly targeting the Hong Kong protests makes up only a relatively small fraction of the total dataset released by Twitter, comprising just 112 accounts and approximately 1600 tweets, of which the vast majority are in Chinese with a much smaller number in English.

Content relevant to the current crisis in Hong Kong appears to have begun on 14 April 2019, when the account @HKpoliticalnew (profile description: Love Hong Kong, love China. We should pay attention to current policies and people’s livelihood. 愛港、愛國,關注時政、民生。) tweeted about the planned amendments to the extradition bill. Tweets in the released dataset mentioning Hong Kong continued at the pace of a few tweets every few days, steadily increasing over April and May, until a significant spike on 14 June, the day of a huge protest in which over a million Hong Kongers (1 in 7) marched in protest against the extradition bill.

Hong Kong related tweets per day from 14 April 2019 to 25 July 2019.

Thereafter, spikes in activity correlate with significant developments in the protests. A major spike occurred on 1 July, the day when protestors stormed the Legislative Council building. This is also the start of the English-language tweets, presumably in response to the growing international interest in the Hong Kong protests. Relevant tweets then appear to have tapered off in this dataset, ending on 25 July.

It is worthwhile noting that the tapering off in this dataset may not reflect the tapering off of the operation itself – instead, it is possible that it reflects a move away from this hastily-constructed information operation to more fully developed digital assets which have not been captured in this data.

Lack of targeted messaging and narratives

One of the features of well-planned information operations is the ability to subtly target specific audiences. By contrast, the information operation targeting the Hong Kong protests is relatively blunt.

Three main narratives emerge:

  • Condemnation of the protestors
  • Support for the Hong Kong police and ‘rule of law’
  • Conspiracy theories about Western involvement in the protests

Support for ‘rule of law’:

  • tweetid: 1139524030371733504
  • Time stamp: 2019-06-14 13:24:00 UTC
  • userid: r+QLQEgpn4eFuN1qhvccxtPRmBJk3+rfO3k9wmPZTQI=
  • User display name: r+QLQEgpn4eFuN1qhvccxtPRmBJk3+rfO3k9wmPZTQI=
  • User screen name: r+QLQEgpn4eFuN1qhvccxtPRmBJk3+rfO3k9wmPZTQI=
  • Tweet text: @uallaoeea 《逃犯条例》的修改,只会让香港的法制更加完备,毕竟法律是维护社会公平正义的基石。不能默认法律的漏洞用来让犯罪分子逃避法律制裁而不管。 – 14 June 2019

Translated: ‘The amendment to the Fugitive Offenders Ordinance will only make Hong Kong’s legal system more complete. After all, the law is the cornerstone for safeguarding fairness and justice in society. We can’t allow loopholes in the legal system to allow criminals to escape the arm of the law.’

Conspiracy theories:

  • tweetid: 1142349485906919424
  • Time stamp: 2019-06-22 08:31:00 UTC
  • Userid: 2156741893
  • User display name: 披荆斩棘
  • User screen name: saydullos1d
  • Tweet text: 香港特區警察總部受到包圍和攻擊, 黑衣人嘅真實身份係咩? 係受西方反華勢力指使,然後係背後操縱, 目的明確, 唆使他人參與包圍同遊行示威。把香港特區搞亂, 目的就係非法政治目的, 破環社會秩序。  – 22 June 2019

Translated: ‘Hong Kong SAR police headquarters were surrounded and attacked. Who were the people wearing black? They were acting under the direction of western anti-China forces. They’re manipulating things behind the scenes, with a clear purpose to instigate others to participate in the demonstration and the encirclement. They’re bringing chaos to Hong Kong SAR with an illegal political goal and disrupting the social order.’

[NB: Important to note that this was written in traditional Chinese characters and switches between Standard Chinese and Cantonese, suggesting that the author was a native mandarin speaker but their target audience was Cantonese speakers in Hong Kong.]

  • tweetid: 1147398800786382848
  • Time stamp: 2019-07-06 06:56:00 UTC
  • Userid: 886933306599776257
  • User display name: lingmoms
  • User screen name: lingmoms
  • Tweet text: 無底線的自由,絕不是幸事;不講法治的民主,只能帶來禍亂。香港雖有不錯的家底,但經不起折騰,經不起內耗,惡意製造對立對抗,只會斷送香港前途。法治是香港的核心價值,嚴懲違法行為,是對法治最好的維護,認為太平山下應享太平。 – 6 July 2019

Translated: ‘Freedom without a bottom line is by no means a blessing; democracy without the rule of law can only bring disaster and chaos. Although Hong Kong has a good financial background, it can’t afford to vacillate. It can’t take all of this internal friction and maliciously created agitation, which will only ruin Hong Kong’s future. The rule of law is the core value of Hong Kong. Severe punishment for illegal acts is the best safeguard for the rule of law. Peace should be enjoyed at the foot of The Peak.’’

[NB: This Tweet is also written in Standard Chinese using traditional Chinese characters. The original text says ‘at the foot of Taiping mountain’, meaning Victoria Peak, but is more commonly referred to in Hong Kong as “The Peak” (山頂). However, the use of Taiping mountain instead of ‘The Peak’ to refer to the feature is a deliberate pun, because Taiping means ‘great peace’]

  • tweetid: 1152024329325957120
  • Time stamp: 2019-07-19 01:16:00 UTC
  • Userid: 58615166
  • User display name: 流金岁月
  • User screen name: Licuwangxiaoyua
  • Tweet text: #HongKong #HK #香港 #逃犯条例 #游行 古话说的好,听其言而观其行。看看那些反对派和港独分子,除了煽动上街游行、暴力冲击、袭警、扰乱香港社会秩序之外,就没做过什么实质性有利于香港发展的事情。反对派和港独孕育的“变态游行”这个怪胎,在暴力宣泄这条邪路上愈演愈烈。 – 19 July 2019

Translated: ‘#HongKong #HK #HongKong #FugitiveOffendersOrdinance #Protests The old Chinese saying put it well: ‘Judge a person by their words, as well as their actions’. Take a look at those in the opposition parties and the Hong Kong independence extremists. Apart from instigating street demonstrations, violent attacks, assaulting police officers and disturbing the social order in Hong Kong, they have done nothing that is actually conducive to the development of Hong Kong. This abnormal fetus of a “freak demonstration” that the opposition parties and Hong Kong independence people gave birth to is becoming more violent as it heads down this evil road.’

This approach of vilifying opponents, emphasising the need for law and order as a justification for authoritarian behaviour is consistent with the narrative approaches adopted in earlier information operations contained within the dataset (see below).

Earlier information operations against political opponents

Our research has uncovered evidence that the accounts identified by Twitter were also engaged in earlier information campaigns targeting opponents of the Chinese government.

It appears likely that these information operations were intended to influence the opinions of overseas Chinese diasporas, perhaps in an attempt to undermine critical coverage in Western media of issues of interest to the Chinese government. This is supported by a notice released by China News Service, a Chinese-language media company owned by the United Front Work Department that targets the Chinese diaspora, requesting tenders to expand its Twitter reach.

Campaign against Guo Wengui

The most significant and sustained of these earlier information operations targets Guo Wengui, an exiled Chinese businessman who now resides in the United States. The campaign directed at Guo is by far the most extensive campaign in the dataset and is significantly larger than the activity directed at the Hong Kong protests. This is the earliest activity the report authors have identified that aligns with PRC interests.

Graph showing activity in an information operation targeting Guo from 2017 to the end of the dataset in July 2019

Guo, also known as Miles Kwok, fled to the United States in 2017 following the arrest of one of his associates, former Ministry of State Security vice minister Ma Jian. Guo has made highly public allegations of corruption against senior members of the Chinese government. The Chinese government in turn accused Guo of corruption, prompting an Interpol red notice for his arrest and return to China. Guo has become a vocal opponent of the Chinese government, despite having himself been accused of spying on their behalf in July 2019.

Within the Twitter Hong Kong dataset, the online information campaign targeting Guo began on 24 April 2017, five days after the Interpol red notice was issued at the request of the Chinese government, and continued until the end of July 2019. Guo continues to be targeted on Twitter, although it is unclear if the PRC government is directly involved in the ongoing effort.

Tweets mentioning Guo Wengui over time from 23 April 2017 to 4 May 2017: Graph showing activity in tweet volume by day. Activity appears to take place during the working week (except Wednesdays), suggesting that this activity may be professional rather than authentic personal social media use.

In total, our research identified at least 38,732 tweets from 618 accounts in the dataset which directly targeted Guo. These tweets consist largely of vitriolic attacks on his character, ranging from highly personal criticisms to accusations of criminality, treachery against China and criticisms of his relationship with controversial US political figure Steve Bannon. 

  • tweetid: 1123765841919660032
  • Time stamp: 2019-05-02 01:47:00 UTC
  • Userid: 4752742142
  • User display name: 漂泊一生
  • User screen name: futuretopic
  • Tweet text: “郭文贵用钱收买班农,一方面想找靠山,一方面想继续为自己的骗子生涯增加点砝码,其实班农只是爱财并非真想和郭文贵做什么, 很快双方会发现对方都 是在欺骗自己,那时必将反目成 仇.” – 2 May 2019

Translated: “Guo Wengui used his money to buy Bannon. On the one hand, he needed his backing. On the other hand, he wanted to continue to add weight to his career as a swindler. In fact, Bannon just loves money and doesn’t really want to do anything with Guo Wengui. Soon both sides will find out that they’re both deceiving the other, and then they’ll turn into enemies.”

  • tweetid: 1153122108655861760
  • Time stamp: 2019-07-22 01:58:00 UTC
  • Userid: 1368044863
  • User display name: asdwyzkexa
  • User screen name: asdwyzkexa
  • Tweet text: ‘近日的郭文贵继续自己自欺欺人的把戏,疯狂的直播,疯狂的欺骗,疯狂鼓动煽风点火,疯狂的鼓吹自己所谓的民主,鼓吹自己的“爆料革命”。但其越是疯狂,越是难掩日暮西山之态,无论其吹的再如何天花乱坠,也终要为自己的过往负责,亲自画上句点.’ – 22 July 2019

Translated: ‘Lately, Guo Wengui has continued to use his cheap trick of deceiving himself and others with a crazy live-stream where he lied like crazy, incited and fanned the flames like crazy, and agitated for his so-called democracy like crazy—enthusiastically promoting his “Expose Revolution”. But the crazier he gets the harder it is to hide the fact that the sun has already set on him. It doesn’t matter how much he embellishes things; eventually, he will have to take responsibility and put an end to all of this himself.’

Spikes in activity in this campaign appear to correspond with significant developments in the timeline of Guo’s falling out with the Chinese government. For example, a spike around 23 April 2018 (see below chart) correlates with the publishing of a report by the New York Times exposing a complex plan to pull Guo back to China with the assistance of the United Arab Emirates and Trump fundraiser Elliott Broidy. 

  • tweetid: 988088232075083776
  • Time stamp: 2018-04-22 16:12:00 UTC
  • Userid: 908589031944081408
  • User display name: 如果
  • User screen name: bagaudinzhigj
  • Tweet text: ‘‘谎言说一千遍仍是谎言,郭文贵纵有巧舌如簧的口才,也有录制性爱视频等污蔑他人的手段,更有给人设套录制音频威胁他人的前科,还有诈骗他人钱财的146项民事诉讼和19项刑事犯罪指控,但您在美国再卖力的表演也掩盖不了事实.’ – 22nd April 2018

Translated: ‘Even if a lie is repeated a thousand times, it’s still a lie. Guo Wengui is an eloquent smooth talker and uses sex tapes and other methods to slander people. He also has a criminal record for trying to threaten and set people up with recorded audio. He has 146 civil lawsuits and 19 criminal charges for swindling other people’s money. No matter how much effort you put in in the United States, you still can’t hide the truth.’

This tweet was repeated 41 times by this user from 7 November 2017 to 15 June 2018, at varying hours of the day, but at only 12 or 42 minutes past the hour, suggesting an automated or pre-scheduled process:

Volume of tweets mentioning Guo Wengui over time from 14 April 2019 to 29 April 2019.

Like the information operation targeting the Hong Kong protests, the campaign targeting Guo is primarily in Chinese language. There are approximately 133 tweets in English, many of which are retweets or duplicates. On 5th November 2017, for example, 27 accounts in the dataset tweeted or retweeted: ‘#郭文贵 #RepatriateKwok、#Antiasylumabused、 sooner or later, your fake mask will be revealed.’

As the Hong Kong protests began to increase in size and significance, the information operations against Guo and the protests began to cross over, with some accounts directing tweets at both Guo and the protests.

  • tweetid: 1148407166920876032
  • Time stamp: 2019-07-09 01:42:00 UTC
  • Userid: 886933306599776257
  • User display name: lingmoms
  • User screen name: lingmoms
  • Tweet text: ‘唯恐天下不乱、企图颠覆香港的郭文贵不仅暗中支持香港占中分子搞暴力破坏,还公开支持暴力游行示威,难道这一小撮入狱的暴民就是文贵口中的“香港人”?’– 9 July 2019

Translated: ‘Guo Wengui, who fears only a world not in chaos and schemes to toppleHong Kong, is not only secretly supporting the violent and destructive Occupy extremists in Hong Kong, he’s also openly supporting violent demonstrations.  Is this small mob of criminals the “Hong Kong people” Guo Wengui keeps talking about?’ 

The dataset provided by Twitter ends in late July 2019, but all indications suggest that the information campaign targeting Guo will continue.
 

Campaign against Gui Minhai

Although the campaign targeting Guo Wengui is by far the most extensive in the dataset, other individuals have also been targeted.

One is Gui Minhai, a Chinese-born Swedish citizen. Gui is one of a number of Hong Kong-based publishers specialising in books about China’s political elite who disappeared under mysterious circumstances in 2015. It was later revealed that he had been taken into Chinese police custody. The official reason for his detention is his role in a fatal traffic accident in 2003 in which a schoolgirl was killed. Gui has been in and out of detention since 2015, and has made a number of televised confessions which many human rights advocates believe to have been forced by the Chinese government.

The information operation targeting Gui Minhai is relatively small, involving 193 accounts and at least 350 tweets. With some exceptions, the accounts used in the activity directed against Gui appear to be primarily ‘clean’ accounts created specifically for use in information operations, unlike the repurposed spam accounts utilised by the activity targeted at Hong Kong.

The campaign runs for one month, from 23 January to 23 February 2018. The preciseness of the timing is indicative of an organised campaign rather than authentic social media activity. The posting activity also largely corresponds with the working week, with breaks for weekends and holidays like Chinese New Year.

A graph showing campaign activity in tweets per day. Weekends and public holidays are indicated by grey shading.

The campaign started on 23 January 2018, the day on which news broke that Chinese police had seized Gui off a Beijing-bound train while he was travelling with Swedish diplomats to their embassy. The campaign then continued at a slower pace across several weeks, ending on 23 February 2018. The tweets are entirely in Chinese language and emphasise Gui’s role in the traffic accident, painting him as a coward for attempting to leave the country and blaming Western media for interfering in the Chinese criminal justice process. Some also used Gui’s name as a hashtag.

  • tweetid: 956700365289807872
  • Time stamp: 2018-01-26 01:28:00 UTC
  • Userid: 930592773668945920
  • User display name: 赵祥
  • User screen name: JonesJones4780
  • Tweet text: ‘#桂民海 因为自己一次醉驾,让一个幸福家庭瞬间支离破碎,这令桂敏海痛悔不已。但是,他更担心自己真的因此入狱服刑。于是,在法院判决后不久、民事赔偿还未全部执行完的时候,桂敏海做出了另一个错误选择.’ – 26 January 2018

Translation: ‘#GuiMinhai deeply regrets that a happy family was shattered because of his drunk driving. However, he’s even more worried that he’s actually going to have to serve a prison sentence for it. Therefore, not long after the court’s decision and before any civil compensation was paid out, Gui Minhai made another bad choice’

  • tweetid: 956411588386279424
  • Time stamp: 2018-01-25 06:21:00 UTC
  • Userid: 1454274516
  • User display name: 熏君
  • User screen name: nkisomekusua
  • Tweet data: ‘#桂敏海 西方舆论力量仍想运用它们的话语霸权和双重标准,控制有关中国各种敏感信息的价值判断,延续对中国政治体制的舆论攻击,不过西方媒体这样的炒作都只是自导自演,自娱自乐.’ – 25 January 2018

Translation: ‘#GuiMinhai Western public opinion forces still want to use their discourse hegemony and double standards to control value judgments of all kinds of sensitive information about China and are continuing their public opinion attacks on the Chinese political system. However, this kind of hype in the Western media is just a performance they’re doing for themselves for their own personal entertainment.’

Others amplify the messages of Gui’s “confession”, claiming that he chose to hand himself in to police of his own volition due to his sense of guilt.

  • tweetid: 959276160038289408
  • Time stamp: 2018-02-02 04:03:00 UTC
  • Userid: 898580789952118784
  • User display name: 雪芙
  • User screen name: Ryy7v3wQkXnsGO8
  • Tweet text: ‘#桂敏海     父亲去世他不能奔丧这件事情,对桂敏海触动很大。他的母亲也80多岁了,已经是风烛残年,更让他百般思念、日夜煎熬,心里总是有一种很强烈的愧疚不安。所以他选择回国自首.’ – 2 February 2018

Translation: The death of #GuiMinhai’s father and the fact he couldn’t return home for the funeral greatly affected him. His mother is also over 80 years old and is already in her twilight years, causing him to suffer day and night in every possible way. There was always a strong sense of guilt and uneasiness in his heart. So he chose to return to China and give himself up.’

It seems likely that this was a short-term campaign intended to influence the opinions of overseas Chinese who might see reports of Gui’s case in international media.
 

Campaign against Yu Wensheng

On precisely the same day as the information operation against Gui started, another mini-campaign appears to have been launched. This one was aimed against human rights lawyer and prominent CCP-critic Yu Wensheng.

Yu was arrested by Chinese police whilst walking his son to school on 19 January 2018. Only hours before, Yu had tweeted an open letter critical of the Chinese government, and called for open elections and constitutional reform. Shortly after, an apparently doctored video was released, raising questions about whether Chinese authorities were attempting to launch a smear campaign against Yu.

In this dataset, tweets targeting Yu Wensheng begin on 23 January 2018—the same day as the campaign against Gui Minhai—and continue through until 31 January (only four tweets take place after this, the latest on 10 February 2018). This was a small campaign, consisting of roughly 218 tweets from 80 accounts, many of which were the same content amplified across these accounts. As with Gui, Yu’s name was often used as a hashtag.

This graph shows campaign activity in tweets per day over time. Selected weekends are highlighted in grey.

The content shared by the campaign was primarily condemning Yu for his alleged violence against the police as shown by the doctored video.

  • tweetid: 956707469677359104
  • Time stamp: 2018-01-26 01:56:00
  • Userid: 0jFZp2sQdCYj8hUveyN4Llxe2UvFbQgTqxaymZihMM0
  • User display name: 0jFZp2sQdCYj8hUveyN4Llxe2UvFbQgTqxaymZihMM0
  • User screen name: 0jFZp2sQdCYj8hUveyN4Llxe2UvFbQgTqxaymZihMM0
  • Tweet text: ‘#余文生 1月19日,一余姓男子在接受公安机关依法传唤时暴力袭警致民警受伤,被公安机关依法以妨害公务罪刑事拘留。澎湃新闻从北京市公安机关获悉,涉案男子系在被警方强制传唤时,先后打伤、咬伤两名民警.’ – 26 January 2018.

Translation: ‘#YuWensheng On January 19, a man surnamed Yu violently assaulted a police officer while receiving a legal summons from the public security bureau, and was arrested for obstructing government administration. Beijing Public Security Bureau told The Paper [a Chinese publication] that the man involved in the case wounded the officers repeatedly by biting them when he was being forcibly summoned by the police.’

As with the other campaigns, however, accusations of supposed Western influence were also notable: 

  • tweetid: 956742165845090304
  • Time stamp: 2018-01-26 04:14:00 UTC
  • Userid: 2l1eDka0eiClBUYoDXlwYaKcUaeelnz44aDM9OJRM
  • User display name: 2l1eDka0eiClBUYoDXlwYaKcUaeelnz44aDM9OJRM
  • User screen name: 2l1eDka0eiClBUYoDXlwYaKcUaeelnz44aDM9OJRM
  • Tweet text: ‘#余文生  在中国,有一批人自称维权律师,他们自诩通过行政及法律诉讼来维护公共利益、宪法及公民权利,并鼓吹西方民主、自由,攻击中国黑暗、专制、暴力执法、缺乏法治精神,视频主人公余文生律师也正是其中的一员.’ – 26 January 2018

Translation: ‘#YuWensheng  It can be seen from Yu Wensheng’s past activities that he is one of the so-called rights lawyers in China. Yu Wensheng thinks that with the support of foreign media and rights lawyers, he can become a hero and that naturally, some people will cheer for him. Little did he know that this time the police were wearing a law enforcement recording device that they used to record an overview of the incident and quickly published it to the world. Yu’s ugly face was undoubtedly revealed to the public.’

  • tweetid: 958222061972832256
  • Time stamp: 2018-01-30 06:15:00 UTC
  • Userid: Kmto+XqJ6hcowk0GvAGVEasNxHUW11beLphANrm3uhE=
  • User display name: Kmto+XqJ6hcowk0GvAGVEasNxHUW11beLphANrm3uhE=
  • User screen name: Kmto+XqJ6hcowk0GvAGVEasNxHUW11beLphANrm3uhE=
  • Tweet text: ‘#余文生 从余文生过去的活动中可以看到,他是国内所谓维权律师中的一员。余文生认为身后有国外媒体以及维权律师群体的支持,他就能成为英雄,自然有人为他摇旗呐喊。殊不知这次警察佩戴了执法记录仪,录下了事件的概况,并迅速公布于世,余的丑陋嘴脸在公众暴露无疑.’ – 30 January 2018.

Translation: ‘#YuWensheng In China, a group of people claim to be rights defenders. They claim to protect the public interest, constitution and civil rights through administrative and legal proceedings. They advocate for Western democracy and freedom and attack China’s darkness, autocracy, violent law enforcement and the lack of the rule of law. Lawyer Yu Wensheng, the star of the video, is also one of them.’

As with the other campaigns seen in this dataset, it seems probable that the motivation behind this effort was to convince overseas Chinese to believe the Chinese Communist Party’s version of events, bolstering the doctored video of Yu and amplifying the smear campaign.

Campaign against protesting PLA veterans

Another information campaign aimed at influencing public opinion appears to have taken place in response to the arrest of ten Chinese army veterans over protests in the eastern province of Shandong.

The protests took place in October 2018, when around 300 people demonstrated in Pingdu city to demand unpaid retirement benefits for veterans of the People’s Liberation Army (PLA). The protests allegedly turned violent, leading to injuries and damage to police vehicles. On 9 December 2018, Chinese state media announced that ten veterans had been arrested for their role in the protest. China Digital Times, which publishes leaked censorship instructions, reported that state media had been instructed to adopt a “unified line” on the arrests.

On the same day, a small but structured information operation appears to have kicked into gear. Beginning at 8:43am Beijing time, accounts in the dataset began tweeting about the arrests. This continued with tweets spaced out every few minutes (a total of 683) until 3:52pm Beijing time. At 9:52pm Beijing time the tweets started up again, this time continuing until 11:49pm.

This graph shows campaign activity over the day by hour of the day adjusted for Beijing UTC+8 time.

Activity by the accounts in the dataset included tweets as well as retweeting and responding to one another’s tweets, creating the appearance of authentic conversation. There was significant repetition within and across accounts, however, with many accounts tweeting a phrase and then tweeting the exact same phrase repeatedly in replies to the tweets of other accounts.

The content of the tweets supported and reinforced the message being promoted by state media, in condemning the protestors as violent criminals and calling for them to be punished.

  • tweetid: 1071589476495835136
  • Time stamp: 2018-12-09 02:16:00 UTC
  • Userid: 53022020
  • User display name: sergentxgner
  • User screen name: sergentxgner
  • Tweet text: ‘中国是社会主义法治国家,绝对没有法外之地和法外之人,法律面前人人平等。自觉遵守国家法律、依法合理表达诉求、维护社会正常秩序,是每一位公民的义务和责任。对任何违法犯罪行为,公安机关都将坚决依法予以打击,为中国公安点赞,严厉惩治无视法律法规之人,全力保障人民群众生命、财产安全.’ – 9 December 2018

Translated: ‘China is a socialist country ruled by law. There’s no place and no people in it that are above the law. All people are equal before the law. It is the duty and responsibility of every citizen to consciously abide by the laws of the state, to express their demands reasonably and according to the law, and to maintain the normal social order. Public security organs will resolutely crack down on any illegal or criminal acts in accordance with the law. Like [this post] for China’s public security, severely punish those who ignore laws and regulations, and fully protect the lives and property of the people.’

  • tweetid: 1071614920846786560
  • Time stamp: 2018-12-09 03:58:00 UTC
  • Userid: 4249759479
  • User display name: 林深见鹿
  • User screen name: HcqcPapleyAshle
  • Tweet text: ‘这些人的行为严重造成人民群众的生命财产安全,就应该雷霆出击,绝不手软.’ – 9 December 2018

Translated: ‘The behaviour of these people has seriously caused [harm to] the safety of the lives and property of the people. They should strike out like a thunderclap and not relent.’

[NB: This tweet may have been typed incorrectly and missed out a character or two. It should probably say that the behaviour endangered the lives and property of these people.]

Again, it appears likely that the motivation behind this campaign was to influence the opinions of overseas Chinese against critical international reporting (although international coverage of the arrests appears to have been minimal, which perhaps helps to explain the short-lived nature of the campaign) and videos of the event being circulated on WeChat that contradicted the official narrative.

Dormant accounts and Chinese language tweets

The information operation against Guo Wengui appeared to begin on 24 April 2017. Our research also tried to determine whether earlier PRC-related information operations had taken place. 

Chinese language tweets.

One measure we examined was the percentage of Chinese language tweets per day in the dataset. Twitter assigns a ‘tweet_language’ value to tweets, and manual examination of a sample of tweets showed that this was approximately 90% accurate.

Figure 11: Percent Chinese language tweets per day from Jan 2017 onwards.

Figure 11 shows that prior to April 2017 there was no significant volume of Chinese language tweets in the network of accounts that Twitter identified. A noticeable increase is seen by July 2017, and a significant volume of the tweets are identified as Chinese from then on, with a peak at over 80% in October 2017.

This measure does not support the existence of significant PRC-related operations prior to April 2017, unless their initial operations occurred in languages other than Chinese.

Account creation and tweet language

A second measure examined when accounts were created and the language they tweeted in.

Figure 12: Account creation day by percent Chinese tweets and follower size from 2008 to July 2019.

Figure 12 shows when accounts were created with time on the x-axis, compared to percent Chinese tweets over the lifetime of the account y-axis, with size of point reflecting follower numbers.

Figure 13: Account creation day by percent Chinese tweets and follower size from April 2016 to July 2019.

Figure 13 is the same data from April 2016 to July 2019.

In Figure 12 and Figure 13 we can see a vertical stripe in July 2016, and more in August through October 2017. These stripes indicate many accounts being created at close to the same time. From July 2017 new accounts tweet mostly in Chinese.

These data indicate that accounts were systematically created to be involved in this network. Accounts created after October 2017 tweet mostly in Chinese, with just a couple of exceptions. There are also a group of accounts that were created in July 2016 that were involved in the network that were created close to simultaneously.

Sleeper Accounts

The dataset contained 233 accounts that had greater than year-long breaks between tweets. These sleeper accounts were created as early as December 2007, and had breaks as long as ten years between tweets.

Figure 14: Tweets over time as represented as dots coloured by tweet language for accounts with a greater than one-year gap between tweets. More than year-long gaps between tweets are represented by grey lines.

Figure 14 shows the pattern of tweets for these accounts over time. These accounts tweeted in a variety of languages including Portugese, Spanish and English, but not Chinese prior to their break in activity. After they resumed tweeting there is a significant volume of Chinese language tweets.  

The bulk of these sleeper accounts begin to tweet again from late 2017 onwards. These data support the hypothesis that PRC-related groups began recruiting dormant accounts into their network from mid- to late-2017 and onwards. 

Figure 15: Tweets over time as represented as dots coloured by tweet language for accounts with a greater than one-year gap between tweets that were created between June and August 2016.

Figure 15 shows the tweeting pattern of accounts created in June and August 2016. These accounts can be seen as a vertical stripe in Figure 13.

The presence of long gaps in tweets immediately after account creation before reactivation and tweeting mostly in Chinese from early 2018 does not support the hypothesis that PRC-related elements were engaged in active information operations before April 2017. It is possible that these accounts were created by PRC-related entities expressly for use in subsequent information operations, but our assessment is that it is more likely that these inactive accounts were created en masse for other purposes and then acquired by PRC-related groups.

This research did not identify any evidence for other PRC-related information operations earlier than April 2017.

Conclusion

The ICPC’s preliminary research indicates that the information operation targeting the Hong Kong protests, as reflected in this dataset, was relatively small hastily constructed, and relatively unsophisticated. This suggests that the operation, which Twitter has identified as linked to state-backed actors, is likely to have been a rapid response to the unanticipated size and power of the Hong Kong protests rather than a campaign planned well in advance. The unsophisticated nature of the campaign suggests a crude understanding of information operations and rudimentary tradecraft that is a long way from the skill level demonstrated by other state actors. This may be because the campaigns were outsourced to a contractor, or may reflect a lack of familiarity on the part of Chinese state-backed actors when it comes to information operations on open social media platforms such as Twitter, as opposed to the highly proficient levels of control demonstrated by the Chinese government over heavily censored platforms such as WeChat or Weibo.

Our research has also uncovered evidence that these accounts had previously engaged in multiple information operations targeting political opponents of the Chinese government. Activity in these campaigns show clear signs of coordinated inauthentic behaviour, for example patterns of posting which correspond to working days and hours in Beijing. These information operations were likely aimed at overseas Chinese audiences. 

This research is intended to add to the knowledge-base available to researchers, governments and policymakers about the nature of Chinese state-linked information operations and coordinated inauthentic activity on Twitter. 

Notes

The authors would like to acknowledge the assistance of ICPC colleagues Fergus RyanAlex Joske and Nathan Ruser

Twitter did not provide any funding for this research. It has provided support for a separate ICPC project.


What is ASPI?

The Australian Strategic Policy Institute was formed in 2001 as an independent, non‑partisan think tank. Its core aim is to provide the Australian Government with fresh ideas on Australia’s defence, security and strategic policy choices. ASPI is responsible for informing the public on a range of strategic issues, generating new thinking for government and harnessing strategic thinking internationally.


ASPI International Cyber Policy Centre

The ASPI International Cyber Policy Centre’s mission is to shape debate, policy and understanding on cyber issues, informed by original research and close consultation with government, business and civil society.


It seeks to improve debate, policy and understanding on cyber issues by:

  1. conducting applied, original empirical research
  2. linking government, business and civil society
  3. leading debates and influencing policy in Australia and the Asia–Pacific.

The work of ICPC would be impossible without the financial support of our partners and sponsors across government, industry and civil society. ASPI is grateful to the US State Department for providing funding for this research project.

Important disclaimer

This publication is designed to provide accurate and authoritative information in relation to the subject matter covered. It is provided with the understanding that the publisher is not engaged in rendering any form of professional or other advice or services. No person should rely on the contents of this publication without first obtaining advice from a qualified professional person.


© The Australian Strategic Policy Institute Limited 2019

This publication is subject to copyright. Except as permitted under the Copyright Act 1968, no part of it may in any form or by any means (electronic, mechanical, microcopying, photocopying, recording or otherwise) be reproduced, stored in a retrieval system or transmitted without prior written permission. Enquiries should be addressed to the publishers. Notwithstanding the above, educational institutions (including schools, independent colleges, universities and TAFEs) are granted permission to make copies of copyrighted works strictly for educational purposes without explicit permission from ASPI and free of charge.

Mapping conditions in Rakhine State

Executive summary

The Australian Strategic Policy Institute’s International Cyber Policy Centre has combined open-source data with the collection and analysis of new satellite imagery to assess the current status of settlements in northern Rakhine State, Myanmar, which were burned, damaged or destroyed in 2017. As part of this research project, we have also mapped potential repatriation camps and military bases constructed on the sites of former Rohingya settlements.

Our research does not support assertions that conditions are in place to support a safe, dignified and sustainable return of Rohingya refugees to Rakhine State. Satellite analysis shows minimal preparation for a return of half a million refugees. The preparations that are being made raise significant concerns about the conditions under which returning Rohingya would be expected to live. Ongoing violence, instability, disruptions to internet and communications technologies and the lack of information about the security situation in Rakhine add to those concerns.

This research seeks to add to the evidence base available to policymakers and relevant stakeholders about conditions in northern Rakhine, and Rakhine State more broadly. It also seeks to contribute to informed discussions about the best path towards a safe, dignified and sustainable future for the Rohingya refugees.

Online report

Our findings and research methodology has been compiled as an interactive report which is available here.

Link to online research tool

Capabilities, competition and communication

Why the West needs a strategy for technology

Introduction

At the conclusion of his time as a Distinguished Visiting Fellow with ASPI’s International Cyber Policy Centre, Admiral Rogers shares five factors that government and policymakers should consider as they prepare for the next wave of disruptive technologies.

Seeing technology as a capability, not a product

Technology is going to be a core aspect of the future for us, and it’s not just cyber technology. It’s going to be technology writ large. I believe that we can assimilate this. Game-changing technologies with social implications have been a part of human history during our entire existence as a species. We tend to think that the time we’re living in is the most different or somehow the toughest, but it’s not.

There have been game-changing technologies with potential negative second- and third-order effects throughout the history of humanity. We’ve dealt with this before. I believe we can deal with it now. But we’ve got to be willing to sit down and think about this. And we really need to ask ourselves what’s the way forward.

One of my concerns as I left government was, quite frankly, that I didn’t think we fully understood the implications of technology in national security. I thought that in many ways we were still organised and focused along very industrial lines, that we tended to think of ‘technology’ through the prism of something that’s produced. It might be a particular good. It might be a particular service. It might be a particular product. On the other hand, the idea of technology as an underpinning that powers a broader set of activities—I didn’t think we were working our way through this enough.

What’s the right answer for the implementation of a technology that will be a fundamental building block for a nation’s economic competitiveness in this digital world that we’re living in?

I would argue 5G is emblematic of this, because 5G is not just about, ‘Well, I’m going to get a better phone service,’ right? That’s not the heart of it. 5G is going to enable us to address latency issues. We’re going to be able to move massive, increased amounts of data at incredible, stable rates that will turn our handheld digital devices into the kinds of capabilities and functionality that we take for granted today in our laptops and our mainframes.

5G is going to underpin all of that, and it’s only one of many foundational technologies that are being developed right now. As I used to say about 5G in our system, ‘Hey, it’s just the wolf closest to the sled.’ It’s emblematic of a broader set of challenges that we’re going to have to deal with over time.

Rethinking technological competition

In the US, our theory had always been that the edge for us is the innovative power of our private sector. And as long as the government largely stayed out of that, we could compete head to head, and compete very well.

I would argue that for 1G, 2G, 3G, 4G, that worked perfectly. But the dynamics we’re seeing now with 5G are prompting the question of how that strategy works when the competition isn’t a single foreign company. The competition now is an integrated national strategy in which that foreign company is just one component. How does a single private company compete against the integrated efforts and resources of an entire nation-state?

I think we have to be asking ourselves how we need to change our model, because if we think it’s bad now with 5G, I would argue it’ll be even worse when 6G comes along in about three years. It’ll be even worse with artificial intelligence, quantum computing and other new technologies coming down the pipeline right now. We’re going to have a series of technological changes coming up. They’re going to be so foundational that if we don’t change the dynamic, we’re going to have this conversation over and over again.

This is not about stopping any particular nation. This is not about contesting a particular company. This is about ensuring our own and our partners’ competitive ability in the 21st-century digital age. Because, again, you’re going to have to deal with this with other countries and other companies over time. Right now, that happens to be China, Huawei and 5G, but it’ll be something different in the future.

To me, China is not an enemy. They aren’t an adversary. They’re a competitor, and we need to ask ourselves, ‘How do we compete with them?’

Let’s not waste our time trying to figure out how we stop the growth of China, how we contain China. My view is that is a losing strategy. I think a much smarter strategy is that, given that growth, given that rise, how can we work together collaboratively to ensure that the growth is done in a way in which it becomes a part of the greater, broader world order? And that it’s done in a way that optimises outcomes both for China and for its neighbours, including the US.

We shouldn’t approach this as a zero-sum game; I never believe that. I think that for Australia and the US our respective relationships with China are going to be fundamental to our competitiveness and our economic performance in this century. You can’t pretend otherwise.

I think the goal is to make sure that the playing field is level. Once we have a level playing field, then it’s up to our private sector. But the challenge right now is that the playing field is not level, and it’s really difficult for the West’s firms to compete. And I just don’t think it’s realistic to expect them to do this on their own. Levelling the playing field is going to take work. It’s also about ensuring agreements are adhered to and there are consequences for clear breaches.

Developing a strategy

In the end, to me it’s all about developing a strategy. I’m watching other nations develop strategies, and I’m saying to myself, ‘Where’s ours? How did we get ourselves into this situation? And what are we going to do so that we can compete?’

So, let’s think about the strategy we’re going to develop. Let’s think about how we’re going to compete.

Let’s think about how we’re going to ensure our continued strong economic performance, our strong technological edge. How are we are going to retain that? And at the same time as we’re retaining that, how are we going to retain the values of the societies that we’re a part of?

Our number one competitive advantage, I argue, is our values: the idea of freedom, the idea of the choice of the individual, the idea of the private sector’s ability to compete without the constraint of the government. I also argue that the power of innovation is one of our competitive edges, and we should be doing more to support and protect that innovative edge. So I think, again, if we can get to a level playing field, then our inherent advantages—that structure, those values, that ability to innovate—will enable us to compete with anybody.

I think we have to acknowledge that our structures and our processes aren’t really optimised for this world. I also think we have to acknowledge that it all starts from recognition and acknowledgment of the problems, so we’ve got to be willing to do that. You can’t fix anything if you don’t acknowledge that you have an issue.

I think there’s an element of changing structures and changing process in the way we do things. Part of that model which needs to change, at least in the US, is the kind of wall we build between the functions of the government and the private sector. We really need to step back and ask ourselves—given this world of technological change, given technology’s impact on national security and economic competitiveness, given the speed with which this is happening, given the geopolitical applications of some of this technology—some really fundamental questions like, ‘So, what’s the role of the private sector in this world? What’s the role of the government in this world? Are there ways they could team together?’

It doesn’t mean control. A lot of times I hear people say, ‘You’re just arguing that the government should control everything.’ That isn’t what I’m saying. That hasn’t tended to work out so well in many areas, and it’s not a model that I would default to. On the other end, I think there are some things we can do in partnership with each other. I just think we have to be open to the fundamental idea that in this digital age we’ve got to be willing to look at very different approaches to how we do things.

Strengthening our alliances

I think if we’re honest with ourselves, we have tended to take the US–Australia relationship for granted for some time, and that just isn’t going to work for us anymore. We’ve been together in every major conflict in the past century. In the post-9/11 environment, we’ve worked and fought together. Everywhere I’ve been, on the battlefields in Afghanistan and Iraq, in my professional career, I’ve loved hearing the sound of an Australian accent in the middle of nowhere. In some really tough circumstances, hearing that cheery, ‘G’day, mate,’—I just really like that. I think there’s something really powerful about that. But we can’t take this relationship for granted.

The ability to bring like-minded nations together to work on tough problems is a great thing. Five like-minded nations with a broadly common set of values and a willingness to address not only their own national interests but to support others in the execution of theirs, all with the view of ensuring that we’re helping to make the world a better place: that’s a pretty powerful fundamental idea.

I think that’s still very relevant. It doesn’t pretend for one minute that we don’t have national interests and that those interests never differ. It doesn’t pretend that we don’t have respective national interests that we want to make sure are addressed. But I still think that within that framework we can do powerful things together.

One of my concerns is that, if we don’t get this right, if we don’t think about national security, economic competitiveness and the implications of technology, then we’re individually going to make decisions that potentially increase the risk for other partners in the Five Eyes, or which potentially force other members of the Five Eyes to make some really tough choices that might not be in the interest of all five. If we’re not careful, we could start to go down the road where Five Eyes starts to splinter. If that happens, it should be a conscious decision, not something that kind of happens as an afterthought of other choices. We have to work at maintaining those alliances, and we have to be able to articulate their value. The Five Eyes structure is so important, and one of its strengths has been that we’re willing to have a discussion with each other on those kinds of issues.

Communicating with broader audiences about cyber strategy

As policymakers and as leaders, we’ve got to think about how to articulate the challenge of technology in a way that non-technical people can understand and relate to. I don’t think we’re particularly effective at this at times. One point I would make is, ‘Hey, look, we got to articulate these important topics in ways that non-technical people can understand.’

The second point I would make is this. We need to try to provide meaningful, concrete, specific examples, not an apocalyptic, cyber-could-destroy-the-world-around-us story, because what happens with that is you cry wolf too many times and people just tune you out. Instead, we should be trying to break these big, complex problems down into smaller, more understandable, more digestible components that enable us to build a comprehensive strategy.

Speaking only for the US, we have publicly started talking about how cyber is a tool within the toolkit which we will consider using in an appropriate manner, with a legal basis, for various measurable and proportionate responses to other activity.

For example, you saw us acknowledge in congressional testimony that for the November 2018 election cycle in the US, the US Government authorised and executed a strategy designed to preclude the Russians’ ability to do some of the things against US election infrastructure which they did in 2016. That’s significant: firstly, the fact that we did it; secondly, the fact that we’re willing to publicly talk about it.

What this indicates to me is a kind of evolution in strategy and policy which says, ‘Look, we need to acknowledge that being passive and responding quietly has not really gotten us to where we want to be or where we feel we need to be. Therefore, we need to try to do something different.’

The difference is that we need to start publicly talking about cyber as a tool: the fact that we have capabilities, the fact that we’re willing to use them, and then showing our willingness to use them — again, for very specific purposes, under a very specific legal regime and with a very specific sense of proportionality.


ASPI International Cyber Policy Centre

The ASPI International Cyber Policy Centre’s mission is to shape debate, policy and understanding on cyber issues, informed by original research and close consultation with government, business and civil society.

It seeks to improve debate, policy and understanding on cyber issues by:

  1. conducting applied, original empirical research
  2. linking government, business and civil society
  3. leading debates and influencing policy in Australia and the Asia–Pacific.

The work of ICPC would be impossible without the financial support of our partners and sponsors across government, industry and civil society.

Important disclaimer

This publication is designed to provide accurate and authoritative information in relation to the subject matter covered. It is provided with the understanding that the publisher is not engaged in rendering any form of professional or other advice or services. No person should rely on the contents of this publication without first obtaining advice from a qualified professional.

© The Australian Strategic Policy Institute Limited 2019

This publication is subject to copyright. Except as permitted under the Copyright Act 1968, no part of it may in any form or by any means (electronic, mechanical, microcopying, photocopying, recording or otherwise) be reproduced, stored in a retrieval system or transmitted without prior written permission. Enquiries should be addressed to the publishers. Notwithstanding the above, educational institutions (including schools, independent colleges, universities and TAFEs) are granted permission to make copies of copyrighted works strictly for educational purposes without explicit permission from ASPI and free of charge.

Protecting critical national infrastructure in an era of IT and OT convergence

ASPI Policy Brief 18/2019

What’s the problem?

Today, we’re seeing an increasing convergence between the digital and the physical worlds. This is sometimes referred to as the convergence of IT (information technology) and OT (operational technology)—devices that monitor physical effects, control them, or both. More and more devices are becoming interconnected to create the ‘internet of things’ (IoT).

While this brings many benefits, it also brings new types of risks to be managed—a cyberattack on OT systems can have consequences in the physical world and, in the context of a critical national infrastructure provider, those physical consequences can have a potentially major impact on society.

Insecure OT systems can also be a back door to allow attackers to penetrate IT systems that were otherwise thought to be well secured.

Among Australian critical national infrastructure providers, the level of maturity and understanding of the specific risks of OT systems lags behind that of IT systems. There’s a shortage of people with OT security skills, commercial solutions are less readily available, and boards lack specialist knowledge and experience. Mandating or recommending standards could help boards understand what’s expected of them, but it isn’t clear which standards are appropriate for managing these risks.

What’s the solution?

A lesson learned from IT security over the past decade is that impacts are severe unless security is considered up front and threats are managed proactively rather than reactively. As the convergence of IT and OT gathers pace in our critical national infrastructure, urgent action on a range of fronts is needed to address risks introduced by the IT–OT convergence.

Concerted effort is needed to ensure that boards of critical infrastructure organisations are mandated and enabled to decide, communicate and monitor their OT cyber risk appetite; that the right skills and tools are available to address the problems; and that there’s effective sharing of threat intelligence and best practice. Achieving this will require the prioritisation of resources to appropriate parts of government to support these actions.

This paper looks at critical infrastructure policy in Australia, the convergence of cyber and physical systems, and the risk and threat environment applicable to those systems. It then looks at the current state of maturity and how this could be improved, concluding with policy recommendations.

What are OT, ICS and SCADA?

OT refers to operational technology. Gartner defines it as ‘hardware and software that detects or causes a change through the direct monitoring and/or control of physical devices, processes and events’.1

Other terms commonly used in discussions of this area are ICSs (industrial control systems), which are a key sector in OT, and often a key area of concern since, as the name suggests, they’re used to control major industrial processes such as power plants. ICSs are often managed via SCADA (supervisory control and data acquisition) systems, so SCADA cybersecurity is a key focus, as the compromise of the SCADA system allows full control of the industrial process.

This report uses the term OT throughout, as this refers to the full range of cyber–physical systems that should be considered in developing policy approaches to securing critical infrastructure.

Convergence creates risk

IT and OT systems have traditionally been separate but have converged in recent years, as OT devices that monitor and control ‘real-world’ physical systems are increasingly connected to the internet or wider communication networks, in particular in our critical national infrastructure providers.

For example, managers may be provided with a dashboard of the performance of a power plant, allowing operational changes (such as changing load generation) and commercial decisions (such as the execution and pricing of electricity sale contracts) to be made in real time.

Although this brings clear benefits, it also brings new risks. OT systems are no longer isolated and stand-alone, so a cyberattack on the internet-connected combined IT–OT system can have direct physical consequences. When the organisation is part of our critical national infrastructure, such an attack can have a potentially major impact on national security.

Research and survey methodology

This study examined the understanding and management of the risks of IT–OT convergence in critical national infrastructure, particularly the telecommunications, energy, water and transport sectors. These areas are considered the most critical to the security of Australia and are the focus of government legislation. Many of the issues of IT–OT convergence identified here occur in other sectors of the economy and society, although exploring the implications outside of critical infrastructure is beyond the scope of this paper.

This paper drew on desktop research; interviews with key stakeholders in major Australian critical infrastructure providers, generally targeting the senior risk owners, government officials and subject-matter experts; and a survey of a limited sample of critical infrastructure operators (a dozen organisations in the four priority sectors). The survey explored approaches to IT–OT convergence, the level of understanding of the risks, and approaches to managing the risks.

Critical national infrastructure in Australia

In Australia, the federal, state and territory governments have defined critical infrastructure as:

those physical facilities, supply chains, information technologies and communication networks which, if destroyed, degraded or rendered unavailable for an extended period, would significantly impact the social or economic wellbeing of the nation or affect Australia’s ability to conduct national defence and ensure national security.2

Examples include the systems providing food, water, energy, transport, communications and health care.

Critical infrastructure providers in Australia cover a broad range of organisation types—some are government agencies or government-owned corporations, but a large proportion are run by commercial organisations, which may be privately owned companies, public corporations or part of multinational organisations. Government-owned providers may be at the federal, state or local government level, with differing access to resources and security expertise.

The policy for critical infrastructure resilience was launched by then Attorney-General George Brandis in 2015, and is now the responsibility of the Department of Home Affairs. Australian policy sets out two key objectives: to improve the management of reasonably foreseeable risks, and to improve resilience to unforeseen events. Much of our critical infrastructure is owned and operated by commercial organisations and the strategy recognises that, so implementation is intended to be through a broadly non-regulatory business–government partnership.

The Critical Infrastructure Centre was established in January 2017 with a mandate to work across all levels of government and with owners and operators to identify and manage the risks to Australia’s critical infrastructure. It aims to bring together expertise from across the Australian Government to manage complex and evolving national security risks to critical infrastructure from espionage, sabotage and foreign interference. Although other forums, such as the Trusted Information Sharing Network (TISN), look across a broader range of critical infrastructure sectors and threats, budget constraints mean that the Critical Infrastructure Centre has focused on a more limited range of sectors that pose the greatest potential threat to national security if attacked. Therefore, the initial work has focused on understanding potential foreign ownership and control risks, enabled by the Security of Critical Infrastructure Act 2018, which mandates obligations for a range of assets that meet specified thresholds in the electricity, gas, water and ports sectors (currently estimated to number around 165).

In managing broader security risks from potential foreign or domestic actors attacking our critical infrastructure, the Critical Infrastructure Centre also administers the telecommunications sector security reforms, which are based on the Telecommunications and Other Legislation Amendment Act 2017, which came into force on 18 September 2018. The reforms place obligations on providers in the telecommunications sector to ensure the security of their networks and to notify government of changes with potential security impacts, and enable government to obtain information to monitor compliance and to direct providers to do ‘a specified thing that is reasonably necessary to protect networks and facilities from national security risks’.

Cyber–physical convergence

Critical national infrastructure providers are typically significant users of OT in order to automate the services that they provide. They’re under pressure to deliver services more efficiently and at lower cost, due to market competition, technological change, reduced government funding and price regulation.

To achieve this, organisations have sought to automate and integrate more and more of their IT and OT systems. Research for this report showed that, although most organisations hadn’t seen much change in their degree of IT–OT convergence over the past two years, in the next two years they expect a rapid increase in convergence. Most providers interviewed for this report expect a high degree of convergence and extensive two-way connectivity.

Another convergence driver is the proliferation of interconnected devices, often referred to as the ‘industrial internet of things’ (IIoT). This has been helped by the development of open standards, low-powered sensors and electronic controllers, and short-range communication networks.

In the past, an organisation might have had a ‘stovepiped’ system provided by a single vendor communicating using proprietary protocols, with a single gateway into the back-office IT system.

Today, it’s more likely that there will be a range of different vendor systems communicating with each other in a complex mesh network, and the concept of a clear boundary between IT and OT domains is less relevant. A Kaspersky study of 320 worldwide professional OT security decision-makers showed that 53% saw implementing these types of IIoT solutions as one of their top priorities.3

As the volume of data grows due to the exponential increase in connected sensors, the data can be mined to monitor operational performance, scheduling and utilisation, faults and anomalies, compliance and so on. It can, in turn, be used to identify actions to improve effectiveness, often in real time. However, to implement effective machine learning and artificial intelligence algorithms, it is often easiest to connect to today’s public cloud services, which can provide flexible and easy-to-use processing power. This results in a more porous border between corporate IT systems and public networks, and effectively interconnects OT networks with public networks. Although the use of cloud services can bring security opportunities, unless managed appropriately it can bring new vulnerabilities by making formerly separate corporate systems accessible through the wider internet.

Some commentators have noted that getting full value from this sort of data analysis requires close partnership between the users and manufacturers of OT systems. Gartner predicts that, by 2020, 50% of OT service providers will create key partnerships with IT-centric providers for IoT offerings.4 Another report suggests that 95% of organisations using the IoT have some form of partnership with another organisation to implement their IoT solutions, so it’s likely that even for the other 50% of providers many will still have features and services that expect the OT devices to be connected to the internet.5

Communications technologies are also improving: 5G network rollouts by Telstra and Optus are expected to enable better latency and availability for remote applications. This means we’re likely to see more interconnectedness between IT and OT systems not only within organisations but between organisations and supply chains, further increasing complexity and the potential cyberattack surface.

Challenges of OT cybersecurity

The key principles may be similar, but IT cybersecurity is considered much more mature and advanced than OT cybersecurity. This is because IT systems are much more prevalent, the risks are well recognised and there are enough case studies of real-life attacks to ensure focus and understanding of how to address the risks. Historically, OT systems were physically isolated, and cybersecurity was not a priority until the recent convergence trend drove it up the agenda.

There are significant overlaps and similarities, and OT cybersecurity can learn much from IT cybersecurity. Probably 80% of the threats are the same as for IT systems, but it’s with the other 20% where the biggest challenges lie. Some of the key differences are as follows:

  • The risk calculus is different. A successful OT attack can cause major physical damage or even loss of life, which can make a significant difference to the risk appetite.
  • For OT systems, the availability of service is often more important than confidentiality, whereas in IT that priority is often reversed. Shutting down a system to stop an attack might not be an option for an OT system, and even applying updates to fix known vulnerabilities may not always be feasible. Integrity is also more important, given the potential safety-critical impact of changes to data.
  • The operational lifetime of OT systems is typically much longer than that of IT systems. Plant and machinery can last 20–50 years, whereas IT systems may be replaced every 3–5 years. Older systems might not be built to withstand modern threats, and support and security patches might not be available.
  • The threat and attack models are different. Typically, the design of firewalls and security monitoring tools is based on characteristic indicators of IT attacks, meaning that OT attacks could pass through undetected.

The risk and threat environment

A cyberattack on an OT system is not just theoretical—there have already been many publicly reported attacks. As long ago as 2001, a disgruntled subcontractor used remote radio access to release sewage into town water, parks and other areas in Australia.6

More recent examples include suspected nation-state-motivated attacks on Saudi Arabian industry. In 2012, Saudi Aramco, the Saudi national oil company, was hit by a major attack that disabled 35,000 computers, halting all its operations, even though OT systems were not directly attacked.7 In August 2017, attackers breached the safety control systems at a Saudi petrochemical plant, intending to sabotage them and cause an explosion. Fortunately, it appears that a coding error meant they were unsuccessful.8

Other energy companies have also been targeted. In December 2015, a Ukrainian electricity distribution company’s control systems were breached in an attack subsequently attributed to Russia.9 The operator had to switch to manual mode, and approximately 225,000 customers lost power in what was the first publicly acknowledged cyber incident to result in power outages.10

In March 2018, the US Government issued an alert that Russian Government actors were remotely targeting US Government energy, nuclear, water and other critical infrastructure sectors, carrying out reconnaissance as a potential precursor to targeted attacks.11 Interestingly, it appeared to be a multi-stage campaign in which the attackers first targeted small commercial facilities’ networks and then used those systems as a bridge to move into the networks of larger, more critical organisations— an example of exploiting the type of supply-chain connectivity mentioned above.

So far, reported attacks have affected the availability of services, which can still have major impacts on society, but through good design, good fortune, or both, major direct physical impacts have been avoided. However, if the aim of an adversary is to cause significant physical damage and potentially loss of life, it is conceivable that they could compromise the integrity of the systems not only by sabotaging control systems but by modifying monitoring systems to override fail-safe mechanisms and alarms. Fortunately, we haven’t seen any such incidents to date, at least from publicly available information, but the Saudi petrochemical company attack showed this intent, making it a very real possibility that policymakers need to address.

Another class of threat is the potential use of unsecured OT systems as an entry point for penetration of a connected IT system that may otherwise be well protected. Examples of exploitation of unsecured consumer IoT devices have recently been seen; for example, the Mirai botnet ‘weaponised’ devices such as CCTV cameras with default credentials to launch a massive distributed denial-of-service attack.12

The current state of maturity: survey results

At a high level, there’s clear awareness of the threat from IT–OT convergence. The Kaspersky study mentioned above showed that 77% of companies ranked cybersecurity as a major priority, 66% saw targeted attacks as a major concern, and 77% believed that they were likely to be the target of an OT cybersecurity incident.13 Two-thirds saw the advent of the IIoT as bringing even more significant OT security risks.

In all discussions with Australian providers for this report, cyber risks were recognised from board level all the way down through the organisation. While only one organisation of the 12 interviewed had a clear directive on its OT risk appetite, most providers were cautious, stating that their OT risk tolerance was lower than for IT systems, and an assessment of benefits versus risks was made before interconnecting systems. OT cyber risk is reported at least quarterly to the board in two-thirds of the organisations, although it’s normally combined with IT risk rather than reported as a stand-alone item.

It was encouraging that in seven out of 12 cases there was at least one director at board level with some expertise in the area. Over 80% of respondents said they had participated at least occasionally in the sharing of lessons learned and best practice for both IT and OT security across their sector, which perhaps reflects the active engagement of the TISN and other organisations.

However, many organisations clearly felt there was scope to do better. Half said there was room for improvement in their understanding of the degree of convergence in their systems and in ensuring that they had a comprehensive view of the risks and vulnerabilities. Less than half were able to confirm that vulnerability testing of their OT systems was carried out at least annually. Although 11 out of 12 had an approved incident response plan that had been tested within the past 12 months, in a third of cases the OT security incident response plan was considered to be the same as the IT security incident response plan. The different approaches for isolating and recovering from OT attacks, and the focus on availability in OT, mean that recycling the IT response plan for this sort of incident is unlikely to be effective. This probably explains why two-thirds of organisations felt they were only partially prepared or underprepared to respond to a real incident.

An approach for managing the risks—and some of the challenges in doing so

Research for this report suggests several approaches to improve security as a result of IT–OT convergence.

Setting expectations

Effective security starts with leadership. Boards need to provide strong awareness and sponsorship, setting and communicating their risk appetite in a way that drives their approach to IT–OT convergence. Given the lack of board members with specific expertise, the key will be to encourage and enable boards to be more inquisitive—creating a culture in which they can ask questions and explore issues in an open and transparent manner. This shift in board understanding and engagement is what has occurred in recent years with ‘traditional’ cybersecurity.

Critical infrastructure providers have to deal with conflicting pressures, such as maintaining service quality, reducing costs, regulating prices and more. It’s important that government recognises the threats and mandates that providers face to ensure the security of their systems. For government organisations, the recent NSW cyber strategy is a good example that sets a clear mandate for all government agencies to ensure that there are ‘no gaps in cyber security’ related to physical systems.14

A different approach may be needed for commercial providers—not all of them recognise the commercial risk of a security incident and act accordingly, and hence some compulsion and enforcement are probably required. For regulated industries, licence conditions are often used to place clear obligations on providers, although as this is typically done at the state or local level there may be variability across the nation. The telecommunications sector security reform regulations place more specific obligations on telecommunications providers, such as reporting planned changes and potential direction powers; the operation and applicability of this framework should be reviewed to see whether a modified approach would be appropriate for other sectors.

Of course, just mandating or setting a vision is not sufficient; action is needed to see it realised. The right tools need to be made available to enable providers to embed a culture of security throughout the organisation, and the right governance to ensure that this is happening.

Risk identification and management

No single control will eliminate the risk of a cyberattack; hence, given the potentially catastrophic impacts if an incident occurs, providers need to be very clear about their risk appetite as they potentially converge IT and OT. They must build a clear understanding of the various systems—physical systems, networks, software, computers and other devices—and their interdependencies and connectivity. This should allow analysis of potential threat vectors and allow a risk register to be developed and maintained.

Idaho National Lab has proposed a step-by-step approach for mission-critical systems, called ‘consequence-driven, cyber-informed engineering’, to identify the functions whose failure could have catastrophic consequences.15 It proposes that for the ‘crown jewels’ the approach should be to minimise any internet connectivity, and put in analogue monitoring and fail-safes to protect against the risk of failure or sabotage of digital systems. This has already been implemented as a year-long pilot at Florida Power & Light, one of the largest electric utilities in the US. The case for such an approach might not be proven in all cases, but discussion using this sort of framework may help to drive a better definition of risk appetite.

Where the decision is made to converge systems, a ‘defence-in-depth’ approach should be used to reduce the risks. This could include appropriate network segregation, physical security measures, gateways, system and device configurations, user access controls and so on. These need to be backed up by regular monitoring of systems and networks to identify anomalous patterns of behaviour and to investigate them in real time. The costs of defence in depth will clearly need to be factored into decision-making about the efficiency and benefits of specific IT–OT convergence plans.

Given the differences between IT and OT security, the right tools need to be chosen: an IT firewall might not protect an OT network from malicious traffic, and a standard IT security monitoring solution might not detect OT attacks, as the characteristics of hostile activity will be different. Critical infrastructure providers have commented on the lack of mature commercially available solutions to assist with this, although other industry experts consulted suggested the problem may in some areas be overlapping, competing solutions along with unrealistic marketing claims. An appropriate framework would help to assess these claims and identify any gaps in the market where government intervention may be appropriate, whether this is investment to help accelerate development or certifications for products to help buyers assess their efficacy for solving their problems.

Standards and guidance

Standards are always an emotive subject, especially when it comes to security. The right standards can work well in setting a baseline, provided they’re implemented as part of an overall strategy and not as a blind tick-the-box exercise. However, inappropriate standards will at best give a misleading picture and at worst may drive insecure behaviours.

The limited survey conducted for this report asked about some common standards and found that, while the information security standard ISO27001 and the risk management standard ISO31000 were used by 58% and 33% of respondents, respectively, the business continuity standard ISO22301 and the US Department of Energy’s Cybersecurity Capability Maturity Model (ES-C2M2) cyber maturity framework hardly seem to be used at all. However, over 80% were either actively using or considering other OT-specific security standards.

While the research for this report was underway, the Australian Energy Market Operator published the inaugural report into the cyber maturity of energy operators. This was based on self-assessments against a framework developed specifically for this purpose but drawing on a number of international standards as well as Australian Signals Directorate guidance and Australian legislation. The companies voluntarily completed 67 self-assessments, the details of which have not been released, but the conclusion of the report was that the responses ‘identified opportunities to improve cyber security maturity across the sector’.16

Standards should be reviewed on a sector-by-sector basis—for example, using a guiding council of experts in a given sector—in order to identify which standards should be recommended as suitable for organisations to adopt and regularly audit against. 

Education

The general shortage of cybersecurity skills in the workforce has been well documented and discussed,17 but a recurring theme from interviews for this report was an even more acute challenge involving the availability of suitably skilled OT security professionals.

Education will be the key to addressing this gap. This should start with broad user education, as part of building the right culture across an organisation, supplemented by the right policies and processes. This can help avoid some of the most common weaknesses. For example, it’s thought that some of the attacks described above were facilitated by a well-meaning employee inserting an unknown USB stick into a computer to check who it belonged to, and a study by Honeywell18 found that 44% of USB devices present at surveyed industrial facilities had a security issue. Common resources should be created for use in general user education and executive awareness.

The Academic Centres of Cyber Security Excellence program19 should include specific provision for OT security courses to be created, either as stand-alone courses or as part of broader curriculums.

Courses should be available both for those entering the workforce and as ongoing education and professional development for those in the industry. Formal education can be supplemented by other approaches, such as a program of secondments between IT and OT security teams. In any case, while an OT security team needs to be specialised and focused on this area, it will need to work closely with IT security professionals to share expertise and also to identify and stop threats that cross the domains.

Sharing threat information

In cybersecurity, we’re stronger together, and OT security is no exception. Given the relative lack of maturity and the potential risks, it’s vital that there are effective mechanisms for sharing threat information and lessons learned. There seems to be a divide in the availability of sector-specific OT threat intelligence—two-thirds of organisations surveyed for this report received it regularly, but one-third said they received it rarely or not at all. The sharing of OT security information seems to be noticeably less common than for IT security; the reasons cited included resources, contact details and security clearances being focused on IT security.

Several organisations within government can help with building cross-sector threat intelligence information and disseminating it, including the TISN, the Australian Cyber Security Centre and the Business and Government Liaison Unit in the Australian Security Intelligence Organisation. However, there need to be clear leadership and ownership to make this happen, not just by top-down information flow from government but by facilitating sharing between peers in each sector.

This should also be accessible to a broad range of geographically dispersed stakeholders—tier 1 major companies can attend summits in Canberra, but local councils running transport or water companies won’t have the resources for extensive travel. It’s possible that the Critical Infrastructure Centre’s TISN could take on this leadership role, but it would require a significant boost in resources and a change in its operating model to be able to do so.

Incident response readiness

Organisations need to ensure that they have clear response and recovery plans for attacks. The plans need to go beyond theoretical documents that are dusted off and read only when something goes wrong. As noted, there’s room for improvement in testing incident response plans, but organisations need to go one step further with active war-gaming exercises that bring together boards, executives and business continuity teams to work through scenarios, and technical red-team testing that simulates the potential activity of an attacker to test detection and response capabilities.

The Australian Cyber Security Centre runs a national program for the owners and operators of Australia’s critical infrastructure that uses exercises and other readiness activities that target strategic decision-making, operational and technical capabilities, strategic engagement and communications. Additional resources could be provided to ensure that this is extended to cover OT security incident scenarios and is accessible across the spectrum of critical infrastructure providers.

Conclusions and recommendations

Given the potential impact to society and our national security from the accelerating convergence of IT and OT systems, it’s important that this issue is prioritised and managed effectively. Research for this report has shown a general lack of focus, mature understanding and effective solutions. Some of the measures outlined above are already being implemented, but may still need accelerating or boosting, and some are more critical than others. The top three recommendations are as follows:

  1. Boards of critical infrastructure providers need to explicitly set their OT cyber risk tolerance and monitor their organisation’s performance against it. This requires a combination of regulatory mandate and enforcement (building on existing regulatory models, learning from the experience in implementing the telecommunications sector security regulations, and enabling boards to manage risk); for example, through recommended standards and approaches tailored to each sector. Considering ‘worst-case’ outcomes may lead to a list of critical assets that by default should not be connected to external systems unless there are a compelling benefit and robust measures to manage the security risks arising from the connection. The Critical Infrastructure Centre would appear to be best placed to coordinate and drive this across Australia to ensure a common best-practice approach.
  2. Better education and information are needed at all levels to improve the understanding and management of risks, from both a business and a technical point of view. Key areas for action are:
  • General awareness and training. Specialised skills will be in short supply, but boards can be enabled to be curious to ask the right questions to understand and measure the risks and build the right culture, and all users should be educated in threat awareness and basic ‘hygiene’ to remove some of the easy targets for attackers.
  • Specialist courses. The creation and delivery of specific OT security courses should be included in plans for university, TAFE and other institutional programs. 
  • Better threat information sharing. Clarity should be provided on the current range of government agencies that can help with threat intelligence sharing, providing clear leadership and ownership of this responsibility for the critical infrastructure sector.
  • Technical information sharing. There appears to be a perception that there’s a lack of appropriate commercial solutions for protecting OT systems, but globally the market can appear crowded. The maturity of commercial solutions specifically to address OT security requirements should be reviewed. This information could be shared with providers and also used to identify whether there’s a gap that may merit government investment to help accelerate the development of the capabilities needed.

The Australian Cyber Security Centre could lead this activity, aligned with its existing programs of work.

  1. Resources need to be prioritised to ensure that the appropriate organisations are able to implement all of the required actions at the required pace. The longer that action is delayed, the more of a head start malicious actors will have, the more convergence will have taken place without security being at the core, and the greater will be the threat.

Address by author Rajiv Shah at launch event.


Acknowledgements

The author would like to thank Aakriti Bachhawat for her assistance in running the survey, and all those who took the time to respond. Thanks also to those respondents and other government and industry experts who made themselves available for discussions that provided valuable input to this paper.

What is ASPI?

The Australian Strategic Policy Institute was formed in 2001 as an independent, non‑partisan think tank. Its core aim is to provide the Australian Government with fresh ideas on Australia’s defence, security and strategic policy choices. ASPI is responsible for informing the public on a range of strategic issues, generating new thinking for government and harnessing strategic thinking internationally.

ASPI International Cyber Policy Centre

The ASPI International Cyber Policy Centre’s mission is to shape debate, policy and understanding on cyber issues, informed by original research and close consultation with government, business and civil society. It seeks to improve debate, policy and understanding on cyber issues by:

  1. conducting applied, original empirical research
  2. linking government, business and civil society
  3. leading debates and influencing policy in Australia and the Asia–Pacific.

The work of ICPC would be impossible without the financial support of our partners and sponsors across government, industry and civil society. This research was made possible thanks to the generous support of Thales.

Important disclaimer

This publication is designed to provide accurate and authoritative information in relation to the subject matter covered. It is provided with the understanding that the publisher is not engaged in rendering any form of professional or other advice or services. No person should rely on the contents of this publication without first obtaining advice from a qualified professional.

© The Australian Strategic Policy Institute Limited 2019

This publication is subject to copyright. Except as permitted under the Copyright Act 1968, no part of it may in any form or by any means (electronic, mechanical, microcopying, photocopying, recording or otherwise) be reproduced, stored in a retrieval system or transmitted without prior written permission. Enquiries should be addressed to the publishers. Notwithstanding the above, educational institutions (including schools, independent colleges, universities and TAFEs) are granted permission to make copies of copyrighted works strictly for educational purposes without explicit permission from ASPI and free of charge.

  1. Gartner, Inc., ‘Operational technology (OT)’, IT glossary, no date, online. ↩︎
  2. Australian Government, Critical Infrastructure Resilience Strategy, 2010, online. ↩︎
  3. Wolfgang Schwab, Mathieu Poujal, The state of industrial cybersecurity 2018, CXP Group, June 2018, online. ↩︎
  4. Christy Petty, ‘When IT and operational technology converge’, Smarter with Gartner, 13 January 2017, online. ↩︎
  5. Gemalto, The state of IoT security, 2018, online. ↩︎
  6. Michael Crawford, ‘Utility attack led to security overhaul’, Computerworld Australia, 16 February 2006, online. ↩︎
  7. Jose Pagliery, ‘The inside story of the biggest hack in history’, CNN Money, 5 August 2015, online. ↩︎
  8. Nicole Perlroth, Clifford Krauss, ‘A cyberattack in Saudi Arabia had a deadly goal. Experts fear another try’, New York Times, 15 March 2018, online. ↩︎
  9. John Hultquist, ‘Threat research: Sandworm team and the Ukrainian power company attacks’, FireEye, 7 January 2016, online. ↩︎
  10. Electricity Information Sharing and Analysis Center, Analysis of the cyber attack on the Ukrainian power grid: defense use case, 18 March 2016, online. ↩︎
  11. US Department of Homeland Security, ‘Alert (TA18‑074A): Russian Government cyber activity targeting energy and other critical infrastructure sectors’, US Government, 16 March 2018, online. ↩︎
  12. Josh Fruhlinger, ‘The Mirai botnet explained: how teen scammers and CCTV cameras almost brought down the internet’, CSO, 9 March 2018, online. ↩︎
  13. Schwab & Poujal, The state of industrial cybersecurity 2018. ↩︎
  14. Digital NSW, NSW Government policy: cyber security policy, NSW Government, February 2019, online. ↩︎
  15. Office of Scientific and Technical Information, Consequence-driven cyber-informed engineering (CCE), US Department of Energy, 18 October 2018, online. ↩︎
  16. Australian Energy Market Operator, 2018 summary report into the cyber security preparedness of the national and WA wholesale electricity markets, December 2018, online. ↩︎
  17. AustCyber, Australia’s cyber security sector competitiveness plan, Australian Cyber Security Growth Network, 2018, online. ↩︎
  18. Honeywell, Honeywell industrial USB threat report: universal serial bus (USB) threat vector trends and implications for industrial operators, 2019, online. ↩︎
  19. Department of Education and Training, ACCSE program guidelines, Australian Government, 13 February 2017, online. ↩︎

Hacking democracies

Cataloguing cyber-enabled attacks on elections

Foreword

One of the great hopes for the internet was that it would herald a new era in the democratisation of information. To a large extent, it’s been successful. So successful, in fact, that global platforms, technology diffusion and mobility have brought some unintended consequences by enabling the rapid dissemination of disinformation and fake news.

We live in a time when trust in our democratic and other key institutions has declined, and this is compounded by new capabilities of adversaries seeking to interfere in our elections and to undermine people’s trust in those institutions.

In this policy brief, the writers explore areas where interference has been detected across the world and consider key learnings from those examples in order to develop policy responses for countering each type of interference.

Technology has the power to transform lives by reducing barriers to entry and creating greater equity so that all our citizens can participate in education and the economy. We want to live in a world where friction is removed and technology enhances our experience, where all citizens have access to the internet, and where we can vote electronically in elections. However, our interconnection needs to be safe and trusted, protecting and enhancing our democracies.

This brief starts an important national conversation, generating awareness of the approaches commonly taken by adversaries to spread disinformation, misinformation and fake news. It lays out a series of measures for managing risk, and serves as an educational resource for our citizens on what to keep an eye out for, and how to better distinguish reputable information from disinformation in real time.

Yohan Ramasundara
President, Australian Computer Society

What’s the problem?

Analysis of publicly known examples of cyber-enabled foreign interference in elections reveals key challenges. First, while perceptions of interference are widespread, the actors are few—Russia and China—and the effort is highly targeted. Russia is targeting the US and Europe (with a few forays into South America), while China targets its region (having, for the moment, reached as far as Australia).

Second, the methods used can be hard to pick up and democracies seem poorly equipped to detect intrusions, being traditionally focused on external intelligence collection. Adversaries are able to enter public debates, infiltrate legitimate activist networks and even enter the mainstream media as trusted commentators. Significant activity may be being missed. Finally, while opinion polling shows concerning levels of dissatisfaction with democracy and weakening trust in public institutions, it’s very difficult to assess the impact of election interference on those phenomena. It’s likely to have some impact but be outweighed by larger societal factors.

What’s the solution?

First, the response from democracies should be calibrated to the likely risk and adversary. The US and European states are clear targets of Russia; Indo-Pacific nations are targets of the Chinese Communist Party (CCP).

Second, more effort is needed to detect foreign interference, including offline and non-state efforts. Because democracies have a natural aversion to government surveillance, a better answer than simply stepped-up government monitoring may be supporting non-profit, non-government initiatives and independent media.

Third, effort is needed to develop better ways to measure the impact of foreign interference to allow for a more informed decision on resourcing efforts to counter it. Notwithstanding the lack of current empirical data on impact, opinion polling points to a perception that foreign interference will occur and, in places such as the US, a view by many that the 2016 presidential election was swayed by it (a credible view, given the narrowness of the outcome). Research is needed to measure the effectiveness of different education and awareness efforts to address these concerns.

Fourth, public funding may be needed to better secure political parties and politicians from cyber intrusions. Finally, democracies need to impose costs on the two primary state actors: they should consider joint or regional action to make future or continued interference sufficiently costly to those states that they will no longer pursue it. Legislation may also be needed to make it more difficult for foreign adversaries to operate (being mindful of the differing objectives of the two main actors); this may be a second best for countries that find it too difficult to call out adversaries.

Introduction

In 2016, Russia comprehensively and innovatively interfered in the US presidential election, offering a template for how democracies around the world could be manipulated.1 Since then there have been 194 national-level elections in 124 countries and an additional 31 referendums.2 This report seeks to catalogue examples of foreign interference in those polls and group them into three ‘buckets’:

  • interference targeting voting infrastructure and voter turnout
  • interference in the information environment (to make the scope manageable, we have focused on interference surrounding elections, but it’s apparent that such efforts continue outside election periods as part of longer term efforts to manipulate societies)
  • longer term efforts to erode public trust in governments, political leadership and public institutions.

This research focused on cyber-enabled interference (including, for example, information operations that harness social media and breaches of email and data storage systems), but excluded offline methods (for example, the financing of political parties and the suborning of prominent individuals). 

The yardstick for counting an activity as interference was that proposed by former Prime Minister Malcolm Turnbull, who put it this way when introducing counter-foreign-interference laws in Australia in 2017: ‘we will not tolerate foreign influence activities that are in any way covert, coercive or corrupt.

That’s the line that separates legitimate influence from unacceptable interference.’3 A major issue has become the public perception that results may have been swayed, with consequences for the direction of these states’ policies and actions, together with a loss of public trust in democratic institutions and processes.

Multi-country Pew Research Center polling shows that there’s an increasing expectation among global publics that elections will suffer interference: majorities (including 65% of Australians) in 23 of 26 countries surveyed in 2018 said it was very or somewhat likely that a cyberattack would result in their elections being tampered with.4

In some cases, such as the 2016 US presidential election, polling shows that a large proportion of people (39% of US adults) feel that Russian meddling swung the election,5 which is probably the most valuable outcome Russia could have hoped for, given that it’s seeking to undermine confidence in US global leadership and the US public’s faith in the nation’s democratic process.6

Since that election, reports of foreign interference in democratic elections have continued to surface. This suggests a belief among adversary states that interference is serving their interests and that the costs of action are not sufficiently high to deter this behaviour.

Of course, foreign governments interfering in elections is nothing new.7 While the objectives might be similar to those of Cold War style efforts, the means are different. Today, a state such a Russia is able to reach more than a hundred million Americans through a single platform such as Facebook without sending a single operative into US territory.8 Or, as nearly happened in Ukraine, the official election results can be remotely altered to show a candidate who received just 1% of the vote as winning.9

And, significantly, a little effort goes a long way: in 2016, Russian operatives were able to organise two opposing groups to engage in a protest in front of the Islamic Da’wah Centre of Houston for ‘the bargain price of $200’.10 Having a big impact is now much easier, cheaper and less risky. For democratic governments, responding can be extremely difficult. The methods used by adversaries typically exploit treasured democratic principles such as free speech, trust and openness. Detection can be hard both because the methods are difficult to identify and because democracies avoid surveillance of their own domestic populations and debates (outside niche areas such as traditional criminal and terrorist activity). Typically, the bulk of intelligence resources is directed towards external collection, and domestic populations are rightly wary of increased government monitoring.

Democratic governments themselves can be obstacles: if the winning party believes it benefited from the foreign interference or would be delegitimised by admitting its scale, it can even mean the newly elected government will play down or ignore the interference. Tensions in the US in the wake of Russian interference in the 2016 election point to the potential for these sorts of issues to arise.11

Measuring levels of interference and adversary’s objectives is another challenge. Given the difficulty of detection and the variance in methods employed, it’s hard to compare relative levels of interference across elections. Objectives are also not always straightforward. Most efforts to interfere in elections are not about directly altering the vote count. Instead, many appear aimed at disrupting societies or undermining trust in important institutions. There also appear to be different overarching aims depending on the adversary involved.

Project overview and methodology

This research was generously supported by the Australian Computer Society and stemmed from a series of engagements with policymakers on countering election interference. Desk research and interviews focused on developing a database of cyber-enabled foreign interference in democratic elections. It was informed by a full-day workshop in London involving several electoral commissioner equivalents from around the world as well as the President of the Australian Computer Society. A key focus of the workshop was the development of a framework for mapping election interference with a view to improving the policy response.

The start date for the research was the 2016 US presidential election and the end date was April 2019. During that period, this research identified 194 national-level elections in 124 countries and an additional 31 referendums.

Using Freedom House’s Freedom in the world report,12 of the 124 states that have held national elections since November 2016, 53 are considered ‘free’, 45 ‘partly free’ and 26 ‘not free’. Given the focus of this report on democracies, we limited the research scope to the 97 countries that held elections and that were deemed free or partly free.

As noted above, examples of foreign interference were grouped into three buckets. This built off and expands on a framework in the International Cyber Policy Centre’s Securing democracy in the Digital Age report.13

Categorising incidents was an inexact science. Often there was a lack of publicly available information about the case (many media reports described ‘hacks’ without elaborating), or it might easily straddle more than one category. Consider the intrusion into Australia’s parliament and three political parties reported by Prime Minister Scott Morrison on 18 February 2019,14 suspected to have been carried out by Chinese state-sponsored actors. The intent behind this incident is still unclear.

Was it solely espionage or an act of foreign interference?15 The sophisticated state actor has not seemed to use any material obtained to interfere in the current election. That may be because of the discovery of the intrusions, or because the information obtained is being used for a different purpose (as suggested by ASPI’s Michael Shoebridge16). For the purposes of this report, it was classified as ‘long-term erosion of public trust’, given that the public reporting highlighted inadequate security
among core Australian institutions.

This report captures examples of interference that were executed (for example, Russian online disinformation campaigns that ran on social media during the 2016 US presidential election) and those that were discovered but not executed (such as Russians’ accessing of US voter rolls during that election without manipulating or using them).
 

Findings

Of the 97 national elections in free or partly free countries reviewed for this report during the period from 8 November 2016 to 30 April 2019, a fifth (20 countries) showed clear examples of foreign interference, and several countries had multiple examples (see the appendix to this report).17 It’s worth noting that confidence in attributions to foreign actors varied widely. In ideal circumstances, a government source made the attribution, but often the attribution was more informal. Our intention was not to provide an exhaustive list of every alleged case of foreign interference but instead to capture the spread of states experiencing the phenomenon and illustrative examples of different methods. Details on all examples identified through this research are set out in the appendix.

Country analysis

Of the 97 elections and 31 referendums reviewed, foreign interference was identified in 20 countries: Australia, Brazil, Colombia, the Czech Republic, Finland, France, Germany, Indonesia, Israel, Italy, Malta, Montenegro, the Netherlands, North Macedonia, Norway, Singapore, Spain, Taiwan, Ukraine and the US.

Of those 20 states, 14 were deemed ‘free’ and 6 ‘partly free’. Just over half (12 of 20) of the states were in Europe, which is unsurprising given Russia’s leading role in this area (Table 1).

Table 1: Regional spread (alleged actor)

Table 1 shows the strong geographical link between the target and actor. With the exception of one anomalous case involving the UK (which was alleged to have supported a Yes campaign in a Montenegrin referendum), Russia was the only state interfering in European elections. Similarly, in the Indo-Pacific, China was the only actor (except for Indonesia, where Russia was also involved). Iran’s interference in Israel has a clear connection to its adversarial relationship. In the Americas, there’s more diversity among the actors, but Russia remains the dominant player.

China’s versus Russia’s motivations

Russia’s and China’s interference reflect different national approaches. For Russia, a key objective is to erode public trust in democracies and to undermine the idea that democracy is a superior system.18 This might be driven by President Putin’s personal drive to make the West ‘pay’ for its destruction of the Soviet bloc and by the desire to mount a case inside Russia that democracies are flawed and therefore not a model that Russians should aspire to. As a consequence, Russian interference is inherently destructive to democratic systems, even at the same time as Moscow may seek to promote a party or a candidate thought to be more sympathetic to its interests.19

Chinese interference seems more strategically focused on ensuring that its interests are promoted across all party lines. Unlike the Russian stance, one party’s interests don’t appear to be favoured at the expense of others (with the exception, perhaps, of Taiwan20). Instead, all consequential parties are in its crosshairs with a view to making them more sensitive to core CCP interests. China also seems to pursue a broader front of influencing activities (many of which aren’t captured by this report’s focus on cyber-enabled methods), which can include financial donations,21 aligning the policy interests and public comments of party figures to CCP political goals and suborning prominent individuals to advocate for Beijing’s interests. China doesn’t seem to be as openly intent on doing damage to the credibility of foreign political systems so much as aligning those systems to its strategic objectives.22

Methods

A review of the dataset reveals considerable repetition in methods. There are multiple examples of social media platforms being exploited to reach target populations, often used in concert with state-sponsored media outlets. There is, however, considerable variation in the way social media are exploited. This ranges from organising rallies and amplifying the voices of favoured groups to suppressing voter turnout and exacerbating existing divisions.23 There are also several examples of system breaches, again to pursue different ends, including stealing and leaking emails and accessing voter rolls.

Given the lack of detail in many media reports on foreign interference, it’s difficult to provide a list of the most common methods. Frequency of use also does not translate into impact. For example, the breach of one person’s email account (such as the account of Hillary Clinton’s campaign chair, John Podesta) can have much greater impact than any single social media post or perhaps all of them.

Types of interference

This section examines our three defined buckets of interference.

Targeting of voting infrastructure and voter turnout

Direct tampering with election results is perhaps the most affronting form of foreign interference because it most directly overturns the will of the people. 

Ukraine has long been one of the main targets of Russian election interference efforts and has also suffered the most egregious effort to alter the technical results of an election. As Mark Clayton reported back in 2014 (a date outside the scope of the mapping period covered by this report):

Only 40 minutes before election results were to go live on television at 8 p.m., Sunday, May 25, a team of government cyber experts removed a ‘virus’ covertly installed on Central Election Commission computers, Ukrainian security officials said later.

If it had not been discovered and removed, the malicious software would have portrayed ultra-nationalist Right Sector party leader Dmytro Yarosh as the winner with 37 percent of the vote (instead of the 1 percent he actually received) and Petro Poroshenko (the actually [sic] winner with a majority of the vote) with just 29 percent, Ukraine officials told reporters the next morning.24

There are multiple means by which adversary states could interfere with the technical results of elections. Various methods could be used to prevent citizens from being able to vote (for example, by rendering electronic voting booths unusable or corrupting the voter roll so eligible voters are removed and turned away from voting booths25) or reducing the turnout of certain voter groups with known dominant voting behaviours (for example, via online campaigns that encourage a boycott26 or targeted misinformation that has the effect of deterring certain voter groups27).

The result itself could be altered via various means. Electronic voting booths could be maliciously programmed to record a vote for Candidate A as a vote for Candidate B instead, the transmission of votes tallied at individual voting booths could be intercepted and altered, affecting the final tally, votes in the central tally room or system could be altered remotely or, as was attempted in Ukraine, the release of the vote outcome could be tampered with (a tactic unlikely to go unnoticed, but likely to cast doubt among some about the integrity of the poll and of the national electoral system).

Research for this report identified six countries that had experienced interference targeted at voting infrastructure and voter turnout: Colombia, Finland, Indonesia, North Macedonia, Ukraine and the US (Table 2).

Table 2: Targeting of voting infrastructure and voter turnout

Examples included the targeting of voter registration rolls in Colombia,28 Indonesia29 and 21 US states,30 a denial of service (DoS) attack on a Finnish web service used to publish vote tallies,31 a distributed denial of service (DDoS) attack on Ukraine’s Central Election Commission,32 and the use of social media to suppress voter turnout in North Macedonia33 and in the US.34 In the US, an Oxford University report noted that Russian operatives tried to suppress the vote of African-Americans by pushing the narrative that ‘the best way to advance the cause of the African American community was to boycott the election and focus on other issues instead’.35 While it’s difficult to determine the effect of the disinformation campaign by Russia’s Internet Research Agency, the Pew Research Centre reported that the voter turnout of African-Americans fell in 2016 (see appendix, page 19).36

The attackers identified in public reports (sometimes speculatively) were Russia (in one instance, combined with Venezuela) and China. Russia was by far the dominant actor. 

Interference in the information environment around elections

It’s difficult to detect foreign interference during elections with high confidence in a timely manner.

Consider this example from Bret Schafer, which fooled multiple media outlets: Have you met Luisa Haynes? She was a prolific force in the #BlackLivesMatter community on Twitter. In just over a year, she amassed more than 50,000 followers; and her outspoken, viral takes on everything from Beyoncé to police brutality earned her hundreds of thousands of retweets and media coverage in more than two dozen prominent news outlets.

She was, on the surface, a symbol of a new generation of Black activists: young, female, and digitally savvy—except—she was fake.37

At the International Cyber Policy Centre, journalists periodically approach us about websites and social media accounts they suspect are run by foreign agents or trolls. Mostly, investigations lead to dead ends, or to apparently real people who are hard to definitively classify as foreign trolls rather than colourful citizens.

Now that the traditional media have lost their old gatekeeper role and control over the information environment, it’s far easier for foreign adversaries to inject themselves into national debates and much harder to trust what you’re reading and seeing. When Australians were asked in 2018 ‘Do you feel like the news you read or watch gives you balanced and neutral information?’, 54% said ‘never’ or ‘rarely’. There were similar results in democracies around the world38 (in historical terms, in the US the proportion of people reporting ‘a great deal’ and ‘quite a lot’ of confidence in newspapers has dropped from a high of 39% in 1990 to 23% in 201839).

While avenues for altering the technical results of elections are limited, opportunities to manipulate the information environment are limited only by creativity. Methods might include amplifying a party’s existing narrative using social media accounts that have assiduously built up followers over lengthy periods,40 or creating and spreading disinformation to undermine a candidate (for example, the state-owned Russian news agency Sputnik calling French presidential candidate Emmanuel Macron an agent of ‘the big American banking system’).41 It might involve infiltrating genuine activist groups and attempting to increase polarisation,42 or it could involve the creation of fake personas who provide inflammatory commentary on divisive issues, as with Luisa Haynes. Often such campaigns seek to prey on and exacerbate existing social cleavages with a view to exploiting them to manipulate the information environment in the desired direction.

While the impact of this manipulation isn’t as direct as interfering with key election infrastructure, its ease and cheapness, combined with the difficulty of timely detection, make it a preferred method. Foreign interference in the information environment was identified in 10 states: France, Israel, Italy, Malta, the Netherlands, North Macedonia, Spain, Taiwan, Ukraine and the US (Table 3).

Table 3: Interference in the information environment

Examples included information disruption campaigns targeting French presidential candidate Emmanuel Macron (such as the theft and release of 21,000 emails just before the final vote in the election—a technique likely to be of enduring utility for adversaries)43 and the spreading of disinformation by Russian media outlets Russia Today (RT) and Sputnik in Catalonia44 and Italy with headlines like ‘Migrant chaos, the beginning of a social war’45 or claiming in the Macedonian referendum that, depending on who won, Google would remove Macedonian from its list of recognised languages.46 Chinese-backed disinformation campaigns targeting Taiwan were reported as using zombie accounts and China’s so-called ‘50 Cent Army’ of online trolls and commentators to amplify the dissemination of disinformation.47 In Ukraine, Russia sought to buy or rent Ukrainian Facebook accounts to disseminate disinformation.48 There was also an unusual case of the UK’s Foreign and Commonwealth Office being accused of funding British PR agency Stratagem International to help the Macedonian Government with its ‘Yes’ campaign on the changing of the country’s name, thereby opening up the opportunity for Macedonia to join the EU and NATO.49

Research identified four alleged actors: Russia (the most dominant by far), China, Iran and the UK.

Long-term erosion of public trust in public institutions

Perhaps the most pernicious aspect of foreign interference is the longer term corrosion of public trust in the institutions that underpin democracy.

For example, the Center for Strategic and International Studies’ Defending Democratic Institutions Project has looked at Russian efforts to weaken trust in the rule of law as administered by the justice systems in both the US and Europe.50 In Australia, China is alleged to have attacked the Australian Parliament in 2011 and 2019, as well as three political parties in 2019.51 And in several countries attacks on electoral commissions responsible for impartially conducting elections have been reported.52

If foreign adversaries can destroy trust in these pillar institutions and related organs of democracy, democracy quickly unwinds.

Making this phenomenon even harder to confront, it’s often not immediately clear whether a campaign is being run by a nation-state or by conspiracy-oriented individuals. During the Brexit vote in the UK, what appeared to be a conspiracy theory (that had first surfaced during the 2014 Scottish referendum) spread online, urging voters to use pens, not pencils, to complete their ballot papers.53

The not-so-subtle inference was that government officials were rubbing out ballots completed in pencil and changing people’s votes (figures 1 and 2).

Figure 1: ‘I voted in pencil’

Source: Professor Brian Cox, Twitter, 23 June 2016.

Figure 2: ‘Use pens plea’

Source: BBC News, 22 June 2016.

It’s difficult to know how damaging these sorts of campaigns are for public trust in critical democratic institutions or whether they’re state-backed. What’s apparent is that polling has picked up distrust in key electoral institutions. The Australian voter experience report revealed that just 42% of Australians have a great deal of confidence in the Australian Electoral Commission’s ability to conduct an election, while a further 43% have ‘some’ confidence.54 In the UK, just 21% reported that they were ‘very confident’ and 48% said they were ‘fairly confident’ that the 2015 election was well run.55 While electoral commissions are generally off voters’ radars, trust in democracy collapses if people lose trust in those organisations’ ability to conduct elections impartially.

More significantly, there’s also been a dramatic drop in levels of satisfaction with democracy in Australia. Although once again it’s hard to track a causal relationship, it seems likely that democracies experiencing rising dissatisfaction with democracy would be more vulnerable to interference. The Australian voter experience report noted that just 55% of Australians “are satisfied with the way democracy works in their country nowadays. This places Australia on the lower end of established democracies, which typically have rates of satisfaction that exceed two-thirds. Historical data indicates that there’s been a dramatic fall in satisfaction. Data from the Australian Election Study in 2007 indicated that 86% reported being satisfied with democracy, falling to 72% in 2013”.56 Surveys such as the Lowy Institute Poll have tracked this dissatisfaction with democracy and speculated about its causes, but with no definitive answers.57

The Democracy Perceptions Index 2018 provides hints to the growing levels of public distrust in democracies around the world. It found that 64% of the public in ‘free’ countries (as defined by Freedom House) said their government ‘never’ or ‘rarely’ acts in their interest, compared to 41% in ‘not free’ countries. In Australia, a third of Australian adults say the government ‘mostly’, ‘often’ or ‘sometimes’ acts in their interest (67% say it does so ‘never’ or ‘rarely’).58 While this is a large proportion of the population, it hasn’t yet resulted in French-style yellow vest protestors.59

In Australia and elsewhere, it’s highly unlikely that this dissatisfaction is driven entirely by foreign interference. Anxiety about large economic and social changes brought about by globalisation and technological development could all be in play.60 Longitudinal Gallup surveys have also picked up a long downwards trend in average trust in public institutions (Figure 3).61

Figure 3: Americans’ average confidence in public institutions over time

Quantifying examples of the long-term erosion of public trust is perhaps the trickiest of tasks, as in many cases more immediate efforts to shape public opinion (such as spreading disinformation) also have the longer term impact of eroding public trust in the media and other institutions. Efforts to erode public trust also typically exploit existing societal cleavages,62 making detection difficult and any additional impact from interference on pre-existing divisions hard to measure. However, for the purposes of this research, 10 states were identified as having experienced efforts to create long-term erosion of public trust: Australia, Brazil, the Czech Republic, Germany, Montenegro, Norway, the Netherlands, Singapore, Ukraine and the US (Table 4).

Table 4: Long-term erosion of public trust

Examples have included the use of social media bots in Brazil to question the democratic model,63 amplification by Russia using Twitter bots of far-right Alternative für Deutschland’s warnings about election fraud,64 and systematic efforts by Russia to weaken ‘faith in the rule of law as administrated by the justice system’ in the US through the use of disinformation and the exploitation of ‘legitimate criticisms of the justice system’.65

The two identified actors in this category were Russia and China.

Limitations

There are several notable limitations to this research.

First, we focused on states and therefore missed private actors that are distorting democratic debates in similar ways. For example, there have been several cases of the commercialisation of Russian-like disinformation campaigns. Consider the group in the Balkans that built up popular Facebook pages with titles such as ‘Australians against Sharia’ and ‘Aussie infidels’ that targeted Australians to generate ad revenue.66 Future research could usefully explore the impact that these groups are having and how to counter them.

Second, our focus was on public cases, which perhaps tends to favour the identification of Russian efforts, given Moscow’s more overt and detectable methods and the media’s growing familiarity with its approach. Parallel research on CCP methods that the International Cyber Policy Centre is preparing suggests that Beijing often uses techniques that are harder to detect and longer term and so may be underreported. A broader methodology is probably needed to capture difficult-to-spot influence activities such as subverting policy positions and decision-making as well as long-term campaigns to cultivate supportive political figures and voices and silence, pressure or sideline critics.67

Third, the focus on foreign state actors has, of course, excluded domestic efforts to harness these same techniques, for example by political parties and local activists that may also be contributing to voter dissatisfaction with democracy and trust in institutions.

Fourth, there has been a tendency to favour English-language sources.

Finally, the increasing ability to micro-target voters and the difficulty of detecting many of the types of interference reported here mean that many examples could be being missed in the online information arena. Consider the case of a Russian-operated fake Black Lives Matter Facebook page that was only reported as suspicious because it used the phrase ‘Don’t shoot’—an expression that genuine activists had stopped using.68 The shift by major platforms such as Facebook to move from public broadcasting to private messaging will only accentuate this challenge.69

Findings and recommendations

The motivation behind this research is that, by better understanding the methods being used and the targets of high-activity adversary states, democracies will be able to better assess their existing response and mitigation capabilities and adjust as necessary.

We make the following recommendations.

1. Targets are limited: respond accordingly

Despite the enormous amount of media coverage that’s been devoted to state-backed election interference, the phenomenon isn’t universal. From public accounts, there are two primary actors and they focus judiciously on states that matter to them. Democracies should calibrate their policy responses to the likely risk, methods and adversary. The US and European states are clear targets of the Russian Government; Indo-Pacific nations are targets of the CCP.

2. Build up detection capabilities

More effort is needed to detect foreign interference, including offline and non-state efforts (such as by for-profit groups that misuse social media platforms to stir up hate). Because democracies have a natural aversion to government surveillance, a better answer than simply stepped-up government monitoring may be supporting non-profit, non-government initiatives and independent media. These groups can more credibly monitor for interference and more easily engage at the community level. In smaller states, where local media outlets are disappearing, government subsidies may be needed to ensure sufficient scrutiny of local and state political groups (which are often feeder groups for national politics).

3. Fund research to measure impact and measure the effectiveness of education campaigns to address public concerns

Governments should fund research to develop better ways to measure the impact of foreign interference to allow for a more informed decision on resourcing efforts to counter it. Notwithstanding the lack of current empirical data on impact, opinion polling points to a perception that foreign interference will occur, and in places such as the US to widely held views that elections have been swayed. Various efforts have been made to respond, including fact-checking services,70 opening up social media data streams to election-oriented academic research,71 and legislation to counter fake news.72 Research is needed to understand which efforts are most effective, after which those tougher measures should be twinned with public awareness campaigns to address these concerns.

4. Publicly fund the defence of political parties

Political parties and politicians are clear targets of foreign adversaries. With their shoestring budgets and the requirement to scale up dramatically during election campaigns, they’re no match for the resources of sophisticated state actors. Politicians are also vulnerable, including through the use of their personal devices. There’s a strong public interest in preventing foreign states from being able to exploit breaches of both parties and individual politicians to undermine domestic political processes. Democratic governments should consider public funding to better protect all major political parties and to step up cybersecurity support to politicians.

5. Impose costs 

Democracies need to look at better ways of imposing costs on adversaries. Because of spikes in interference activity around elections, they can be prone to being picked off or to discounting interference if the party that won benefited from it. Democracies should consider concerted joint global or regional action that looks beyond their own particular cases as well as more traditional approaches such as retaliatory sanctions. Legislation may also be needed to make it more difficult for foreign adversaries to operate (being mindful of the differing objectives of the two main actors)—this may be a second best for countries that find it too difficult to call out adversaries. 

6. Look beyond the digital

Russian interference is detectable, if not immediately, then often after the event. This has generated a natural focus on Moscow’s methods and activities. However, there are many more subtle ways to interfere in democracies. Research like this that focuses on digital attack mechanisms also misses more traditional and potentially more corrosive tactics, such as the provision of funding to political parties by foreign states and their proxies and the long-term cultivation of political influence by foreign state actors. Australia has recently passed legislation to counter more subtle forms of foreign interference73 that were starting to be detected.74 States, particularly those in the Indo-Pacific, should be attuned to these types of interference and make preparations to prevent, counter and expose them.

7. Look beyond states

Troubling public perceptions of democracy are unlikely to be explained by foreign interference alone. Foreign interference may, however, magnify or exploit underlying sources of tension and grievance in particular societies. A thorough response by government and civil society needs to consider a wider set of issues and threat actors, including trolls working for profit, and the health of the political and media environment (including by ensuring that local and regional media remain viable or are adequately funded).
 

Appendix

Examples of foreign interference (November 2016 to April 2019)

Sources for all examples can be found in Table 5 of the accompanying report.


ASPI International Cyber Policy Centre

The ASPI International Cyber Policy Centre’s mission is to shape debate, policy and understanding on cyber issues, informed by original research and close consultation with government, business and civil society.
It seeks to improve debate, policy and understanding on cyber issues by:

  1. conducting applied, original empirical research
  2. linking government, business and civil society
  3. leading debates and influencing policy in Australia and the Asia–Pacific.

The work of ICPC would be impossible without the financial support of our partners and sponsors across government, industry and civil society. This research was made possible thanks to the generous support of the Australian Computer Society (ACS).

Important disclaimer

This publication is designed to provide accurate and authoritative information in relation to the subject matter covered. It is provided with the understanding that the publisher is not engaged in rendering any form of professional or other advice or services. No person should rely on the contents of this publication without first obtaining advice from a qualified professional.

© The Australian Strategic Policy Institute Limited 2019

This publication is subject to copyright. Except as permitted under the Copyright Act 1968, no part of it may in any form or by any means (electronic, mechanical, microcopying, photocopying, recording or otherwise) be reproduced, stored in a retrieval system or transmitted without prior written permission. Enquiries should be addressed to the publishers. Notwithstanding the above, educational institutions (including schools, independent colleges, universities and TAFEs) are granted permission to make copies of copyrighted works strictly for educational purposes without explicit permission from ASPI and free of charge.

  1. This has been comprehensively documented; see, for example, Office of the Director of National Intelligence (ODNI), Background to ‘Assessing Russian activities and intentions in recent US elections’: the analytic process and cyber incident attribution, US Government, 6 January 2017, online; PN Howard, B Ganesh, D Liotsiou, J Kelly, The IRA, social media and political polarization in the United States, 2012–2018, Computational Propaganda Research Project, Oxford University, 2018, online. ↩︎
  2. ElectionGuide: democracy assistance and elections news, online. ↩︎
  3. Malcolm Turnbull, ‘Speech introducing the National Security Legislation Amendment (Espionage and Foreign Interference) Bill 2017’, 7 December 2017, online. ↩︎
  4. Jacob Poushter, Janell Fetterolf, International publics brace for cyberattacks on elections, infrastructure, national security, Pew Research Center, 9 January 2019, online. ↩︎
  5. ‘Americans’ views on Russia, the 2016 election, and US–Russian relations (trends)’, news release, Gallup, August 2018, online. ↩︎
  6. Matthew Cole, Richard Esposito, Sam Biddle, Ryan Grim, ‘Top-secret NSA report details Russian hacking effort days before 2016 election’, The Intercept, 6 June 2017, online; Zeynep Tufekci, ‘The election has already been hacked’, New York Times, 3 November 2018, online. ↩︎
  7. Ishaan Tharoor, ‘The long history of the US interfering with elections elsewhere’, Washington Post, 13 October 2016, online. ↩︎
  8. ‘As many as 146 million people on Facebook may have received information from Russian agency, Zuckerberg says’, PBS News Hour, 9 April 2018, online. ↩︎
  9. Mark Clayton, ‘Ukraine election narrowly avoided “wanton destruction” from hackers’, Christian Science Monitor, 17 June 2014, online. ↩︎
  10. Claire Allbright, ‘A Russian Facebook page organized a protest in Texas. A different Russian page launched the counterprotest’, Texas Tribune, 1 November 2017, online. ↩︎
  11. Karen Yourish, Troy Griggs, ‘8 US intelligence groups blame Russia for meddling, but Trump keeps clouding the picture’, New York Times, 2 August 2018, online. ↩︎

Mapping China’s Tech Giants

This report accompanies the Mapping China’s Tech Giants website.

This is our first report on the topic – updated reports are also available; 

Executive summary

Chinese technology companies are becoming increasingly important and dynamic actors on the world stage. They’re making important contributions in a range of areas, from cutting-edge research to connectivity for developing countries, but their growing influence also brings a range of strategic considerations. The close relationship between these companies and the Chinese Communist Party (CCP) raises concerns about whether they may be being used to further the CCP’s strategic and geopolitical interests.

The CCP has made no secret about its intentions to export its vision for the global internet. Officials from the Cyber Administration of China have written about the need to develop controls so that ‘the party’s ideas always become the strongest voice in cyberspace.’1 This includes enhancing the ‘global influence of internet companies like Alibaba, Tencent, Baidu [and] Huawei’ and striving ‘to push China’s proposition of internet governance toward becoming an international consensus’.

Given the explicitly stated goals of the CCP, and given that China’s internet and technology companies have been reported to have the highest proportion of internal CCP party committees within the business sector,2 it’s clear these companies are not purely commercial actors.

ASPI’s International Cyber Policy Centre has created a public database to map the global expansion of 12 key Chinese technology companies. The aim is to promote a more informed debate about the growth of China’s tech giants and to highlight areas where this expansion is leading to political and geostrategic dilemmas. It’s a tool for journalists, researchers, policymakers and others to use to understand the enormous scale and complexity of China’s tech companies’ global reach.

The dataset is inevitably incomplete, and we invite interested users to help make it more comprehensive by submitting new data through the online platform.

Our research maps and tracks:

  • 17,000+ data points that have helped to geo-locate 1700+ points of overseas presence for these 12 companies;
  • 404 University and research partnerships including 195+ Huawei Seeds for the Future university partnerships;
  • 75 ‘Smart City’ or ‘Public Security Solution’ projects, most of which are in Europe, South America and Africa;
  • 52 5G initiatives, across 34 countries;
  • 119 R&D labs, the greatest concentration of which are in Europe;
  • 56 undersea cables, 31 leased cable and 17 terrestrial cables;
  • 202 data centres and 305 telecommunications & ICT projects spread across the world.

Introduction

China’s technology, internet and telecommunications companies are among the world’s largest and most innovative. They’re highly competitive, and many are leaders in research and development.

They’ve played a central role in bringing the benefits of modern technology to hundreds of millions of people, particularly in the developing world.

As a function of their increasingly global scale and scope, China’s tech giants can exert increasing levels of influence over industries and governments around the world. The close relationship between Chinese companies and the Chinese Communist Party (CCP) means that the expansion of China’s tech giants is about more than commerce.

A key research question includes: What are the geostrategic, political and human rights implications of this expansion? By mapping the global expansion of 12 of China’s largest and most influential technology companies, across a range of sectors, this project contributes new data and analysis to help answer such questions.

All Chinese companies are subject to China’s increasingly stringent security, intelligence, counter-espionage and cybersecurity laws.3 That includes, for example, requirements in the CCP constitution4 for any enterprise with three or more full party members to host internal party committees, a clause in the Company Law5 that requires companies to provide for party activity to take place, and a requirement in the National Intelligence Law to cooperate in and conceal involvement in intelligence work.6

Several of the companies included in this research are also directly complicit in human rights abuses in China, including the reported detention of up to 1.5 million Uyghur Muslims in Xinjiang.7 From communications monitoring to facial recognition that enables precise and pervasive surveillance, advanced technology – from these and other companies – is crucial to the increasingly inescapable surveillance net that the CCP has created for some Chinese citizens.

Every year since 2015, China has ranked last in the annual Freedom on the Net Index.8 The CCP has made no secret of its desire to export its concepts of internet and information ‘sovereignty’,9 as well as cyber censorship,10 around the world.11 Consistent with that directive, this research shows that Chinese companies are playing a role in aiding surveillance and providing sophisticated public security technologies and expertise to authoritarian regimes and developing countries that face challenges to their political stability, governance and rule of law.

In conducting this research, ASPI’s International Cyber Policy Centre (ICPC) has used open-source information in English and Chinese to track the international operations and investments of12 major Chinese technology companies: Huawei, ZTE, Tencent, Baidu, China Electronics Technology Group Corporation (CETC), Alibaba, China Mobile, China Telecom, China Unicom, Wuxi, Hikvision and BGI.

This research has been compiled in an online database that ICPC is making freely accessible to the public. While it contains more than 1,700 projects and more than 17,000 data points, it’s not exhaustive. We welcome and encourage members of the public to help us make this dataset more complete by submitting data via the website.

The database

Throughout 2018, ICPC received frequent questions from media and stakeholders about the international activities of Chinese technology companies; for example, about Huawei’s operations in particular regions or how widespread the use of Baidu or WeChat is outside of China.

These were always difficult questions to answer, as there’s a lack of publicly available quantitative and qualitative data, and some of these companies disclose little in the way of policies that affect data, security, privacy, freedom of expression and censorship. What information is available is spread across a wide range of sources and hasn’t been compiled. In-depth analysis of the available sources also requires Chinese-language capabilities, an understanding of Chinese state financing structures, and the use of internet archiving services as web pages are moved, altered or even deleted.

A further impediment to transparency is that Chinese media are under increasing control from the CCP and publish few investigative reports, which severely limits the available pool of media sources. The global expansion and influence of US internet companies, particularly Facebook, for example, has rightly received substantial attention and scrutiny over the past few years. Much of that scrutiny has come from, and will continue to come from, independent media, academia and civil society.

However, the same scrutiny is often lacking when it comes to Chinese tech and social media companies. The sheer capacity of China’s giant tech companies, their reach and influence, and the unique party-state environment that shapes, limits and drives their global behaviour set them apart from other large technology companies expanding around the world.

This project seeks to:

  1. Analyse the global expansion of a key sample of China’s tech giants by mapping their major points of overseas presence.
  2. Provide the public with an analysis of the governance structures and party-state politics from which those companies have emerged and with which they’re deeply entwined.

The data and map is available here: https://chinatechmap.aspi.org.au/

Methodology

To fill this research gap, ICPC sought to create an interactive global database to provide policymakers, academics, journalists, government officials and other interested readers with a more holistic picture of the increasingly global reach of China’s tech giants.

A complete mapping of all Chinese technology companies globally would be impossible within the confines of our research. ICPC has therefore selected 12 companies from across China’s telecommunications, technology, internet and biotech sectors:

  • Alibaba
  • Baidu
  • BGI
  • China Electronics Technology Group (CETC)
  • China Mobile
  • China Telecom
  • China Unicom
  • Hikvision (a subsidiary of CETC)
  • Huawei
  • Tencent
  • Wuxi
  • ZTE

This dataset will continue to be updated during 2019. This research relied on open-source information in English and Chinese. This has included company websites, corporate information, tenders, media reporting, databases and other public sources.

The size and complexity of these companies, and the speed at which they’re expanding, means this dataset will inevitably be incomplete. For that reason, we encourage researchers, journalists, experts and members of the public to contribute and submit data via the online platform in order to help make the dataset more complete over time.

China’s tech firms & the CCP

The CCP’s influence and reach into private companies has increased sharply over the past decade.

In 2006, 178,000 party committees had been established in private firms.12 By 2016, that number had increased sevenfold to approximately 1.3 million.13 Today, whether the companies, their leadership, and their employees like it or not, the CCP is present in private and public enterprise. Often the activity of party committees and party-building activity is linked to the CCP’s version of the concept of ‘corporate social responsibility’14—a concept that the party has explicitly politicised. For instance, in the publishing industry, corporate social responsibility includes political responsibility15 and protecting state security.16 Internet and technology companies are believed to have the highest proportion of CCP party committees in the private sector.17

This expanding influence and reach also extends to foreign companies. For example, by the end of 2016, the CCP’s Organisation Department claimed that 70% of China’s 100,000 foreign enterprises possessed party organisations.18 Expanding the party’s reach and role inside private enterprises appears to have been a priority since party chief Jiang Zemin’s ‘Three Represents’ policy, which opened party membership to businesspeople, became CCP doctrine in 2002.

All the companies mapped as a part of this project have party committees, party branches and party secretaries. For example, Alibaba has around 200 party branches;19 in 2017 it was reported that Tencent had 89 party branches;20 and Huawei has more than 300.21

Sometimes, the relevance and significance of the CCP’s presence within technology companies is dismissed or trivialised as merely equivalent to the presence of government relations or human resources departments in Western corporations. However, the CCP’s expectations of these committees is clear.22 The CCP’s constitution states that a party organisation ‘shall be formed in any enterprise … and any other primary-level work unit where there are three or more full party members’.23 Article 32 outlines their responsibilities, which include encouraging everyone in the company to ‘consciously resist unacceptable practices and resolutely fight against all violations of party discipline or state law’. Article 33 states that party committees inside state-owned enterprises are expected to ‘play a leadership role, set the right direction, keep in mind the big picture, ensure the implementation of party policies and principles, and discuss and decide on major issues of their enterprise in accordance with regulations’.24

The establishment and expansion of party committees in private enterprises appears to be one of the ways in which Beijing is trying to reduce financial risks and exercise control over the economy. Because entities ‘cannot be without the party’s voice’ and ‘must safeguard the state-owned assets and interests from damage’,25 the party committees are expected to weigh in on major decisions and policies, including the appointment and dismissal of important cadres, major project investment decisions and large-scale capital expenditures.26 

Although this guidance is longstanding practice in state-owned enterprises, it also appears to be taking root in private enterprises. Conducting a review of corporate disclosures in 2017, the Nikkei Asian Review identified 288 companies listed in China that ‘changed their articles of association to ensure management policy that reflects the party’s will’.27 In 2018, 26 publicly listed Chinese banks revised their articles of association to support party committees and the establishment of subordinate discipline inspection committees. Many of the revised articles reportedly include language requiring party consultation before major decisions are made.28

This control mechanism is explicit in the party’s vetting of business leaders. For example, although he’s not a party member, Baidu CEO Robin Li is a member of the Chinese People’s Political Consultative Conference, the country’s primary ‘united front’ body.29 The party conducts a comprehensive assessment of any of the business executives brought into official advisory bodies managed by the United Front Work Department, the Chinese People’s Political Consultative Conference and the National People’s Congress. Two of the four criteria – which relates to a business person’s political inclinations – include, their ‘ideological status and political performance’, as well as their fulfillment of social responsibilities. And second, their personal compliance with laws and regulations.30

Enabling & exporting digital authoritarianism

The crown jewel of Chinese foreign policy under Xi Jinping is the Belt and Road Initiative (BRI), which is to be a vast global network of infrastructure intended to enable the flow of trade, people and ideas between China and the rest of the world.31 Technology, under the banner of the Digital Silk Road, is a key component of this project.

China’s ambitions to influence the international development of technological norms and standards are openly acknowledged.32 The CCP recognises the threat posed by an open internet to its grip on power—and, conversely, the opportunities that dominance over global cyberspace could offer by extending that control.33

In a 2017 article published in one of the most important CCP journals, officials from the Cyber Administration of China (the top Chinese internet regulator) wrote about the need to develop controls so that ‘the party’s ideas always become the strongest voice in cyberspace.’34 This includes enhancing the ‘global influence of internet companies like Alibaba, Tencent, Baidu [and] Huawei’ and striving ‘to push China’s proposition of internet governance toward becoming an international consensus’.

Officials from the Cyberspace Administration of China have written that ‘cyberspace has become a new field of competition for global governance, and we must comprehensively strengthen international exchanges and cooperation in cyberspace, to push China’s proposition of Internet governance toward becoming an international consensus.’35 China’s technology companies are specifically referenced as a part of this effort: ‘The global influence of Internet companies like Alibaba, Tencent, Baidu, Huawei and others is on the rise.’36

Western technology firms have attracted heated criticism for making compromises in order to engage in the Chinese market, which often involves constraining free speech or potentially abetting human rights abuses.37 This attention is warranted and should continue. However, strangely, global consumers have so far been less critical of the Chinese firms that have developed and deployed sophisticated technologies that now underpin the CCP’s ability to control and suppress segments of China’s population38 and which can be exported to enable similar control of other populations.

The ‘China model’ of digitally enabled authoritarianism is spreading well beyond China’s borders. Increasingly, the use of technology for repression, censorship, internet shutdowns and the targeting of bloggers, journalists and human rights activists are becoming standard practices for non-democratic regimes around the world. 

In its 2018 Freedom on the net report, Freedom House singled out China as the worst abuser of human rights on the internet. The report also found that the Chinese Government is actively seeking to export its moral and ethical norms, expertise and repressive capabilities to other nations. In addition to the Chinese Government’s efforts, Freedom House specifically called out the role of the Chinese tech sector in facilitating the spread of digital repression. It found that Chinese companies:

have supplied telecommunications hardware, advanced facial-recognition technology, and data analytics tools to a variety of governments with poor human rights records, which could benefit Chinese intelligence services as well as repressive local authorities. Digital authoritarianism is being promoted as a way for governments to control their citizens through technology, inverting the concept of the internet as an engine of human liberation.39

Reporters Without Borders has also sounded the alarm over the involvement of Chinese technology companies in repressing free speech and undermining journalism. As part of an extensive report on the Chinese Government’s attempts to reshape the world’s media in its own image, it concluded that:

From consumer software apps to surveillance systems for governments, the products that China’s hi-tech companies try to export provide the regime with significant censorship and surveillance tools … In May 2018, the companies were enlisted into the China Federation of Internet Societies (CFIS), which is openly designed to promote the Chinese Communist Party’s presence within them. Chinese hi-tech has provided the regime with an exceptional influence and control tool, which it is now trying to extend beyond China’s borders.40

Pushing back against both the practices of digital authoritarianism and the norms and values that underpin such practices requires a clear-eyed understanding of the way they’re being spread. For example, a study of the BRI has found that the ways in which some BRI projects, including digital projects, are structured create serious concerns about the erosion of sovereignty for host nations, such as when a recipient government doesn’t have full control of the operations, management, digital infrastructure or data being generated through those projects.41

Sovereign governments are, of course, ultimately responsible for their actions. For some, particularly Western governments, this includes being transparent and accountable in their use of technology for surveillance and information control. And, if they aren’t, the media, civil society and the public have avenues to hold them to account. However, companies also have responsibilities in this space, which is why many sensitive and dual-use technologies are subject to export controls. The need for companies to be held accountable for how new technologies are used is particularly acute in developing countries, where the state may be less able or less willing to do so because of challenges arising from governance, legislative and regulatory capacity, transparency and corruption.

The following case studies have been selected as illustrations of the ways in which Chinese technology companies, often with funding from the Chinese Government, are aiding authoritarian regimes, undermining human rights and exerting political influence in regions around the world.

Surveillance cities: Huawei’s ‘smart cities’ projects

An important and understudied part of the global expansion of Chinese tech companies involves the proliferation of sophisticated surveillance technologies and ‘public security solutions’.42 Huawei is particularly dominant in this space, including in developing countries where advanced surveillance technologies are being introduced for the first time.

Through this research and as of April 2019, we have mapped 75 Smart City-Public Security projects, most of which involve Huawei.43 Those projects—which are often euphemistically referred to as ‘safe city’ projects—include the provision of surveillance cameras, command and control centres, facial and licence plate recognition technologies, data labs, intelligence fusion capabilities and portable rapid deployment systems for use in emergencies.

The growth of Huawei’s ‘public security solution’ projects has been rapid. For example, the company’s ‘Hisilicon’ chips reportedly make up 60% of chips used in the global security industry.44 In 2017, Huawei listed 40 countries where its smart-city technologies had been introduced;45 in 2018, that reach had reportedly more than doubled to 90 countries (including 230 cities). Because of a lack of detail or possible differences in definition, this project currently covers 43 countries.46

This research has found that, in many developing countries, exponential growth is being driven by loans provided by China Exim Bank (which is wholly owned by the Chinese Government).47 The loans, which must be paid back by recipients,48 are provided to foreign governments, and it’s been reported in academia and the media that the contractors used must be Chinese companies.49 In many of the examples examined, Huawei was awarded the primary contract; in some cases, the contract was managed by a Chinese state-owned enterprise and Huawei played a ‘sub-awardee’ role as a provider of surveillance equipment and services.50

Smart-city technologies can impart substantial benefits to states using them. For example, in Singapore, increased access to digital services and the use of technology that exploits the ‘internet of things’ (for traffic control, health care and video surveillance) has led to increased citizen mobility and productivity gains.51

However, in many cases, Huawei’s safe-city solutions focus on the introduction of new public security capabilities, including in countries such as Ecuador, Pakistan, the Philippines, Venezuela, Bolivia and Serbia. Many of those countries rank poorly, some very poorly, on measures of governance and stability, including the World Bank’s governance indicators of political stability, the absence of violence, the control of corruption and the rule of law.52

Of course, the introduction of new public security technologies may have made cities ‘safer’ from a crime prevention perspective, but, unsurprisingly, in some countries it’s created a range of political and capacity problems, including alleged corruption; missing money and opaque deals;53 operational and ongoing maintenance problems;54 and alleged national security concerns.55

Censorship and suppression: aiding authoritarianism in Zimbabwe

The example set by the Chinese state is increasingly being looked to by non-democratic regimes—and even some democratic governments—as proof that a free and open internet is neither necessary nor desirable for development. ‘If China could become a world power without a free Internet, why do African countries need a free internet?’ one unnamed African leader reportedly asked interviewers from the Department of Media Studies at the University of Witwatersrand.56 

The business dealings of Chinese technology companies in Zimbabwe, for example, are closely entwined with the CCP’s support for the country’s authoritarian regime. China is Zimbabwe’s largest source of foreign investment, partly as a result of sanctions imposed by Western countries over human rights violations by the regime. Zimbabwean President Emmerson Mnangagwa’s first visit outside of Africa after his election was to China, where he thanked President Xi Jinping and China for supporting Zimbabwe against Western sanctions and called for even deeper economic and technical cooperation between the two nations.57

Chinese companies play a central role in Zimbabwe’s telecommunications sector. Huawei has won numerous multimillion-dollar contracts with state-owned cellular network NetOne, some of which have been the subject of corruption allegations.58 Several of Huawei’s Zimbabwe projects have been financed through Chinese Government loans.59

ZTE also has a significant footprint in the country (and has also been the subject of corruption allegations).60 This has included a $500 million loan, in partnership with China Development Bank, to Zimbabwe’s largest telco, Econet, in 2015.61 ZTE has previously provided equipment, including radio base stations, for Econet’s 3G network.62 Zimbabwean telecommunications providers currently owe millions of dollars to Huawei and ZTE, as well as Ericsson, which reportedly led to network disruptions in March 2019.63

The CCP and Chinese companies haven’t just helped to cushion Zimbabwe’s leaders against the impact of sanctions. They’re also providing both a model and means for the regime’s authoritarian practices to be brought forward into the digital age, both online and offline.

The Zimbabwean Government has been considering draconian new laws to restrict social media since at least 2016, when the official regulator issued an ominous warning to internet users against ‘generating, passing on or sharing such abusive and subversive materials’.64 In the same year, a law was passed to allow authorities to seize devices in order to prevent people using social media.65

In early 2019, the government blocked social media and imposed internet shutdowns in response to protests against fuel price increases. Information Minister Energy Mutodi stated that ‘social media was used by criminals to organize themselves … this is why the government had to … block [the] internet,’ as he announced plans for forthcoming cybercrime laws to criminalise the use of social media to spread ‘falsehoods’.66

The government has openly been looking to China as a model for controlling social media,67 including by creating a cybersecurity ministry, which a spokesperson described as ‘like a trap used to catch rats’.68

Parts of this ‘trap’ reportedly come from China. In 2018, it was reported that China, alongside Russia and Iran, had been helping Zimbabwe to set up a facility to house a ‘sophisticated surveillance system’ sold to the government by ‘one of the largest telecommunications companies’ in China.69 Given the description and context, it seems plausible that this company may be Huawei or ZTE.

‘We have our means of seeing things these days, we just see things through our system. So no one can hide from us, in this country,’ said former Intelligence Minister Didymus Mutasa.70 

The government is increasingly looking to expand its surveillance from the online space into the real world. It’s signed multiple agreements with Chinese companies for physical surveillance systems, including a highly controversial planned national facial recognition system with Chinese company CloudWalk.71

It’s also interested in developing its own indigenous facial recognition technology, and is working with CETC subsidiary Hikvision to do it.72 Hikvision is already supplying surveillance cameras for police and traffic control systems.73 In 2018, Zimbabwean authorities signed a memorandum of understanding with the company to implement a ‘smart city’ program in Mutare. This included the donation of facial recognition terminals equipped with deep-learning artificial intelligence (AI) systems.

In a media statement, the government stated: 

The software is meant to be integrated with the facial recognition hardware which will be made locally by local developers in line with the government’s drive to grow the local ICT sector making Zimbabwe to be the number one country in Africa to spearhead the facial recognition surveillance and AI system nationwide in Zimbabwe.74

National ID programs: Venezuela’s ‘Fatherland Card’

Chinese tech companies are involved in national identity programs around the world. One of the most concerning examples is playing out amid the political and humanitarian crisis in Venezuela. A Reuters investigation in 2018 uncovered the central role played by ZTE in inspiring and implementing the Maduro regime’s ‘Fatherland Card’ program.75 The Fatherland Card (Carnet de la Patria) records the holder’s personal data, such as their birthday, family information, employment, income, property owned, medical history, state benefits received, presence on social media, membership of a political party and history of voting.

Although the card is technically voluntary, without it Venezuelans can be denied access to government-subsidised food, medication or gasoline.76 In the midst of Venezuela’s political crisis, registering for a ‘voluntary’ card is no choice at all for many. In fact, people in Caracas are queuing for hours to get hold of one, despite the risks of handing over personal data to the increasingly unstable and repressive Maduro regime.77

According to Reuters, ZTE was contracted by the government to build the underlying database and accompanying mobile payment system. A team of ZTE employees was embedded with Cantv, the Venezuelan state telecommunications company that manages the database, to help secure and monitor the system. ZTE has also helped to build a centralised government video surveillance system.

There are concerns that the card program is being used as a tool to interfere in the democratic process. During the 2018 elections, observers reported kiosks being set up near or even inside voting centres, where voters were encouraged to scan their cards to register for a ‘fatherland prize’.78 Those who did so later received text messages thanking them for voting for Maduro (although they never did get the promised prize).

Authorities claim that the cards record whether a person voted, but not whom they voted for. However, an organiser interviewed by Reuters claimed to have been instructed by government managers to tell voters that their votes could be tracked. Regardless of the truth of the matter, even the rumours that the government may be watching who votes for it—or, perhaps more pertinently, against it—could be expected to influence the way people vote.

In the context of the current crisis, this technologically enabled population control takes on an even sharper edge. Cyberspace has emerged as a key battleground in the struggle between the Maduro regime and the Venezuelan opposition led by Juan Guaidó.

In addition to selective social media blocks79 and total internet shutdowns,80 there’s also evidence of more insidious attacks. For example, a website set up by the opposition to coordinate humanitarian aid delivery was subject to a DNS hijacking attack, including the theft of the personal data of potentially thousands of pro-opposition volunteers.81

Cantv, Venezuela’s government-run telecommunications company, is reportedly ‘dependent on agreements with ZTE and Huawei to supply equipment and staff and … Cantv sends its employees to China to receive training.’82 These deals are financed through the Venezuela China Joint Fund. China is known as something of an international leader in DNS blocking and manipulation, and the Chinese Government is strongly supporting the Maduro regime, including by targeting social media users in China who post or share content critical of Maduro.83

Shaping politics and policy in Belarus

In some parts of the world, Chinese technology companies are helping shape the politics and policy of new technologies through the development of high-level relationships with national governments. This is particularly concerning in the case of non-democratic countries.

Often referred to as ‘Europe’s last dictatorship’, Belarus has been under the control of authoritarian strongman Aleksandr Lukashenko since 1994.84 In recent years, ties with China have come to play an increasingly significant role not only in Belarus’s delicate diplomatic relations with its powerful neighbours, but also in its very indelicate domestic policies of violent repression. This has included the use of digital technologies for mass surveillance and the targeted persecution of activists, journalists and political opponents.85

Huawei has been supplying video surveillance and analysis systems to the Lukashenko regime since 2011 and border monitoring equipment since at least 2014.86 Also in 2014, Huawei’s local subsidiary, Bel Huawei Technologies, launched two research labs for ‘intellectual remote surveillance systems’. Through the labs, Huawei provides ‘laboratory-based training … for the specialists of Promsvyaz, Beltelekom, HSCC and other organisations’.87

Over the past several years, collaboration between the Belarusian Government and Chinese technology companies has expanded rapidly, in line with Belarus’s engagement with the BRI and with deepening diplomatic and economic ties between Lukashenko’s regime and the CCP.88

In March 2019, Belarus unveiled a draft information security law. ‘It is purely our own product. We didn’t borrow it from anyone,’ State Secretary of the Security Council Stanislav Zas told Belarusian state media.89

A day later, China’s ambassador to Belarus spoke to the same outlet about how ‘Belarusian and Chinese companies [have] managed to establish intensive cooperation in the area of cyber and information security’, and about the desire of both countries to ‘expand cooperation in the sphere of cybersecurity’.90

‘Both countries have good practice in this field. We are going to even deeper cooperate [sic] and share experience,’ the Chinese ambassador said. 

Huawei has played an especially prominent role in this process at multiple levels. It has continued and expanded the training it provides to Belarusians, including sending students to study in China and signing an agreement with the Belarusian State Academy of Communications for a joint training centre.91

Huawei is also exerting political and policy influence. In May 2018, the company released its National ICT priorities for the Republic of Belarus.92 The proposal includes recommendations for ‘public safety’ technologies, such as video surveillance and drones, and a citizen status identification system.

‘Belarus has not yet widely deployed integrated police systems, and thus can refer to the solution adopted in Shenzhen,’ the document notes. This is likely to be a reference to the facial recognition program implemented by Shenzhen police to ‘crack down on jaywalking’.93

During a meeting with the chairman of Huawei’s board, Guo Ping, for the launch of the plan, then Belarusian Prime Minister Andrei Kobyakov expressed his hope that: the accumulated experience and prospects of cooperation will play an important role in the development of information and communication technologies in Belarus and in making friendship between our countries stronger. The Belarusian government counts on further effective interaction and professional cooperation.94

Controlling information flows—WeChat and the future of social messaging

Launched in 2011, WeChat quickly became China’s dominant social network but has largely struggled to build up a significant user base overseas. Still, of the social media super-app’s 1.08 billion monthly active users,95 an estimated 100–200 million are outside China.96

Southeast Asia provides the most fertile ground for WeChat outside of China: the app has 20 million users in Malaysia; 17% of the population of Thailand use it;97 and it’s the second most popular messaging app in Bhutan and Mongolia.98

The potential for WeChat to substantially grow its user base overseas remains, particularly as it hits a wall in user growth in China99 and overseas expansion becomes more of an imperative. To the extent that it’s being used outside of mainland China, WeChat poses significant risks as a channel for the dissemination of propaganda and as a tool of influence among the Chinese diaspora.

WeChat is increasingly used by politicians in liberal democracies to communicate with their ethnic Chinese voters, which necessarily means that communication is subject to CCP censorship by default.100

In one instance, in September 2017 Canadian parliamentarian Jenny Kwan posted a WeChat message of support for Hong Kong’s Umbrella Movement – a series of pro-democracy protests that took place in 2014 – only to have it censored by WeChat.101

In 2018, Canadian police received complaints about alleged vote buying taking place on WeChat.102 A group called the Canada Wenzhou Friendship Society was reportedly using the app to offer voters a $20 ‘transportation fee’ if they went to the polls and encouraging them to vote for specific candidates.

Because WeChat is one of the main conduits for Chinese-language news, censorship controls help Beijing to ensure that news sources using the app for distribution report only news that serves the CCP’s strategic objectives.103

WeChat is not only a significant influence and censorship tool for the CCP, but also has the potential to facilitate surveillance. An Amnesty International study ranking global instant messaging apps on how well they use encryption to protect online privacy gave WeChat a score of 0 out of 100.104 Content that passes through WeChat’s servers in China is accessible to the Chinese authorities by law.105

Enabling human rights abuses in China: Uyghurs in Xinjiang

Many of the repressive techniques and technologies that Chinese companies are implementing abroad have for a long time been used on Chinese citizens. In particular, the regions of Tibet and Xinjiang are often at the bleeding edge of China’s technological innovation.

The complicity of China’s tech giants in perpetrating or enabling human rights abuses—including the detention of an estimated 1.5 million Chinese citizens106 and foreign citizens107—foreshadows the values, expertise and capabilities that these companies are taking with them out into global markets. 

From the phones in people’s pockets to the tracking of 2.5 million people using facial recognition technology108 to the ‘re-education’ detention centres,109 Chinese technology companies—including several of the companies in our dataset—are deeply implicated in the ongoing surveillance, repression and persecution of Uyghurs and other Muslim ethnic minority communities in Xinjiang.

Many of the companies covered in this report collaborate with foreign universities on the same kinds of technologies they’re using to support surveillance and human rights abuses in China. For example, CETC—which has research partnerships with the University of Technology Sydney,110 the University of Manchester111 and the Graz Technical University in Austria112—and its subsidiary Hikvision are deeply implicated in the crackdown on Uyghurs in Xinjiang. CETC has been providing police in Xinjiang with a centralised policing system that draws in data from a vast array of sources, such as facial recognition cameras and databases of personal information. The data is used to support a ‘predictive policing’ program, which according to Human Rights Watch is being used as a pretext to arbitrarily detain innocent people.113 CETC has also reportedly implemented a facial recognition project that alerts authorities when villagers from Muslim-dominated regions move outside of prescribed areas, effectively confining them to their homes and workplaces.114

Huawei provides the Xinjiang Public Security Bureau with technical support and training.115 At the same time, it has funded more than 1,200 university research projects and built close ties to many of the world’s top research institutions.116 The company’s work with Xinjiang’s public security apparatus also includes providing a modular data centre for the Public Security Bureau of Aksu Prefecture in Xinjiang and a public security cloud solution in Karamay. In early 2018, the company launched an ‘intelligent security’ innovation lab in collaboration with the Public Security Bureau in Urumqi.117

According to reporting, Huawei is providing Xinjiang’s police with technical expertise, support and digital services to ensure ‘Xinjiang’s social stability and long-term security’. 

Hikvision took on hundreds of millions of dollars worth of security-related contracts in Xinjiang in 2017 alone, including a ‘social prevention and control system’ and a program implementing facial-recognition surveillance on mosques.118 Under the contract, the company is providing 35,000 cameras to monitor streets, schools and 967 mosques, including video conferencing systems that are being used to ‘ensure that imams stick to a “unified” government script’.119 

Most concerningly of all, Hikvision is also providing equipment and services directly to re-education camps. It has won contracts with at least two counties (Moyu120 and Pishan121) to provide panoramic cameras and surveillance systems within camps.

Future strategic implications

The degree to which nations and communities around the world are coming to rely on Chinese technology companies for critical services and infrastructure, from laying cables to governing their cities, has significant strategic implications both now and for many years into the future:

  • Undermining democracy: Perhaps the greatest long-term strategic concern is the role of Chinese technology companies – and technology companies from other countries that aid or engage in similar behaviour – in enabling authoritarianism in the digital age, from supplying surveillance technologies to automating mass censorship and the targeting of political dissidents, journalists, human rights advocates and marginalised minorities. The most challenging issue is the continued export around the world of the model of vicious, ubiquitous surveillance and repression being refined now in Xinjiang.
  • Espionage and intellectual property theft: The espionage risks associated with Chinese companies are clearly laid out in Chinese law, and the Chinese state has a well-established track record of stealing intellectual property.122 This risk is only likely to increase as ‘smart’ technology becomes ever more pervasive in private and public spaces. From city-wide surveillance to the phones in the pockets of political leaders (or, in a few years, the microphones in their TVs and refrigerators), governments, the private sector and civil society alike need to seriously consider how to better protect their information from malicious cyber actors.
  • Developing technologies: Chinese companies are leading the field in research and development into a range of innovative, and strategically sensitive, emerging technologies. Their global expansion provides them with key resources, such as huge and diverse datasets and access to the world’s best research institutions and universities.123 Fair competition between leading international companies to develop these crucial technologies is only to be expected, and Chinese tech companies have made enormous positive contributions to the sum total of human knowledge and innovation. However, the strategic, political and ideological goals of the CCP—which has directed and funded much of this research—can’t be ignored. From AI to quantum computing to biotechnology, the nations that dominate those technologies will exercise significant influence over how the technologies develop, such as by shaping the ethical norms and values that are built into AI systems, or how the field of human genetic modification progresses. Dominance in these fields will give nations a major strategic edge in everything from economic competition to military conflict.
  • Military competition: In cases of military competition with China, the Chinese Government would of course seek to leverage, to its own advantage, its influence over Chinese companies providing equipment and services to its enemies. This should be a serious strategic consideration for nations when they choose whether to allow Chinese companies to be involved in the build-out of critical infrastructure such as 5G networks, especially given the CCP’s increasing assertiveness and coercion globally.

This issue is particularly acute for countries already experiencing tensions over China’s territorial claims in regions such as the South China Sea. For example, in 2016, after a ruling by a UN-backed tribunal dismissed Chinese claims, suspected Chinese hackers attacked announcement and communications systems in two of Vietnam’s major airports, including a ‘display of profanity and offensive messages in English against Vietnam and the Philippines’.124 A simultaneous hack on a Vietnamese airline led to the loss of more than 400,000 passengers’ data. Vietnam’s Information and Communications Minister said that the government was ‘reviewing Chinese technology and devices’ in the wake of the attack.125 Cybersecurity firm FireEye says that it’s observed persistent targeting of both government and corporate targets in Vietnam that’s suspected to be linked to the South China Sea dispute.126

5G infrastructure build outs should be an area of particular concern. An article in the China National Defence Report in March 2019127 discusses the military applications for China of 5G in the move to ‘intelligentised’ warfare. ‘[A]s military activities accelerate towards extending into the domain of intelligentization, air combat platforms, precision-guided munitions, etc. will be transformed from ‘accurate’ to ‘intelligentized.’ 5G-based AI technology will definitely have important implications for these domains,’ write the authors, who appear to be researchers affiliated with Xidian University and the PLA’s Army Command Academy.

Conclusion

Chinese companies have unquestionably made important and valuable contributions to the technology industry globally, from contributing to cutting edge research and pushing the boundaries of developing technologies, to enabling access to affordable, good quality devices and services for people around the world. They are not going anywhere, and they are going to continue to play a vital role in the ways in which governments, companies and citizens around the world connect with one another.

At the same time, however, it is important to recognise that the activities of these companies are not purely commercial, and in some circumstances risk mitigation is needed. The CCP’s own policies and official statements make it clear that it perceives the expansion of Chinese technology companies as a crucial component of its wider project of ideological and geopolitical expansion. The CCP committees embedded within the tech companies and the close ties (whether through direct ownership, legal obligations or financing agreements including loans and lucrative contracts) between the companies and the Chinese government make it difficult for them to be politically neutral actors, as much as some of the companies might prefer this. There is also a legitimate question about whether global consumers should demand greater scrutiny of Chinese technology firms that facilitate human rights abuses in China and elsewhere.

Governments around the world are struggling with the political and security implications of working with Chinese corporations, particularly in areas such as critical infrastructure, for example in 5G, and in collaborative research partnerships that might involve sensitive or dual-use technologies. Part of this struggle is due to a lack of in-depth understanding of the unique party-state environment that shapes, limits and drives the global behaviour of Chinese companies. This research project aims to help plug that gap so that policymakers, industry and civil society can make more informed decisions when engaging China’s tech giants.


What is ASPI?

The Australian Strategic Policy Institute was formed in 2001 as an independent, non‑partisan think tank. Its core aim is to provide the Australian Government with fresh ideas on Australia’s defence, security and strategic policy choices. ASPI is responsible for informing the public on a range of strategic issues, generating new thinking for government and harnessing strategic thinking internationally.


ASPI International Cyber Policy Centre

The ASPI International Cyber Policy Centre’s mission is to shape debate, policy and understanding on cyber issues, informed by original research and close consultation with government, business and civil society.


It seeks to improve debate, policy and understanding on cyber issues by:

  1. conducting applied, original empirical research
  2. linking government, business and civil society
  3. leading debates and influencing policy in Australia and the Asia–Pacific.

The work of ICPC would be impossible without the financial support of our partners and sponsors across government, industry and civil society. ASPI is grateful to the US State Department for providing funding for this research project.

Important disclaimer

This publication is designed to provide accurate and authoritative information in relation to the subject matter covered. It is provided with the understanding that the publisher is not engaged in rendering any form of professional or other advice or services. No person should rely on the contents of this publication without first obtaining advice from a qualified professional person.


© The Australian Strategic Policy Institute Limited 2019

This publication is subject to copyright. Except as permitted under the Copyright Act 1968, no part of it may in any form or by any means (electronic, mechanical, microcopying, photocopying, recording or otherwise) be reproduced, stored in a retrieval system or transmitted without prior written permission. Enquiries should be addressed to the publishers. Notwithstanding the above, educational institutions (including schools, independent colleges, universities and TAFEs) are granted permission to make copies of copyrighted works strictly for educational purposes without explicit permission from ASPI and free of charge.

  1. Sarah Cook, ‘China’s cyber superpower strategy: implementation, internet freedom implications, and US responses’, written testimony to House Committee on Oversight and Government Reform, Freedom House, 28 September 2018; Kania et al., ‘China’s strategic thinking on building power in cyberspace: a top party journal’s timely explanation translated’, online. ↩︎
  2. , online. ↩︎
  3. Samantha Hoffman, Elsa Kania, ‘Huawei and the ambiguity of China’s intelligence and counter-espionage laws’, The Strategist, 13 September 2018, online. ↩︎
  4. Constitution of the Communist Party of China, revised and adopted on 24 October 2017, online. ↩︎
  5. People’s Republic of China Company Law, online. ↩︎
  6. Hoffman & Kania, ‘Huawei and the ambiguity of China’s intelligence and counter-espionage laws’. ↩︎
  7. Chris Buckley, Amy Qin, ‘Muslim detention camps are like “boarding schools,” Chinese official says’, New York Times, 12 March 2019, online; Fergus Ryan, Danielle Cave, Nathan Ruser, Mapping Xinjiang’s ‘re-education’ camps, ASPI, Canberra, 1 November 2018, online. ↩︎
  8. ‘China: not free: 88/100’, Freedom on the net 2018, Freedom House, Washington DC, 2018, online. ↩︎
  9. Jun Mai, ‘Xi Jinping renews “cyber sovereignty” call at China’s top meeting of internet minds’, South China Morning Post, 3 December 2017, online. ↩︎
  10. Josh Rogin, ‘White House calls China’s threats to airlines “Orwellian nonsense”’, Washington Post, 5 May 2018, online. ↩︎
  11. Samantha Hoffman, Social credit: technology-enhanced authoritarian control with global consequences, ASPI, Canberra, 28 June 2018, online. ↩︎
  12. Wu Jiao, ‘Party membership up in private firms’, China Daily, 17 July 2007, online. ↩︎

Taking Australian diplomacy digital

What’s the problem?

Australia’s Department of Foreign Affairs and Trade (DFAT) now has a presence on the main digital platforms, but it is yet to master digital diplomacy: using these powerful new communication tools and platforms to better conduct its core mission of persuasion, influence and advocacy. There’s too much use of new media channels to transmit old media content, a tendency to duck rather than address difficult issues, and a failure to engage within the digital life cycle of a news story.

Data analytics and the integration of digital tools into mainstream diplomatic campaigns are both lacking. Beyond this, there’s a need to rethink how Australia does diplomacy in the digital age.

DFAT needs to find better ways to communicate with its stakeholders, using digital tools. It needs to recognise that increasingly statecraft is playing out in the cyber and information domains, and invest more in equipping itself to engage in those domains—even when such online engagement brings risk. 

DFAT must also reconceive its overseas presence and embrace some of the agility and nimbleness of the tech world in doing so.

What’s the solution?

DFAT needs to start treating digital diplomacy as core tradecraft, rather than optional add-on. It should provide compulsory digital training for all outgoing heads of mission and encourage healthy internal competition and innovation. It should pilot more sophisticated data analytics tools and integrate digital tools into regular diplomatic campaigns. It should develop and pilot a new stream of diplomatic reporting that’s punchier and timelier, and reaches a broader audience on hand-held devices.

DFAT should create new positions of ambassador to Silicon Valley and ambassador to the Chinese tech giants based in Beijing. It should experiment more with ‘pop-up’ diplomatic posts, pilot one-person posts and encourage innovation and experimentation in the conduct of digital diplomacy, conceiving of embassies as hubs and connectors for a broad set of interactions. 

Finally, DFAT needs to adopt some of the nimbleness and agility of the tech world in how it conducts Australia’s external policy. Failure to do so means the field is left to others.

Introduction

Australia’s DFAT has come a long way in a short time in its embrace of digital tools and technology.

DFAT, and most of our embassies around the world, now have a significant social media presence, often across several platforms (Figure 1). There has been an explosion of Twitter feeds, Facebook pages, Instagram accounts, and even blogs and YouTube channels,1 adding colour to what was (and remains) a rather lifeless website-only presence. In this, DFAT has been helped by political leaders who have embraced these tools as a means of modern-day communication.

After coming late to the game,2 DFAT now has a decent digital presence when benchmarked against other foreign ministries worldwide. It’s certainly not in the top 10, but it is credible.3

Figure 1: DFAT’s social media presence

Digital, but not yet doing digital diplomacy

However, in the rush to embrace digital media, there’s a danger that some of the bigger questions have gone begging, and that ends have been confused with means. Doing digital diplomacy well not only requires having the requisite digital platforms—it entails using them strategically and effectively to advance a diplomatic agenda.

This is where DFAT is struggling: it has gone digital, but it isn’t yet doing digital diplomacy. Having a large number of social media accounts and a growing crop of followers or friends isn’t sufficient. The test of success is whether those factors are being properly utilised to bring Australian diplomacy from the analogue into the digital age.

A changed operating environment

The essence of diplomacy hasn’t changed. Its main purpose remains the facilitation of communication between states and the exertion of influence (on other states or the international system) to protect and advance national interests. But what has changed vastly, almost beyond recognition, is the operating environment of diplomacy.

Even as recently as a decade or two ago—well within the professional lifespan of most of Australia’s senior diplomats—diplomacy as a profession, and hence DFAT as an institution, enjoyed several natural monopolies. First, there was the monopoly on information. It wasn’t that long ago that diplomats would fax press clippings or transcribe news articles and send them back to their capitals.

At a time when news on developments within other countries was scarce, and almost impossible to access remotely, diplomats stationed abroad were a vital—sometimes the only—source of information for capitals hungry for such intelligence.

Second, there was the monopoly on communication. In the era before modern modes of communication, the bulk of interactions between states took place through the medium of their diplomats. Leaders would meet or talk occasionally, but usually the challenge of making direct contact meant most communication was, of necessity, passed through ambassadors or envoys.

Third, there was the monopoly on representation. When communication with capitals was slow and difficult, and it could take several weeks to get an answer, diplomats abroad were expected to make decisions and improvise within a wide area of policy discretion.

These natural monopolies guaranteed relevance for foreign ministries, DFAT included, and sheltered them from competition. A government simply couldn’t run a foreign policy without a foreign ministry and its overseas diplomatic missions. Modern-day technology, however, has eroded most of these natural monopolies.

Diplomats no longer enjoy a monopoly on information. Leaders and decision-makers in capitals can readily access and follow most news from abroad, usually on demand, and from a variety of sources. Nor do diplomats enjoy a monopoly on communication. Today, leaders and senior officials are just as likely to communicate directly with their counterparts in another country—by phone, email, text message or, increasingly, an encrypted chat service—rather than through their diplomats.4

Finally, the monopoly on representation has ended. Diplomats are now expected to check nearly everything of significance with their capitals first, and modern communications mean they can (and are expected to) obtain revised instructions on how to handle an issue almost instantaneously.

Disruption, disintermediation and the digital pivot

The end result is that diplomacy has become a much more competitive space. Diplomats are being disintermediated by new technology and communication advances. States are increasingly able to understand, communicate and negotiate directly with other states, without the need for the intermediating service of diplomats. With the disruption of much of the traditional role of diplomats, the challenge for foreign ministries today is to pivot: to find new ways to generate value and ensure relevance in a much more contested field. And this is where digital tools can prove so important.

One of the main purposes of national security agencies is to deliver a strategic effect: to shape the behaviour and decision-making of foreign countries and their leaderships. Defence forces do this through alliances and partnerships, their force posture, deployments, joint exercises and military diplomacy (and, in extremis, through the threat or use of force). Development agencies do it through the direction and composition of their aid spending. Intelligence agencies do it through the collection of sensitive information, espionage and disruption.

In diplomacy, words are the bullets. A strategic effect is delivered through persuasion, influence, argument and advocacy directed towards a foreign population, nation or group of key actors or decision-makers. For this task, new communication tools—and especially social media—are a potential boon for diplomats.5 They allow diplomats to engage directly with the public or segments of the public in their country of posting, often in a targeted fashion. They provide the tools to deliver a message or engage in debate directly, rather than through traditional platforms.6 And they allow real-time interaction with a rapidly evolving media cycle, including the ability to rebut falsehoods, contest narratives, correct mistakes and provide the public with additional context to media reporting.

This is especially important now that political power is highly dispersed (partly the result of digital media giving each person a loudspeaker). To be an effective diplomat today requires more than just the formal engagement of your host government. If you want to be effective and shape the course of decision-making, then you need to be monitoring and engaging with those who shape the decision-making environment of political leaders within a society. That might include the media, business and industry groups, civil society, pressure and lobby groups, religious organisations, politically active diasporas and social media ‘influencers’. While this may be less true in autocratic countries, even there—thanks to social media and digital platforms—civil society has a voice that it previously lacked, and a means with which it can be directly engaged.7 Knowing and understanding the terrain of local opinion, and how to engage and shape it—the ‘last three feet’ of diplomacy8—is the unique value proposition of today’s diplomat and something that only a local, informed and networked presence can provide.

A credible but flawed digital presence

DFAT and the Australian network of embassies and high commissions abroad now have, on the whole, a credible digital presence—the tools needed to conduct those last three feet of diplomacy. This is necessary but not sufficient. The challenge is to fully utilise these platforms to conduct DFAT’s core business, which is diplomacy. And here, there’s still quite some way to go. There’s not yet a wholesale recognition and appreciation of how the advocacy landscape has changed. As a result, and with a few stand-out exceptions, most of DFAT’s digital channels suffer from the same three ailments.

First, there’s too much use of new media channels to transmit old media content. Digital media are a different format; they speak to a different audience, and require different—and more engaging—content. Good digital content is pithy, impactful and tailored, but too little of DFAT’s digital content meets that test. Using new media channels to transmit old media content (press releases and the like) ruins both.

Second, there’s a pronounced tendency for DFAT’s digital platforms to duck the difficult issues. There’s a place for building brand Australia, promoting tourism and spruiking soft news stories about Australia on digital platforms, but public and cultural diplomacy can’t be the sum total of our digital effort, or else we risk being (in the words of one insightful commentator) ‘all gums, no teeth’.9 Tempting as it is, there’s no point in running dead or lying low when a controversial issue is unfolding. This is exactly when digital platforms come to the fore and the credibility of your digital presence is tested. Too often, when a storm of controversy is raging all around them, DFAT’s digital channels bury their heads in the sand, go radio-silent, or promulgate the Panglossian fiction that all is well. If Australian nationals are set to be executed in a foreign country, or there are suggestions that the Chinese are building a military base in the southwest Pacific, or if a candidate for the Philippines presidency jokes about the sexual assault and murder of an Australian missionary, then we should expect that the relevant Australian digital diplomatic platform will have something worthwhile to say about it— to articulate our views and interests on an important issue.10 Likewise for major world events. The message must obviously reflect diplomatic realities, but to say nothing in such scenarios is simply not credible. It also lacks a prized trait of the digital age—authenticity—and so diminishes the value of the platform and treats readers as fools.

Figure 2: Twitter feed from selected foreign ministries on 12 June 2018, date of the US – North Korea summit in Singapore

Closely linked to this is a frequent failure to respond within the digital life cycle of a news story. Time differences and clearances may make this challenging, but our senior diplomats abroad have enough judgement and common sense to be trusted—indeed encouraged—to speak publicly on most issues within their patch without having every word approved by Canberra.11

Third, there’s a lack of personality in much of DFAT’s digital content. Part of the appeal of social media is its authenticity and directness—the idea that you get to know the person behind the message and can interact with them directly. But most of DFAT’s digital media content attempts to uphold the traditional division between public and private spheres. It’s stiff and aloof, and frequently non-responsive to attempts to engage. That’s an approach that may remain suitable to traditional diplomatic settings, but it jars in the flat, non-hierarchical, informal world of digital.

Operating in a new information domain: opportunities and threats

If used as part of a comprehensive strategy, the new digital world provides many opportunities to reinforce traditional diplomacy. The UK used digital tools to complement traditional diplomacy in its successful assembly of a broad coalition to respond to Russia’s apparent use of chemical weapons on UK territory, in Salisbury (Figure 3). Canada deployed a multifaceted digital campaign to support its objectives as G7 chair (notably, its initiative to tackle the problem of ocean plastics). Russia is an adept practitioner, frequently taking to digital channels to muddy the waters, promote alternative theories and create distractions when under international pressure (Figure 4). These countries have each integrated digital platforms into the prosecution of mainstream diplomatic priorities and campaigns, realising that digital tools can have a potentiating effect in support of a diplomatic campaign. In Australia, we’re yet to do this properly: we maintain an unhelpful separation between the digital realm and the mainstream diplomatic realm.

Figure 3: Part of the UK’s digital diplomatic effort to hold Russia accountable for Salisbury

Figure 4: Twitter feed from the Russian Embassy in London

Professional data analytics can be a powerful tool for this new diplomacy. Big data and network analyses can help identify online influencers and force amplifiers; track how narratives spread among online publics, and thus help to shape or combat them; allow communications that are tailored to the preferences and attributes of specific online communities; and support the rollout of sophisticated, multiphase campaigns. Most major corporate outfits use such tools, as do the diplomatic services of many foreign countries. The UK Foreign Office even has an internal ‘Head of Data Science’ position.12

Australia needs to get similarly professional and move beyond the simple counting of ‘likes’ and ‘followers’ as the metrics of digital impact.

Just as digital tools bring new opportunities to diplomacy, so they also bring new threats. They are changing the nature of statecraft, and the information domain is growing in importance as a theatre for contest between states. ‘Control of the narrative’—about what happened, about who’s at fault, about where justice lies, about what’s ‘real’ and what’s ‘fake’—is at the heart of this contest (Figure 5).

Diplomats have an important role to play here, in combating misrepresentations, squashing rumours and misinformation, and promoting their own country’s analysis and policy. Effective digital tools and good data analytics will be vital to this effort.13

Figure 5: The information domain is becoming a new theatre of state competition: textbook ‘trolling’ by two of its most capable practitioners

Similarly, today’s digital age means that disinformation, propaganda and rumours designed to influence or destabilise another country’s political system can be launched almost instantaneously, from across the globe, timed for maximum impact, and targeted towards a narrow audience (Figure 6). Unlike overt steps or traditional covert action, such measures are low-cost, low-risk and highly deniable. Russian state interference in the 2016 US presidential elections is likely to be just the tip of this iceberg.14 Although defending against such attacks is primarily the work of intelligence and cybersecurity agencies, we should expect our diplomats to be alert to the risk of such attacks and attuned to the tell-tale fingerprints. But they need to have the tools and the digital literacy to recognise, understand and engage with such information-warfare and ‘active measures’ campaigns.

Figure 6: Content identified by Twitter as originating from and spread by the Russian Internet Research Agency during the 2016 US presidential election.
Source: Update on Twitter’s review of the 2016 US election, 31 January 2018, Twitter, online.

Moving beyond social media

DFAT’s use of digital tools needs to extend far beyond social media, however. In the consular sphere, the department now does a good job in engaging with the travelling public through the digital Smartraveller platforms, but it is yet to modernise how it communicates with some of its main clients within the government. 

The Australian diplomatic network’s main form of communication remains the classified diplomatic cable or telegram. This was once one of the best—indeed one of the only—ways of communicating information and analysis from abroad in a timely and secure fashion. But while modern technology has since moved on, and the pace of events with it, the cable system has remained frozen in time. For the demands of the modern ship of state, it’s too slow, too cumbersome and too difficult to access to be of much operational use. It’s thoroughly analogue, is largely internally focused and has a steadily shrinking readership and impact.

DFAT’s continued reliance on this system as its primary means of communication needlessly restricts its audience and increasingly deals it out of policy influence in Canberra, where many of the national security agencies don’t access or don’t bother to read DFAT’s cables. The department is completely out of sync with the working habits and preferences of today’s governing class, and how they wish to receive information. It doesn’t connect easily or widely to other agencies. Consequently, DFAT’s analysis and advice from its overseas network—one of its main value propositions—is underutilised and undervalued, with implications for policy influence, credibility and the contest for finite government resources.

DFAT must create and foster new methods of communication that are timelier, more accessible and more relevant. There should be different information products for different purposes and different audiences, and the cable system should be only one of several ways in which our diplomats convey information and analysis. As just one suggestion, why not create the equivalent of an encrypted Telegram group or closed Twitter feed that allows non-sensitive but time-critical reporting from across the diplomatic network, with a smattering of judgement and analysis, to be accessed by decision-makers in news-feed style from their handheld devices? Figure 7 shows what it could look like: daily headline take-outs from across our diplomatic network, designed for decision-makers without the time, ability or appetite to wade through the cable system (but with links to more comprehensive analysis). There would still be a place for more detailed reporting and analysis (perhaps accessed via links to a secure cloud-based site), but that, too, should be in a form that reflects the habits and preferences of the readership. Newspapers have made the painful transition away from print and towards new media. DFAT should walk the same path.

Figure 7: Illustrative example of a sample DiploFeed from 2018 (fictional infographic only—does not represent the views of DFAT or its posts)

Rethinking diplomacy

We need to rethink how we do diplomacy in the digital age. A diplomatic presence shouldn’t always have to mean an embassy or a chancery, with all the expense and infrastructure and security overlay that entails. Modern-day communication tools are so powerful that we should rightly expect our diplomats to operate more self-sufficiently, just as foreign correspondents do. There are many parts of the world where Australia would benefit from greater diplomatic representation—we have one of the smallest diplomatic footprints of any country in the OECD, after all 15 —but where we have none because the entry costs to establish a full embassy are so high. Digital tools have brought those barriers to entry down. There should no longer be a minimum viable size for an embassy. We should consider an ‘embassy-lite’ or one-person post in countries where we could do with a presence but can’t justify a fully fledged embassy. With DFAT’s ‘pop-up embassy’ in Estonia, Australia has made a small start down this path. We should continue.16

Similarly, we must assess whether states and international organisations are the only external actors that are worthy of a dedicated diplomatic presence. We should look at creating dedicated ambassadors to the tech giants of Silicon Valley, as France and Denmark have done.17 The FAANGs— Facebook, Apple, Amazon, Netflix and Google—are now immensely important international actors in their own right. Together, their market capitalisation is US$3 trillion, but it’s their business model and ubiquity as much as their size that make them key actors for states. We have issues at stake with each of them—from privacy to taxation, from counterterrorism to cyber-interference and national security capabilities. Similarly for the major Chinese tech giants, the BATs (Baidu, Alibaba and Tencent), whose enduring influence might prove to be greater and about which we know and understand far too little.

Why not have ambassadors dedicated to building and managing these critical relationships, which are surely as important as our relationships with some of the smaller countries where we maintain a diplomatic presence?

In order to modernise diplomacy, Australia needs to begin envisaging the diplomatic network in a different way. Whereas in the past the government provided the network and infrastructure for traditional diplomatic interactions, the erosion of that monopoly means this network is at risk of becoming an underutilised asset. The flag and the chancery, the titles and the flummery, still count for a lot, as do the local networks, contacts and expertise, but how do we get more out of those assets?

The answer lies in broadening our conception of an embassy. We should be using our overseas presence as a platform and enabler to advance our interests across a much broader spectrum, and for a much broader set of stakeholders. Trade, economic and commercial diplomacy have always been traditional partners in this respect, but we need to look much further afield. How can we use the overseas network to support collaboration in innovation and research? How can we use our embassies to keep Australia on the cutting edge of public policy? What value or perspectives from overseas can be brought to bear on some of the major challenges in Australian domestic policy? These areas will depend on the complementarities and opportunities that exist, but they shouldn’t be treated as the poor cousins of traditional diplomatic work. The challenge is to conceive of the embassy as a facilitator of productive interaction and a broker of relationships—a creative hub of networks—and to find creative, non-traditional ways to use the overseas network to advance Australian national interests across the full spectrum.

Finally, DFAT needs to adopt some of the nimbleness and agility of the tech world. The bureaucracy is still far too slow to adopt reform and changes, partly because it insists on any changes happening wholesale, only after painstaking deliberation, and in a culture that focuses debilitatingly on downside risk and punishes failure. Why not encourage internal innovation, meaning different ways of delivering the same product? Promote experimentation and differential approaches. Test new platforms and business models. Run some pilots, iterate and adjust, gather the evidence, and see what works best. Don’t insist on homogeneity. Tolerate some screw-ups and failures and learn from them.18 This is the secret to innovation and continuous improvement, and it’s essential if our diplomatic services are to keep pace with the modern world.

Recommendations

  1. Commission an independent review of DFAT’s digital diplomacy efforts.19 The review should examine the department’s digital capabilities, assess the digital operating environment for Australian diplomacy, and make recommendations to improve Australia’s digital diplomacy effort.
  2. Treat digital diplomacy as core tradecraft, rather than optional add-on. Provide compulsory digital platform training for all outgoing heads of mission.
  3. Encourage healthy internal competition and innovation. Generate a monthly scorecard highlighting the best digital performers and posts. Promote and celebrate the successes.
  4. Pilot more sophisticated data analytics tools to analyse and measure impact, reach and engagement—and adjust tactics accordingly. Appoint a Chief Data Scientist to harness and employ data in the service of diplomacy.
  5. Develop and pilot a new stream of diplomatic reporting that’s punchier and timelier and reaches a broader audience on hand-held devices.
  6. Create new positions of ambassador to Silicon Valley (based in San Francisco) and ambassador to China’s tech giants (based in Beijing).
  7. Increase avenues to engage the Chinese public via Chinese social media platforms. This expansion should include dedicated Weibo accounts for the positions of Prime Minister and Foreign Minister.20
  8. Run a pilot of ‘embassy-lite’ or one-person posts. They’ll be more substantial and enduring than the ‘pop-up embassy’ in Estonia but still substantially lighter in footprint than a fully fledged diplomatic mission.
  9. Encourage innovation and experimentation in the conduct of digital diplomacy. Highlight and champion successes. Learn from (but don’t punish) the inevitable failures. Use DFAT’s Innovation XChange in this task, but broaden its focus beyond the aid program and extend its remit into mainstream diplomacy.
  10. Recognise that our overseas network is an underutilised asset. Find creative but non-traditional ways to use it to advance Australian national interests. Conceive of embassies as hubs and connectors for a broad set of interactions. Highlight and promote the strong performers (sending the cultural signal to others).
  11. Create a Twitter account for the Secretary of DFAT to internally signal the importance of digital diplomacy, to provide a further mouthpiece for Australian interests, and to give the public insight into the important work that Australia’s diplomatic service does every day.

What is ASPI?

The Australian Strategic Policy Institute was formed in 2001 as an independent, non‑partisan think tank. Its core aim is to provide the Australian Government with fresh ideas on Australia’s defence, security and strategic policy choices. ASPI is responsible for informing the public on a range of strategic issues, generating new thinking for government and harnessing strategic thinking internationally.

ASPI International Cyber Policy Centre

The ASPI International Cyber Policy Centre’s mission is to shape debate, policy and understanding on cyber issues, informed by original research and close consultation with government, business and civil society.

It seeks to improve debate, policy and understanding on cyber issues by:

  1. conducting applied, original empirical research
  2. linking government, business and civil society
  3. leading debates and influencing policy in Australia and the Asia–Pacific.

We thank all of those who contribute to the ICPC with their time, intellect and passion for the subject matter. The work of the ICPC would be impossible without the financial support of our various sponsors.

Important disclaimer

This publication is designed to provide accurate and authoritative information in relation to the subject matter covered. It is provided with the understanding that the publisher is not engaged in rendering any form of professional or other advice or services. No person should rely on the contents of this publication without first obtaining advice from a qualified professional person.

© The Australian Strategic Policy Institute Limited 2019

This publication is subject to copyright. Except as permitted under the Copyright Act 1968, no part of it may in any form or by any means (electronic, mechanical, microcopying, photocopying, recording or otherwise) be reproduced, stored in a retrieval system or transmitted without prior written permission. Enquiries should be addressed to the publishers. Notwithstanding the above, educational institutions (including schools, independent colleges, universities and TAFEs) are granted permission to make copies of copyrighted works strictly for educational purposes without explicit permission from ASPI and free of charge.

  1. Department of Foreign Affairs and Trade (DFAT), Social media, Australian Government, no date, online. ↩︎
  2. See, for instance, Fergus Hanson, ‘DFAT the dinosaur needs to find Facebook friends’, The Australian, 23 November 2010, online. ↩︎
  3. See twiplomacy, online, for rankings across a number of dimensions. ↩︎

Huawei and Telefunken: Communications enterprises and rising power strategies

This Strategic Insight, examines Huawei through a historical lens. It identifies strong parallels between the industrial policy adopted by Germany in the early twentieth century to cultivate a ‘national champion’ in communications – Telefunken – and the Chinese party-state’s support for Huawei since its formation in 1987.

It demonstrates that Huawei and Telefunken both benefitted from guaranteed government orders for their hardware, protected domestic markets, long-term backing from national financial institutions, and diplomatic support for overseas expansion. These policies increased the firm’s competitiveness on the world market, facilitating the development of national capacity in advanced communications. The development of capacity in communications brings strategic benefits for a rising power – allowing it to escape dependence on the outside world for vital infrastructure, build capabilities with potential military applications, and build geostrategic influence in key regions.

Tag Archive for: Cyber

Cyber wrap

Image courtesy of Flickr user wbeem

Las Vegas was the place to be last week, with the world’s largest annual hacker conferences, Black Hat and Defcon, taking over the town. The events unearthed lots of cyber gossip, but it was the world’s first machine-only hacking competition that stole the show. DARPA’s Cyber Grand Challenge pitted seven ‘cyber reasoning systems’ against each other to assess their ability to detect software vulnerabilities and write new security patches without human assistance. The automated computers were confronted with modified versions of historic bugs, including Heartbleed, Sendmail crackaddr and the Morris Worm. Carnegie Melon’s ‘Mayhem’ won the US$2 million prize, and even briefly held a lead on a human team in a separate hacking event—before eventually coming last. This sort of artificial intelligence isn’t intended to replace human analysis, but the success of the Challenge confirmed the utility of automated network defence and the assistance that such systems can offer in network protection. Other highlights from the desert include flying laptops, the return of the Jeep hackers, the rise of automated spear-phishing Twitter bots, and how to hack your way into first class airline lounges.

It was at the Black Hat conference that Apple announced its first ever bug bounty program. Ivan Krstic, Apple’s head of security engineering and architecture, revealed that Apple will start offering up to US$200,000 to hackers who report undiscovered security vulnerabilities in Apple’s software. After years of refusing to pay independent researchers and relying instead on internal security efforts, Apple will start the program next month on an invitation-only basis. In doing so, it joins the ranks of many other large tech companies that offer rewards for cybersecurity detective work, including Google, Microsoft and Facebook. Fancy yourself a white hat hacker? Well, check out Bugcrowd’s up-to-date inventory of live bug bounty programs. Happy hunting!

Rumours are circling that the Obama administration is planning to elevate the powers of the Pentagon’s Cyber Command. There are preparations to separate Cybercom from the NSA into a separate and more influential Unified Combatant Command. Rejigging the organisational structure appears necessary to improve Cybercom’s performance, as the shortcomings of its current online campaign against ISIS are drawing criticism from military leaders. Standby for confirmation of this change from the White House.

Cyber continues to bubble up in the US elections. The recent hack of the Democratic National Committee’s network has generated concerns over the security of the electronic voting technology. The Obama administration is considering the possibility of designating the electronic ballot-casting system as ‘critical infrastructure’. Doing so would allow the Department of Homeland Security to take more robust measures to protect the system, which Secretary Jeh Johnson described as part of the US’ ‘vital national interest’. Those discussions join a long election dialogue on cybersecurity that has included Clinton’s email misdemeanours, the DNC hack, Trump inciting Russian hackers and the respective policy positions of both candidates. Cybersecurity expert and founder of both Black Hat and Defcon, Jeff Moss, has publicly endorsed Clinton, despite her online blunders—better the devil you know. But then again, who could go past Trump’s profound value-add last month when he announced, ‘I am a fan of the future, and cyber is the future’…

As the host of the 2016 Summer Olympic Games, Rio has needed to up its cybersecurity game. Large scale sporting events bring with them an increased volume of online activity and are naturally attractive to cybercriminals. A report from security firm Fortinet reveals a spike in malicious online activity such as online payment fraud, in sync with the opening of The Games. Over the last month, Brazil has experienced an 83% rise in the number of malicious URLs, in comparison to a 16% increase globally. The major threats are expected to be phishing scams, unsecure public Wi-Fi connections and ATM skimmers. Luckily, US-CERT has published some handy tips to keep you cyber secure at The Games.

Speaking of cybercrime, Australia has set up a new cyber-intelligence unit to track terrorism financing, money laundering and financial fraud. Justice Minister Michael Keenan indicated that this unit would be stood up within the Australian Transaction Reports and Analysis Centre to crack down on organised criminal activities online. The unit will tackle job recruitment scams with IDCARE and identify criminal patterns in cooperation with ACORN, the Australian Cybercrime Online Reporting Network.

The Australian Bureau of Statistics suffered an embarrassing denial of service last night, just as millions of Australians logged on to complete the national census. This comes after widespread privacy concerns over the increased time period that individuals’ information would be stored and security worries over the fortitude of the website’s encryption. So much so, that several senators openly committed to boycotting this week’s survey, despite hefty fines. So last night’s debacle is an awkward development, with questions being raised by the media on the origin and motivation of the incident, and its implications for the integrity of personal data. While you’re waiting for the census website to come back online, check out #bettercensusquestions for some comic relief.

Finally, Pokémon Go’s rise to become the most successful mobile game in history has led to the creation of malicious apps masquerading as the real thing. These knock-off games have popped up on the Google Play store and are smuggling malware onto people’s Android mobile operating systems. Check out Dell’s analysis of these exploits here. Getting ahead of the game, Iran has banned Pokémon Go before its even been released, on the grounds of security concerns. So, thanks to the country’s High Council of Virtual Spaces, Iranians will never be able to catch ‘em all – but at least they will be safe from cybercriminals.

Quantum computing is getting closer

Image courtesy of Flickr user Captain Pancakes

Electronic computer technology has moved from valves to transistors to progressively more complex integrated circuits and processor designs, with each change bringing higher levels of performance. Now the advent of quantum computers promises a huge step increase in processor performance to solve certain types of problems.

Quantum computers are much faster than the world’s fastest supercomputers for some applications. In 1994 Peter Shor, an applied mathematician at Bell Laboratories, gave the encryption world a shock when he demonstrated an algorithm showing that quantum computers could threaten conventional prime number based encryption methods.

If an adversary conducts successful espionage raids on encrypted information stored in present technology computer installations, possibly through a compromised or issue-motivated individual who transfers it to portable media, it could become vulnerable to decryption by that rival’s quantum computers.

Apart from the usual cyber security defences, including increased oversight and monitoring of individuals’ access to secured information, the time is coming when we need to develop encryption technology which cannot be broken by quantum computers, and we will have to use data diodes more widely and ‘air gap’ vital computer installations, greatly increasing the difficulty of authorised access to their stored information and lengthening the response time for urgent defence purposes.

It is reasonable to ask when we might see quantum computers in everyday use. Although the first such machines exist now, they are not suitable for most tasks. They are being directed towards optimisation problems that can be defined in quantum mechanical form, and for which a range of solutions can co-exist, with the challenge being to reveal the most relevant and optimal.

World-wide, defence and intelligence agencies, and large commercial organisations are taking quantum computing seriously. There are some significant Australian connections as well. A laboratory at Sydney University has been awarded a multimillion dollar grant by the US office of the Director of National Intelligence to pursue quantum computing research. The Quantum Control Laboratory in the university’s new Nanoscience Hub is the only facility in Australia chosen for the US funding.

The Quantum Computation Laboratory at UTS, Sydney, stated:

‘As with all pioneering efforts, this field presents many challenges. How to employ the laws of physics that apply to the sub-atomic world given our existence is macroscopic; determining the fundamental physical limits of our ability to process and transmit information; and where quantum technology might be applied beyond traditional concepts of computing are perhaps the three most notable.’

Another research group, at UNSW, already has a great track record under Professor Michelle Simmons, director of the Australian Research Council Centre of Excellence for Quantum Computation and Communication Technology. Recent technology breakthroughs at UNSW included researchers building the first quantum logic gate in silicon in 2015. This clears one of the critical hurdles to making silicon-based quantum computers a reality, and gives the team a two to three-year lead over the rest of the world, enabling them to stay ahead of the competition according to Professor Simmons.

UNSW collaborating and partnering organisations include five other Australian universities, DSTG, ASD, IBM Research and ten overseas universities.

There’s also an interest from Defence. In soliciting proposals for this year’s Capability and Technology Demonstrator Program, DSTG noted capability interest in ‘quantum systems and technologies’—previously identified as a priority work area in the 2016 Defence Integrated Investment Program.

In the United States, NASA and Google’s Quantum Artificial Intelligence Laboratory hosts a 1,097-qubit D-Wave 2X™ quantum computer to explore its potential to tackle optimisation problems that are difficult or impossible for traditional supercomputers to handle.

Google is planning preemptive steps to meet the potential future challenge to today’s internet encryption from quantum computers. To future-proof today’s messaging and content, Google is testing and will deploy what it’s calling ‘post-quantum cryptography’ in its browser Chrome Canary,  using their New Hope algorithm, layered on top of current encryption methods.

Lockheed Martin has partnered with the University of Southern California, to produce a D-Wave 2X™ quantum computer ‘to advance the state of the art in software verification and validation, cryptography, drug discovery, machine learning, cyber security, finance and many other areas where innovation is bounded by the limits of high-performance computing.’ The machine has demonstrated high performance in some optimisation problems.

The problem in creating large scale quantum computers is that their building blocks are unstable, and can give false results. The major challenge is to stabilise these chips and figure out how to automatically find and fix errors. Their actual installation must be in a vibration free environment and current devices must be kept near Absolute Zero (-273 degrees Celsius).

While current quantum chips consume a fraction of a microwatt in power, the refrigeration system requires fifteen kilowatts! That’s not all bad, as an increase in computing power as the technology advances will be easily accommodated by the existing power supply.

There’s still much to do, but Australia is conducting world class research into quantum computing and communications and is fully involved internationally with intelligence and security applications.

Deterrence in cyberspace: different domain, different rules

Image courtesy of Flickr user The Official CTBTO Photostream

Cyberspace pervades everyday life. Our growing reliance on networks has increased the vulnerability of Australia’s national security, economy and society to malicious cyber actions. As a result, there’s a need to build trust and confidence in cyberspace, and the infrastructure and institutions that it enables and supports.

Deterrence policies and capabilities are often invoked as a means to create this stability. Australia’s recent Cyber Security Strategy, released in April 2016, stated that ‘Australia’s defensive and offensive cyber capabilities enable us to deter and respond to the threat of cyber attack’. In launching the Strategy, Prime Minister Malcolm Turnbull further emphasised that ‘acknowledging this offensive capability, adds a level of deterrence’. This rhetorical trend is also evident in other international cyber strategies including those of our major allies and partners.

However, there are pit falls in that approach to cybersecurity. In our report, Deterrence in Cyberspace, released today, we explore those issues and provide recommendations for policymakers to address stability and security in cyberspace.

The use of deterrence to mitigate security threats is based on an assumption that states are rational, and make decisions based on cost-benefit assessments. On that assumption, one can deter a challenger by increasing the perceived costs of their action (deterrence by punishment) or decreasing the expected benefit (deterrence by denial).

However, threatening punishment is unlikely to deter malicious behaviour in cyberspace, for several reasons:

  •         Setting enforceable thresholds is difficult due to the spectrum of potential acts in cyberspace and the non-binary nature of many cyber capabilities. For that reason the difference between an ‘attack’ and below-the-threshold events, such as espionage and criminality, is often less obvious.
  •         Responding proportionately is also made difficult by the difficulty of controlling escalation in cyberspace and the lack of normative framework to guide a conventional response.
  •         It’s often difficult to quickly and accurately identify the responsible actor. Attributing blame risks inadvertent escalation with a third party and can expose valuable national cyber capabilities.

Instead, such threats have the potential to heighten international insecurity by inducing what we’ve dubbed the ‘credibility-stability paradox’. The reliability of a state’s commitment to enforcing its own deterrence policy statements is a significant symbol of its political and military power. If a state doesn’t follow through on a threat when its threshold is crossed, it directly reduces its credibility in the eyes of the international community, undermining its ability to both intimidate and negotiate in the future.

Conversely, making good on a threat in cyberspace can have drastic impacts on international stability. Retaliation, either inside or outside of cyber space, may spiral beyond the intended punishment, inflicting damage over and above what would be considered a proportionate response to the breach of a threshold. That risks a minor incident triggering a tit-for-tat escalation that devolves into a larger and more destructive conflict, further damaging international stability. So, as soon as a cyber deterrence threat is extended, a state faces the strategic dilemma of being forced to choose between maintaining its credibility or risking collateral damage.

That isn’t to say that offensive cyber capability shouldn’t be developed, but rather that it shouldn’t be developed for the purpose of making threats. The use of offensive cyber capabilities, in accordance with international law, to enable and support conventional military forces contributes positively to broader deterrence capability by reinforcing the lethality and effectiveness of armed forces as a tool of state power.

The report recommends methods to alter an adversary’s decision-making by withholding the perceived rewards of certain behaviour and building an international conflict reduction framework. Implementing a denial strategy in cyberspace requires strong, adaptive defences, resilient networks, and the use of other advanced techniques and technologies to reduce the perceived value of malicious behaviour. Denying enemies an advantage commensurate with the effort required to breach security should dissuade them from further attempts on the network. That supports cybersecurity generally and, if effectively conducted, can further enhance conventional deterrence postures and improve a state’s overall national security.

ICPC’s new report explores the nature of cyberspace, reviews the challenges it poses to deterrence by punishment and offers alternative approaches for policymakers seeking to establish stability in cyberspace. In a context of increasing network dependence and growing cyber tensions, setting a precedent of restraint, trust and international cooperation is essential. This will ensure Australia can continue to reap the economic and social benefits of a stable cyberspace.

Cyber(war) wrap

Edited image courtesy of Flickr user Carolyn Lehrke

With ASPI’s cyber team flat out like lizards drinking this week, here’s a special edition of the cyber wrap, based on a lecture on cyberwarfare I gave at the ANU earlier this year.

As all good undergraduates know, the first thing you do is to look for definitions. NATO had a crack at a summit in 2014, but didn’t manage to define what constituted a cyberattack for the purposes of an alliance military response. But their official statement was clear in its assessment of the impact of cyberattacks:

‘Cyber attacks can reach a threshold that threatens national and Euro-Atlantic prosperity, security, and stability. Their impact could be as harmful to modern societies as a conventional attack.’

NATO has good reasons to think about cyberwar after the three weeks of extensive attacks on Estonia in 2007, which saw the Baltic state’s internet connectivity essentially disabled, including the banking system. Russia was widely seen as the culprit, and the attacks corresponded with heightened tensions between the countries. Today the NATO Cooperative Cyber Defence Centre of Excellence is located in Estonia, and NATO’s cyber doctrine has evolved in the wake of that incident.

One the reasons that NATO is working through its thinking on the subject is the vexed questions of appropriate and proportionate response to cyberattack. If hostile action is confined entirely to cyberspace, is a physical response justified and, if so, what level of violence is appropriate? NATO’s 2014 statement that a cyberattack could be treated as the equivalent of an attack with conventional weapons (a point reiterated last year) means that:

‘… a digital attack on a member state is covered by Article 5, the collective defence clause. That states that an attack against one member of NATO “shall be considered an attack against them all” and opens the way for members to take action against the aggressor — including the use of armed force — to restore security.’

The AUSMIN talks of 2011 reached a similar conclusion for the ANZUS alliance. Stephen Smith, then Australia’s Defence Minister, observed that ‘a ”substantial cyber attack” on either country would trigger the treaty in a response similar to that following the 2001 terror attacks on the US’. His hawkishness was matched by his American counterpart, Secretary for Defense Leon Panetta, who warned in 2012 that ‘the United States was facing the possibility of a “cyber-Pearl Harbor” and was increasingly vulnerable to foreign computer hackers who could dismantle the nation’s power grid, transportation system, financial networks and government’. The Pentagon was similarly belligerent; the Wall Street Journal was told that a cyber attack on domestic infrastructure could generate a kinetic response: ‘if you shut down our power grid, maybe we will put a missile down one of your smokestacks’.

That’s problematic for a number of reasons. First, there’s the question of proportionality. An attack on a military system is one thing—and it might presage a physical attack as well—but if a civilian target such as a power grid or bank is taken down, does that justify a military response such as a bomb on a physical facility, with likely lethal consequences? Perhaps a case exists if there are fatalities due to a cyberattack, such as deaths due to extreme heat or freezing temperatures. But we have to keep this in perspective—power grids fail for all sorts of reasons, and so far squirrels constitute a greater danger to the US power grid than cyberattacks.

Second, cyberattacks aren’t always overt, and are often disavowable. Even if the location from which an attack is launched can be reliably discerned, there’s still the issue of who was responsible; was it state-backed, a ‘citizen’s militia’ or just an individual? It’s not surprising that there’s a live debate about attribution in IT professional and academic circles.

I think there’s still quite a bit of confusion in thinking about cyberwarfare. It’s certainly a new facet of conflict, and there has been a lot of work going on trying to understand what might be a new ‘domain’ in warfighting [PDF]. That’s not just an academic argument about definitions. In a recent evolution in its thinking, NATO declared cyberspace to be a military domain (in addition to land, air and sea), further lowering the bar for a collective defence response to cyberattacks.

Despite all that, I’d argue that cyberwarfare hasn’t yet been fully integrated into strategic thinking. Despite the ‘Pearl Harbor’ type hyperbole that still pops up from time to time, there are more measured voices that argue for a more nuanced approach, and caution against invoking defence treaties in response to cyberattacks.

Some analysts doubt that cyberwarfare will ever take place, at least as a stand-alone activity. That’s a view I tend to agree with. The 2007 attacks on Estonia were undoubtedly hostile, but ultimately no territory or lives were lost. On the other hand, the Russian military assault on Georgia in 2008, which was accompanied by extensive cyberattacks, was unambiguously an act of war. For now at least, I think we’re best off thinking about cyberwarfare as an adjunct to other forms of war.

Further reading

In 2012, ASPI produced an anthology of papers on the consequences of cyberattacks for the ANZUS alliance. More recently, our International Cyber Policy Centre Fellow Jim Lewis provided some thoughts on the role offensive cyber capabilities in cyberwarfare.

Cyber wrap

Image courtesy of Flickr user WOCinTech Chat

According to a recent survey by Tech London Advocates, London’s tech experts and cyber security professionals are ‘overwhelmingly opposed’ to the UK’s recent decision to leave the EU. Mainland Europe represents an  essential source of talent for the UK, which suffers an ‘alarming lack of digital skills’, and Brexit will likely raise barriers to Europeans’ freedom to work and travel in the UK. In fact, there are concerns that a potential dip in Britain’s economy may result in a technological brain drain, with British cyber professionals seeking higher pay in countries such as the US. Negotiating the split will involve establishing whether British law enforcement will continue to benefit from the information sharing arrangements of Europol’s European Cybercrime Centre (EC3), and whether it will continue to reflect the privacy and data protection legislation of the EU or develop its own regulation standards. The attractive benefits of the EU’s ‘digital single market’ means it’s likely Britain will continue to adhere to the data standards of its continental counterparts in order to facilitate the flow of data across the Channel.

Staying with European data debates, the final changes to the US–EU data sharing agreement, Privacy Shield, have been agreed upon this week. The new arrangement will regulate the transatlantic transfer of EU data by US companies, replacing the ‘Safe Harbour’ model that was struck down last October by the European Court of Justice. The scheme features ‘a number of additional clarifications and improvements’ in response to concerns of US mass surveillance of European citizens. The new data transfer pact includes stronger restrictions and establishes the role of a US ombudsman to handle complaints over American misuse of EU data. The final version of Privacy Shield was sent to European member states for review this week, and the vote is expected to be held early next month.

Russia’s new mass surveillance bill will require all messaging services operating in Russia—such as WhatsApp, Telegram and Viber—to provide the Federal Security Service with backdoor access to citizens’ personal communications. Pitched as a counterterrorism bill, the legislation will also necessitate ISPs to hold customers’ metadata for three years and real communication records for up to six months. The legislation has been dubbed ‘the big brother law’ and companies that fail to comply will be subject to fines of up to one million Rubles (AU$20,000). Russia’s lower house, the Duma, passed the bill last week and it’s now expected to move quickly through Russia’s Federal Council and the Kremlin, into law.

China is also clamping down on data management, holding a second reading of controversial new draft rules this week. The cybersecurity law will require Chinese citizens’ personal data be stored domestically, with any request to transfer the data overseas requiring a government security evaluation. Importantly, the legislation will force network operators to ‘comply with social morals and accept the supervision of the government’. While Chinese media outlets state that these measures as designed to ‘protect the information infrastructure’, the bill is seen internationally as ‘internet censorship enshrined in legislation’.

The US recently held its fifth annual military network defence test, Cyber Guard, in Virginia with nearly 1,000 participants from the military, government, private sector, academia and allied countries. The exercise, led by the US Cyber Command, the FBI and the Department of Homeland Security, required participants to respond to a simulated network attack on US infrastructure. Over a week, participants were challenged by an active expert ‘red team’ to practice inter-agency coordination, private sector cooperation and Five Eyes interoperability. Cyber Command is also working to establish a ‘Persistent Training Environment’—a year-round cyber facility capable of simulating multiple scenarios simultaneously—which is expected to reach initial operating capability in 2019.

Closer to home, the Australian Department of Defence has announced a $12 million contribution to the Australian National University’s new innovation centre for high performance computing, data analytics and cybersecurity. The $45 million research facility will house 70 students, academics and staff from the Australian Signals Directorate. The initiative is part of efforts to boost the study of STEM subjects and address Australia’s cyber skills shortage.

For some in-depth reading, check out the Global Commission on Internet Governance: One Internet report released by the Centre for International Governance Innovation and Chatham House this week. Notably, it proposes three potential outcomes for the internet: ‘a dangerous and broken cyberspace’, ‘unequal gains’ or ‘broad unprecedented progress’. Microsoft has also published a new report this week, proposing a cybersecurity norm development model for both nation states and ICT industry. The paper addresses offensive, defensive and industry norms, as part of Microsoft’s ongoing work to ‘advance trust in global ICT ecosystems’.

National cyber budgets: same, same but different

Image courtesy of Flickr user Defence Images

The latest report from UNSW’s Australian Centre for Cyber Security (ACCS), ‘Australia’s Response to Advanced Technology Threats,’  claims that Australia doesn’t take cyber threats seriously enough. The report argues that the differences between Australian cyber security rhetoric and spending compared to our allies, namely the US and UK, indicate that Australia is lagging behind in both our understanding of and responses to cyber threats. The report argues correctly that Australia has a long way to go towards developing the strong cyber security posture and workforce it requires. However, when making comparisons between Australia and other countries, it’s helpful to understand a variety of factors that contribute to national differences.

The transnational nature of cyberspace requires national cyber security budgets to address international cyber challenges. Developing conflict prevention frameworks, capacity building efforts, internet governance initiatives and international cybercrime engagement are priorities that demand international cooperation. So a certain proportion of states’ cyber spending is directly comparable and a national budget can act as an indicator of a government’s capacity to address global challenges and contribute to those international projects.

However, it’s important to remember that a proportion of a state’s budget is reflective of its specific national cyber threat landscape. The cyber security risks seen on the ground differ in nature, number and extremity between countries. For example, while the majority of breaches in France are the product of hackers or criminal insiders, such incidents only represent 30% of cyber incidents in Brazil.

Numerically, the threat faced by the US is enormous; IBM’s 2015 Cost of Data Breach Study found that while 60% of global cyber incidents take place in the US, only 6% occur in Australia. Incidents in the US are not only more numerous but also more damaging. For example, an international study by the Ponemon Institute found the average cost of a breach in the US to be US$15 million, US$6.32 million in the UK and only US$3.47 million in Australia. Meanwhile, Australian government figures sit even lower, with the average cost of a breach to an Australian business estimated at AU$276,323.

The divergent frequency and scale of incidents results in varying aggregate damage to each country. McAfee’s 2014 report, Net Losses: Estimating the Global Cost of Cybercrime, undertook an international comparison of the proportion of a country’s GDP lost as a result of malicious activity online. According to the report, Australia lost only 0.08% of its GDP, while the UK and the US lost 0.16% and 0.64% respectively.

Even assuming that each country faced the exact same cyber threat, making budget comparisons in relative terms as a proportion of national GDP, rather than in absolute terms, more accurately reveals cyber security’s position within national priorities. Referring to recent announcements of US plans to invest US$19 billion in cyber security efforts over one year, while the UK has committed £1.9 billion over five, the report claims that Australia is annually being outspent by its allies by 400 and 10 times respectively.

However, when broken down annually and measured as a proportion of GDP (as projected over the relevant funding years), Australia spends 0.003%, the UK 0.020% and the US 0.113% of national GDP on cyber security. The claim that the US is spending hundreds times more than Australia is based on a direct comparison of absolute budget allotment, without taking into account the size of the economy from which the investment is being made. Such comparisons are therefore misleading in the important discussions on Australia’s funding strategies.

The US and UK are actually spending 35 and 6 times more than Australia in relative terms, respectively. The gap between Australian and US spending isn’t as severe as suggested in the ACCS report, and must be understood in the context of each country’s level of risk. Compared to Australia, the US experiences a 10 times higher rate of cyber incident, 8 times the cost to GDP and 5 times the cost per average breach. That reality means the existence of some gap in national funding response should in some sense be expected, and doesn’t necessarily represent an Australian disregard of the importance of cybersecurity measures as the report suggests.

Of course, the discrepancy is still significant and there’s room for growth in the Australian budget. The need to invest and plan further for Australia’s cyber workforce, as mentioned in the report, cannot be understated and is a priority echoed by the ICPC. Increasing Australian investment in cyber education, securing infrastructure and combatting cybercrime, as suggested by the report, is important to address the AU$2 billion cost of malicious cyber activities to the Australian economy each year.

However, there’s an important difference between calling for increasing investment and requesting more dramatic rhetoric. Policy development needs to take place in a reasoned and rational manner, so avoiding misleading and alarmist comparisons is essential. Threat perceptions must be accurate and breach reports honest, but unnecessarily dramatising the threat doesn’t change the results on the ground.

Australia should continue to increase its investment in cyber security to ensure it manages the risks, and can continue to enjoy the benefits of cyberspace. It’s vital that this discussion is based on national realities and informed by an accurate understanding of where Australia sits in relation to its peers in terms of relative risk and response.

Cyber wrap

Cybersecurity made an appearance in the eighth round of the US–China Strategic and Economic Dialogue which took place in Beijing last week, chaired by State Councillor Yang Jiechi and Secretary of State John Kerry. Both countries reaffirmed the value of the Senior Experts Group on International Norms in Cyberspace and Related Issues, their commitment to refrain from supporting cyber-enabled theft of intellectual property and their positive anticipation of the second High-Level Dialogue on Cybercrime and Related Issues to be held in Beijing on June 14.

The first of those ministerial-level US–China cybercrime talks was held last December, breaking the freeze in Sino-US cyber relations that started when China withdrew from a bilateral working group in response to the US indictment of 5 Chinese military officials back in May 2014. The recent December talks established a set of guidelines, a hotline and plans to conduct a tabletop exercise and continue discussions on the issue in 2016. The weekend’s terrible shooting in Orlando has meant that the second iteration of talks scheduled for this week will now be conducted at the sub-ministerial level. For a handy synopsis of US–China cyber perspectives, check out this Cipher Brief interview with Adam Segal from the Council on Foreign Relations.

Achieving additional bilateral goals, President Obama talked cybersecurity with Indian Prime Minister Narendra Modi at the White House last week. As part of their third major bilateral summit, the leaders released a joint statement that committed to deepening their cooperative partnership in regards to combatting cybercrime, securing critical infrastructure and promoting voluntary norms of state behaviour. During the talks, the US and India penned a ‘Framework for the US-India Cyber Relationship’ that’s expected to be signed by the two leaders within the next 60 days. The framework recognises both countries’ simultaneous commitment to a ‘multistakeholder model of Internet governance’ and ‘the leading role for governments in cyber security matters relating to national security’. That duality is an interesting addition to a sequence of inconsistent policy stances taken by the Indian government over the past year, which has included variations of a government-led multilateral approach and a broader multistakeholder approach.

There’s more good news for Indian cybersecurity, with the establishment of a new Microsoft Cyber Security Engagement Centre last week. Microsoft selected the city of Gurgaon as the location for one of only seven such cyber security hubs worldwide. The centre is intended to stimulate public–private cooperation in the fight against cybercrime and increase cooperation amongst Indian businesses, government and academic organisations. Microsoft’s initiative will be run in collaboration with the National Cybersecurity Coordinator, as well as CERT-India, meaning it’s a great step forward for public–private partnership in India.

It seems that everybody is interested in the US Presidential race, with the Democratic National Committee’s networks suffering a breach at the hands of Russian hackers. The two groups involved were reportedly removed from the system by Crowdstrike over the weekend, after several months of clandestine activity. The intrusion focused on internal staff communications and opposition research on Donald Trump, disregarding the personal information of donors, suggesting motivations of espionage rather than financial cybercrime. This, paired with the ongoing issue of Clinton’s email server, leaves Democratic cybersecurity wanting.

The UK House of Commons passed the contentious Investigatory Powers Billlast week, licensing the government to collect bulk data on the online activity and smartphone use of Brits. The first cut of the surveillance bill, rejected after it elicited strong private sector objection, required businesses to increase their retention of customer data and help law enforcement undermine encrypted communications. Facebook, Google, Microsoft, Twitter and Yahoo released a joint submission outlining their concerns last December, specifically in reference to ‘obligations relating to the removal of electronic protection applied by a relevant operator to any communication or data’. Clearly heeding the harsh industry feedback and attempting to avoid the mess of the Apple-FBI debate, the final version requires that companies overcome encryption measures only if it’s reasonable in terms of cost and technology. However, these amendments haven’t satisfied critical civil rights and privacy advocates, who refer to this bill as the ‘Snooper’s Charter’, and who will likely wait with baited breath to see if the legislation is passed by the House of Lords later this year.

European privacy is a hot topic this week, with Germany fining three companies for transferring data under the auspices of an overturned privacy law. As we’ve covered previously, the Safe Harbour agreement supported the transfer of EU data across the Atlantic by US companies, based on self-regulation. This agreement was deemed invalid by the European Court of Justice last October, making such data transfers illegal. This week, Adobe Systems, PepsiCo subsidiary Punica, and Unilever have been slapped with fines totalling €28,000 for failing to establish an alternative method of cross-border data transfer. The Hamburg Data Commissioner stated that ‘the data transfer of these companies to the USA was thus without any legal basis and unlawful’.

Agenda for Change 2016: the strategic agenda

Image courtesy of Flickr user Eiigenberg Fotografie

This piece is drawn from Agenda for Change 2016: strategic choices for the next government.

In the August 2013 version of Agenda for Change, I suggested four big reforms for the incoming government:

  • Develop a global rather than Asia-centric foreign policy focus, set it out in a new Foreign Policy White Paper and increase Department of Foreign Affairs and Trade (DFAT) funding by $100 million a year by reducing AusAID funding.
  • Return order and consistency to defence planning by reconciling ambitious equipment plans with budget realities.
  • Rethink approaches to cybersecurity by committing to a Cyber Security White Paper within 12 months of taking office, and boost cyber policy and decision‐making capabilities.
  • Take a more disciplined approach to using the cabinet for decision-making. Rethink the roles of junior ministers and strengthen the use of parliament to help produce better quality policy.

As we approach the 2016 election, how did my recommendations fair over a tumultuous first term for the Coalition government? I’ll claim one ‘half done’ reform, two substantially implemented and one that didn’t even make it out of the gate.

The foreign policy recommendation stands as ‘half done’ in my view. The government has clearly adopted a more global as opposed to an Asia-focused foreign policy. While the tone has changed, Tony Abbott and Malcolm Turnbull both championed closer Australian engagement with Europe, partly because of the need for closer counterterrorism cooperation, partly to diversify economic interests as Chinese growth slowed. It wasn’t coincidental that Germany was an early visit destination for Malcolm Turnbull, given his commitment to innovation and new ideas driving economic growth. There’s been a remarkable increase in cooperation with European countries on intelligence, defence and counterterrorism matters, and the decision to buy a French-designed submarine will transform that bilateral relationship as we learn to deal with a French ‘parent navy’.

Government continues to put priority on military operations in the Middle East and on the US alliance, and has shown refreshing interest in emerging relationships in Africa (minus an effective aid program, though) and Latin America. It turns out that Australia can take a more global approach and still keep the closest engagement with Asia. This isn’t an ‘either/or’ choice, even though many foreign policy ‘Asia only’ advocates insist that it is.

Implementing a grown-up, globalised foreign policy is a signal achievement for Foreign Minister Julie Bishop, who has managed to increase Australia’s foreign representation overseas—the first such growth of overseas missions in more than 20 years. Bishop has also affectively linked Australian aid priorities towards broader foreign policy goals by bringing AusAID into DFAT. She has also made effective use of multilateral institutions and promoted quality people-to-people linkages through her New Colombo Plan training scheme.

With those successes, it’s puzzling that government hasn’t committed to a new Foreign Policy White Paper. Julia Gillard’s Asian Century White Paper was rightly committed to the electronic archives, but nothing credibly and crisply sets out the government’s foreign policy priorities has replaced it. It should be an easy task for a returned Coalition government to develop such a policy statement. Diplomacy without the underpinnings of an articulated strategy is a bit like improvised theatre: creative, but soon forgotten. If Julie Bishop stays as Foreign Minister, she should tell us in a White Paper what the government’s foreign policy stands for. A Labor government should want to do the same. Tanya Plibersek as foreign minister will need to set out her own thinking on foreign policy priorities, establish lines of continuity to past Labor approaches and work out what policy settings from the past three years to keep and what to change.

Of my other suggestions, the cyber policy statement was released in April 2016. Better late than never, although delaying such a paper for years hardly suggests that the bureaucracy ‘gets’ the need for speed in dealing with the fast-changing cyberworld. The policy is solid, and unexpectedly revealed that Australia maintains a capacity to mount ‘offensive’ cyber operations. In a difficult fiscal environment, money has been found to support closer engagement between government and the business community on cyber matters. Expectations of further policy development in that area are high, particularly given Turnbull’s deep understanding of telecommunications. The need for a strong cyber policy and better whole-of-government implementation is greater now than three years ago, so rapidly is the area developing.

The 2016 Defence White Paper fully delivers on the recommendation to align Defence equipment plans with budget realities. Both the government and the opposition remain committed to lifting defence spending to 2% of GDP. The White Paper is better costed than all its predecessors. Via a circuitous path, the government has finally landed on a long-term commitment to continuous shipbuilding in Australia, so we can finally pack away the wet dreams of dry zealots about shipping defence industry offshore. Of course, the believability of the 2016 DWP is tied to the government’s spending commitment in what we all know is a worsening budgetary situation. But what policy isn’t tied to future spending decisions? At least the White Paper will show us when future governments change course.

As for my final recommendation about government taking a more disciplined approach to using cabinet for decision-making … well, what could I have been thinking! Readers wanting to see how far I was off the mark should consult Laura Tingle’s Quarterly Essay, ‘Political amnesia’, Niki Savva’s book, The Road to Ruin and a slew of memoirs from Labor’s shell-shocked casualties of the Rudd–Gillard–Rudd era to see how disastrously cabinet government has run off the rails. Blame the 24/7 media cycle. Blame battalions of staffers relentlessly texting each-other. Blame tweeting internet trolls, twerking populists and ranting radio shock jocks. Blame a ‘responsive’ rather than a thoughtful Australian Public Service. Just don’t expect a return to the calm nostrum that good process makes good policy.

At worst, the future of public policy looks more like Donald Trump than John Howard. That should profoundly worry anyone who cares about the idea of government producing considered policy. It remains true the best way forward for government is the intelligent use of cabinet processes, the orderly working of parliament and its committees and a public service with spine and a commitment to policy excellence rather than just ‘issue management’. An explicit and believable commitment to return to methodical policy development should be the most fundamental policy goal for any future Australian Government.

Beyond completing, or indeed starting, on the policy objectives outlined above, I suggest four big national security goals for the Australian Government after the 2016 election:

  •        Step up efforts to defeat Islamic State in Iraq.
  •        Modernise how we manage our alliance with the US.
  •        Prepare the ground for submarine nuclear propulsion.
  •        Promote a defence export base for industry.

None of those tasks is necessarily easy, and all are potentially controversial. Hence the need for careful policy preparation, a focus on explaining a public case for each initiative and a commitment to making each initiative as bipartisan as possible.

Defence confronts the Media Age (part 3)

Image courtesy of Flickr user Tom Small

The communications demands of the Media Age are so diverse and complex that only a simple answer will suffice.

This is back-to-basics meets back-to-the future. Head to the bedrock of first principles while everything else in the Media Age goes into the flux capacitor.

Express the essence in six words: speak truth, always. Speak fast, always.

Maximum truth. Maximum speed. Always. Hyphenate the motto to show how the two concepts merge: truth-with-speed.

Truth up front, but speed nearly as important. The Media Age puts a rocket under the adage that a lie dashes round the world while truth is still pulling on its trousers.

Truth-with-speed sounds simple—a motherhood sentiment. But Defence’s default settings—and those of the Minister’s office—pull in the opposite direction.

The control imperative means the Minister and Defence want command over what truth is given and when and how; truth and speed are subject to ministerial approval! The current motto reads: defined truth, carefully decided, delivered slowly.

If Canberra embraced truth-with-speed it would alter the level and detail of Ministerial control over Defence’s release of information on operations. And it would force Defence to think more clearly about what to conceal and what must be done in the open. Those are big asks, challenging a lot of culture.

As a former Defence insider commented: ‘I think the aim of the game really was keeping the troops silent and preventing whistle blowers, rather than the Media as such.’

Truth-with-speed would strike at a lot of Defence boundaries.

How much truth can Canberra manage? The system understands—in theory—the benefits of openness.

Releasing the Cyber Security Strategy last month, Prime Minister Malcolm Turnbull pledged to be more explicit about cyber-crime successes and failures and hack attacks:

‘Only by acknowledging, explaining and analysing the problem can we hope to impose costs on perpetrators and empower our private citizens and government agencies and businesses to take effective security measures.’

The PM’s new cyber-security advisor, Alastair MacGibbon, recently posed the dilemma:

‘The question is how open a government can be about cyber-security without causing further damage and without hanging out all the government’s crown jewels?’

Across all the terrain of the Media Age, a balance has to be struck and tough choices confronted about where to draw the lines.

A good start is to be clear about the crown jewels. And separate those jewels from mere convenience or embarrassment or stuff up or political plays and bureaucratic comfort.

The distinction is between jewels and tawdry trinkets.

The need for truth-with-speed is accelerating as terrains merge. Rather than treating social media and traditional Media as different entities, see them as a continuum running right across the communications landscape. The borders evaporate.

You can’t have one message for a domestic audience and a different message for an international audience—they are one audience. And you have to give the Digital Citizen what once was reserved for journalists.

The hacks no longer control the news. Governments direct less of the information. Give the Press what you should give the People: hacks and Digital Citizens must be treated as equals, because in this new terrain they are the same. Truth-with-speed for all.

Technologically, new media are transformative, but many of the military-media issues recur: Exclude versus Engage; Control versus Communication.

Old lessons matter, even as the lines blur. The military instinct to control, censor and shut out is antediluvian in the Media Age.

Time to relearn some hard-won lessons about the relationship between journalists and the military—then apply them to lots of new players.

Here are three principles for use in the Media Age.

The prime directives draw on recommendations offered 30 years ago by the Centre for Journalism Studies, University College, Cardiff, in a study commissioned by Britain’s Ministry of Defence after the media policy shambles (and scrambles) of the Falklands War.

So the basic principles aren’t new, just hard to do. The burden of truth-with-speed is in the doing, not the pledging.

The prime directives of truth-with-speed:

  1. The Government promises as a core commitment to give Australians (and all other Digital Citizens) as much information as possible about ADF operations as quickly as possible. The ADF should be charged with fully meeting this promise to always deliver maximum truth with maximum speed. The principle will apply in peace and war.
  2. The automatic responsibility is always to give as much information as possible, whether that news is good or bad. This is the default setting and the basic rule—not just a declared principle. The working assumption must be that information should be released, not that it should be withheld.
  3. Secrecy and partial release of information for operational security must be reviewed constantly. Defence must detail the categories of information regarded as ‘crown jewels.’ What’s to be kept secret and—broadly—why? Defence should report regularly to Parliament on how it’s meeting the responsibility for maximum disclosure.

Much would change if these became the driving principles.

For instance, the ‘Defence Instructions (General) on Public Comment and Dissemination of Information by Defence Members’ obsesses that any release of information must be ‘coordinated, agreed and authorised.’

The DI(G) would be turned on its head. Having clearly defined the crown jewels (what is to be secret), everything else would be authorised. The default setting can’t be that everything is secret unless decided otherwise.

Defence would expect the facts to be told fully and quickly. And the job would be done by those closest to the facts.

The strategic corporal would be joined by the Lieutenant who can speak and the Captain who can confirm and the Major who can explain, and so on up the line.

Instead of the Canberra-centric mantra of coordinated and agreed, this would be decentralised. When the ADF was in the field, the facts would come from the field. The Digital Citizens will report from the front, so should the ADF.

The Afghanistan lesson is to tell a lot more and the Media Age demand is to tell it quickly.

Defence would get confronting freedoms. Let off the ministerial leash, Defence would have to speak more openly and honestly about what it is and how it works.

Cyber wrap

Encryption

In an interesting turn of events, it appears that the 2014 Sony hack, February’s Bangladeshi bank heist and the attempted breach of a Vietnamese bank last year may all be linked. Vietnam’s Tien Phong Bank released a statement over the weekend saying it disrupted an attempted cyber heist valued at US$1.1 million at the end of last year. The thwarted incident and the breach of Bangladesh’s central bank in February are both thought to have targeted SWIFT, the central network for global financial transactions, with fraudulent transfer requests. SWIFT’s CEO has denied claims that vulnerabilities in the payment network facilitated the Bangladesh heist, with the company releasing a statement arguing that PDF-targeting malware was used to initiate fraudulent bank transfers. However, security firm BAE has just published a blog highlighting the ‘strong links’ between the methods used in those two bank incidents and the infamous hack of Sony Pictures in 2014. The similarities suggest that these events are part of a broader campaign that could be traced back to a single group of hackers.

To counter such breaches in the future, IBM’s super computer, Watson, is now being trained to combat cybercrime. The computing system already excels in many areas, including healthcare, cooking, finance, customer service and playing Jeopardy. IBM describes Watson as ‘a technology platform that uses natural language processing and machine learning to reveal insights from large amounts of unstructured data’. Now, eight universities across the US will be part of the effort to expand Watson’s knowledge on the topic of cybercrime. IBM will provide Watson with 15,000 annotated security documents per month, and expects it to attain an expert level of understanding of the cybersecurity landscape and the ability to monitor large scale trends, as well as the ability to detect potential threats. Watch a video explaining the process here.

The US Senate has asked President Obama to develop a national definition of cyberwar. Republican Senator Mike Rounds has proposed the Cyber Act of War Act 2016, which would ‘require the President to develop a policy for determining when an action carried out in cyberspace constitutes an act of war against the United States, and for other purposes’. Rounds’ suggestion has raised criticism, including this CFR article that describes the bill as ‘an ill-conceived proposal that deserves to die, quickly, in Congress’.

The US Department of Commerce’s National Telecommunications and Information Administration (NTIA) has published new research revealing that the ongoing encryption debate is eroding public confidence in the safety of the Internet. A survey of 41,000 households in the US revealed that nearly one in two individuals report that privacy and security concerns now prevent them from doing even simple things online. NTIA has raised concerns that this significant loss of trust may ‘reduce economic activity and hamper the free exchange of ideas online’, a trend that could be reversed by encouraging broad use of strong encryption technologies.

Last Wednesday, Chinese and US officials met in DC to discuss cyber issues for the first time since establishing some common cyber principles as part of a broader bilateral agreement in September last year. The first iteration of the new Senior Experts Group,  included US representatives from the US Department of State, Department of Defense, and Department of Homeland Security, with Chinese representatives from the Ministry of Foreign Affairs, Ministry of National Defense, Cyberspace Administration of China, and the Ministry of Public Security. According to the Chinese Foreign Ministry’s spokesperson, the discussions took place in a ‘positive, in-depth and constructive way, touching upon norms for state behaviour and cyberspace-related international law and confidence-building measures’. The group is expected to meet twice a year, and represents an improvement of bilateral cyber relations after China withdrew from a similar initiative in response to the US indictment of five Chinese military officers in 2014.

Unfortunately, it’s not all good news in Sino–US cyber relations. The recent release of US Defense Department’s annual report to Congress, Military and Security Developments Involving the People’s Republic of China, offers a critical assessment of Chinese cyber posturing. It re-issues accusations of China’s attempts on US government networks, describing the use of ‘cyber capabilities to support intelligence collection against the US diplomatic, economic, and defense industrial base sectors that support US national defense programs’. Chinese Defence Ministry spokesman Yang Yujun denounced the report as having ‘deliberately distorted’ Chinese defence policies, while Chinese Foreign Ministry spokesman Hong Lei described it as ‘full of prejudice against China’. At the same time, The New York Times is reporting that Chinese authorities have been secretly reviewing the security features of tech products sold in China by overseas companies. The assessments are supposedly run by a committee within the Cyberspace Administration of China and are expected to create a ‘new front in an already tense relationship with Washington over digital security’.

Lastly, please join us in a moment of silence to honour the timely death of CSI: Cyber. Ok, that’ll do.