Quad Technology Business and Investment Forum outcomes report

The Quad has prioritised supporting and guiding investment in critical and emerging technology projects consistent with its intent to maintain a free and open Indo-Pacific.

Governments cannot do this alone. Success requires a concerted and coordinated effort between governments, industry, private capital partners and civil society.

To explore opportunities and challenges to this success, the Quad Critical and Emerging Technology Working Group convened the inaugural Quad Technology Business and Investment Forum in Sydney, Australia on 2 December 2022. The forum was supported by the Australian Department of Home Affairs and delivered by the Australian Strategic Policy Institute (ASPI).

The forum brought together senior Quad public- and private-sector leaders, laid the foundations for enhanced private–public collaboration and canvassed a range of practical action-oriented initiatives. Sessions were designed to identify the key challenges and opportunities Quad member nations face in developing coordinated strategic, targeted investment into critical and emerging technology.

Attendees of the forum overwhelmingly endorsed the sentiment that, with our governments, industry, investors and civil society working better together, collectively, our countries can lead the world in quantum technology, artificial intelligence, biotechnology and other critical and emerging technologies.

This report reflects the discussions and key findings from the forum and recommends that the Quad Critical and Emerging Technology Working Group establish an Industry Engagement Sub-Group to develop and deliver a Quad Critical and Emerging Technology Forward Work Plan.

State-sponsored economic cyber-espionage for commercial purposes: tackling an invisible but persistent risk to prosperity

As part of a multi-year capacity building project supporting governments in the Indo-Pacific with defending their economic against the risk of cyber-enabled theft of intellectual property, ASPI analysed public records to determine the effects, the actual scale, severity and spread of current incidents of cyberespionage affecting and targeting commercial entities.

In 2015, the leaders agreed that ‘no country should conduct or support ICT-enabled theft of intellectual property, including trade secrets or other confidential business information, with the intent of providing competitive advantages to companies or commercial sectors.’

Our analyses suggests that the threat of state-sponsored economic cyberespionage is more significant than ever, with countries industrialising their cyberespionage efforts to target commercial firms and universities at a grander scale; and more of these targeted industries and universities are based in emerging economies.

“Strategic competition has spilled into the economic and technological domains and states have become more comfortable and capable using offensive cyber capabilities. Our analysis shows that the state practice of economic cyber-espionage appears to have resurged to pre-2015 levels and tripled in raw numbers.”

In this light, we issued a Briefing Note on 15 November 2022 recommending that the G20 members recognise that state-sponsored ICT-enabled theft of IP remains a key concern for international cooperation and encouraging them to reaffirm their commitment made in 2015 to refrain from economic cyber-espionage for commercial purposes. 

This latest Policy Brief, State-sponsored economic cyber-espionage for commercial purposes: tackling an invisible but persistent risk to prosperity, further suggests that governments should raise awareness by better assessing and sharing information about the impact of IP theft on their nations’ economies in terms of financial costs, jobs and competitiveness. Cybersecurity and intelligence authorities should invest in better understanding the extent of state sponsored economic cyber-espionage on their territories.

On the international front, the G20 and relevant UN committees should continue addressing the issue and emphasising countries’ responsibilities not to allow the attacks to be launched from their territories. 

The G20 should encourage members to reaffirm their 2015 commitments and consider establishing a cross-sectoral working group to develop concrete guidance for the operationalisation and implementation of the 2015 agreement while assessing the scale and impact of cyber-enabled IP theft.

State sponsored economic cyberespionage Briefing note
Defending against cyber IP theft Project flyer

China’s messaging on the Ukraine conflict

In the early days of Russia’s invasion of Ukraine, social media posts by Chinese diplomats on US platforms almost exclusively blamed the US, NATO and the West for the conflict. Chinese diplomats amplified Russian disinformation about US biological weapon labs in Ukraine, linking this narrative with conspiracy theories about the origins of COVID-19. Chinese state media mirrored these narratives, as well as replicating the Kremlin’s language describing the invasion as a ‘special military operation’.

ASPI found that China’s diplomatic messaging was distributed in multiple languages, with its framing tailored to different regions. In the early stage of the conflict, tweets about Ukraine by Chinese diplomats performed better than unrelated content, particularly when the content attacked or blamed the West. ASPI’s research suggests that, in terms of its international facing propaganda, the Russia–Ukraine conflict initially offered the party-state’s international-facing propaganda system an opportunity to reassert enduring preoccupations that the Chinese Communist Party perceives as fundamental to its political security.

Artificial intelligence: Your questions answered

This collection of short papers developed by the Australian Institute for Machine Learning (AIML) at the University of Adelaide and the Australian Strategic Policy Institute (ASPI) offers a refreshing primer into the world of artificial intelligence and the opportunities and risks this technology presents to Australia.

AI’s potential role in enhancing Australia’s defence capabilities, strengthening alliances and deterring those who would seek to harm our interests was significantly enhanced as a result of the September 2021 announcement of the AUKUS partnership between the US, the UK and Australia. Perhaps not surprisingly, much public attention on AUKUS has focused on developing a plan ‘identifying the optimal pathway to deliver at least eight nuclear-powered submarines for Australia’.

This AIML/ASPI report is a great starting point for individuals looking to better understand the growing role of AI in our lives. I commend the authors and look forward to the amazing AI developments to come that will, we must all hope, reshape the world for a more peaceful, stable and prosperous future.

University of Adelaide, Australian Institute for Machine Learning - logo

.auCheck: A free website and email security check tool

Today, the Australian Strategic Policy Institute (ASPI), in collaboration with the .au Domain Administration (auDA), is launching .auCheck‘: a free tool that helps users check their website, email and internet connection for use of the latest and most secure internet standards.

Standards form the technical heart of the internet and are fundamental to the security, reliability and resilience of websites and email communication. As these standards develop over time, it is crucial to remain up-to-date.

Checking if a website and email are set up correctly can be quite difficult; that’s why .auCheck was created. Its aim is to empower users, in particular Australian small businesses, to ask the right questions and choose the right level of services from their providers, including adequate security settings.

.auCheck will enable users to have an informed discussion with their IT support, internet service provider, domain registrar, web hosting company or IT contractor to improve the security standards of their website, email or internet connection and facilitate the adoption of best practice internet standards.

Standards that are checked by the .auCheck tool include:

  • Encryption methods (to ensure the secure transfer of information over the Internet);
  • Ways to authenticate website and mail servers (to ensure internet users are dealing with genuine website and email accounts);
  • Security of domain names (to allow domain names to be verified);
  • Security of website applications (to prevent insertion of malicious code or unauthorised access);
  • Protection against phishing through email from fake accounts.

Following the test, .auCheck offers users advice on additional steps they can take to bring their website and email domains up-to-standard.

Fergus Hanson, Director of ASPI’s International Cyber Policy Centre, believes .auCheck will be a valuable practical contribution to the work Australian governments, industry and internet organisations are already doing to raise awareness of the need to be cyber secure.

We hope .auCheck will give Australian businesses practical advice to improve the security and reliability of their online presence. The tool also empowers every Australian to check for themselves the security of the websites they visit.

The idea for .auCheck came from discussions with international partners in the UK and the Netherlands who pioneered similar tools. We’re very grateful to the Dutch Internet Standards Platform and for the support of auDA which allowed us to develop .auCheck in a way that fits the Australian context.

auDA CEO Rosemary Sinclair AM said auDA was pleased to support the development of .auCheck, noting the tool will provide Australian small businesses and consumers with information to empower them, boosting their online confidence and uplifting security standards by working with their IT support professionals.

auDA research shows cyber security is the top concern among Australian internet users. However, many Australian internet users and small business owners are unsure where to find trusted information and advice on cyber security. The .auCheck tool provides a free, independent and plain language assessment of online security standards, and will help empower users to be more confident managing their cyber security.

Over time, the aggregated test results will deliver an understanding of the security standards being used by individuals, businesses and organisations in Australia.

You can access .auCheck here

Understanding Global Disinformation and Information Operations: Insights from ASPI’s new analytic website

ASPI’s International Cyber Policy Centre has launched the Understanding Global Disinformation and Information Operations website alongside this companion paper. The site provides a visual breakdown of the publically-available data from state-linked information operations on social media. ASPI’s Information Operations and Disinformation team has analysed each of the data sets in Twitter’s Information Operations archive to provide a longitudinal analysis of how each state’s willingness, capability and intent has evolved over time. Our analysis demonstrates that there is a proliferation of state actors willing to deploy information operations targeting their own domestic populations, as well as those of their adversaries. We find that Russia, Iran, Saudi Arabia, China and Venezuela are the most prolific perpetrators. By making these complex data sets available in accessible form ASPI is broadening meaningful engagement on the challenge of state actor information operations and disinformation campaigns for policymakers, civil society and the international research community

infoops.org.au

Producing policy-relevant China research and analysis in an era of strategic competition

This brief report explores the challenge of producing policy-relevant China research and analysis. Policy-relevant research is defined as work that drives action, affects decision-making, or both. It’s the kind of research think tanks seek to do, bridging the gap between academia and civil servants who work on policy.

This paper focuses on two key findings:

  1. There’s a distinction between conducting policy-relevant research and the process of disseminating it in a way that will effectively shape and influence the policy process in particular places by particular policy- and decision-makers. In practice, the difference between the two isn’t always clearly understood and perhaps not clearly taught.
  2. There’s limited training that prepares the China analytical community to deal with the challenges of producing policy-relevant research under conditions of restricted access to China. Researchers require more support in navigating the research environment and filling skill-set gaps.

The future of assistance to law enforcement in an end-to-end encrypted world

v

Domestic telecommunications companies assist law enforcement by the lawful interception of otherwise private communications when presented with a valid warrant.

This has been a powerful tool to combat crime. In the 2019–20 financial year, for example, 3,677 new warrants for telecommunications interception were issued, and information gained through interception warrants was used in 2,685 arrests, 5,219 prosecutions and 2,652 convictions. That was in the context of 43,189 custodial sentences in the same year.

But law enforcement and security officials assert that the usefulness of ‘exceptional access’, as it’s called in this paper, has declined over time as strong encryption has become increasingly common.

Australian Security Intelligence Organisation (ASIO) Director-General Michael Burgess has stated that encryption ‘damages intelligence coverage’ in 97% of ASIO’s priority counter-intelligence cases.

The problem of increasingly powerful encryption degrading the usefulness of exceptional access is often referred to as ‘going dark’.

The Australian Government has committed to the reform of Australia’s electronic surveillance legislative framework.5 Although its discussion paper mentions encryption only in passing,6 we can expect that encryption and going dark will be a topic of debate as reform is considered. This paper contributes to that debate by examining how firms that provide digital communications services can provide assistance to law enforcement even as strong encryption is increasingly common.

Although exceptional access is primarily concerned with evidence collection, it may be better in some cases to focus on crime prevention, when it comes to achieving society’s broader aim of safety and security. This may be especially true for serious offences that cause significant harms to individuals, such as child exploitation and terrorism.

Accordingly, in this paper I divide assistance to law enforcement into two broad types: 

  1. Building communications services so that criminal harm and abuse that occur on the service can be detected and addressed, or doesn’t even occur in the first place. Examples of harms that might be avoided include cyberbullying or child exploitation that occur online.
  2. Assisting law enforcement with exceptional access for crimes that are unrelated to the communications service. Examples of such crimes might include an encrypted messaging service being used to organise drug smuggling or corruption.

I start by exploring the justification for exceptional access and then examine how encryption has affected assistance to law enforcement, as well as the differences between transport encryption and end-to-end (E2E) encryption and the implications those differences have for law enforcement.

I examine encryption trends and discuss the costs and benefits of exceptional access schemes.

I then examine some of the approaches that can be used by service providers to provide these two different forms of assistance as E2E encryption becomes increasingly common. I also summarise some of the advantages and disadvantages of those different approaches.

A number of initiatives seek to embed safety and security into the design, development and deployment of services. They encourage industry to take a proactive and preventive approach to user safety and seek to balance and effectively manage privacy, safety and security requirements. Those initiatives have relatively few big-picture privacy or security drawbacks, but there are many issues on which there isn’t yet consensus on how to design platforms safely. Such initiatives may also need extensive resources for employee trust and safety teams.

Providing law enforcement access to E2E encrypted systems is very challenging. Proposals that allow access bring with them some potentially significant risks that exceptional access mechanisms will be abused by malicious actors.

Watch the launch webinar here.

Agenda for change 2022: Shaping a different future for our nation

In line with previous Agenda for Change publications from 2016 and 2019, this piece is being released in anticipation of a federal election as a guide for the next government within its first months and over the full term. Our 2022 agenda acknowledges that an economically prosperous and socially cohesive Australia is a secure and resilient Australia.

ASPI’s Agenda for change 2019: strategic choices for the next government did, to a great extent, imagine a number of those challenges, including in Peter Jennings’ chapter on ‘The big strategic issues’. But a lot has changed since 2019. It was hard to imagine the dislocating impacts of the Black Summer fires, Covid-19 in 2020 and then the Delta and Omicron strains in 2021, trade coercion from an increasingly hostile China, or the increasingly uncertain security environment.

Fast forward to today and that also applies to the policies and programs we need to position us in a more uncertain and increasingly dangerous world.

Our Agenda for change 2022 acknowledges that what might have served us well in the past won’t serve us well in this world of disruption. In response, our authors propose a smaller number of big ideas to address the big challenges of today and the future. Under the themes of getting our house in order and Australia looking outward, Agenda for change 2022 focuses on addressing the strategic issues from 2021 and beyond.

China’s cyber vision: How the Cyberspace Administration of China is building a new consensus on global internet governance

This report provides a primer on the roots of the Cyberspace Administration of China (CAC) within China’s policy system, and sheds light on the Chinese Communist Party’s (CCP) intentions to use cyberspace as a tool for shaping discourse domestically and internationally.

The report details the position of the Cyberspace Administration of China in China’s propaganda system. Considering its origins in the former Party Office of External Propaganda, the authors argue that ‘countries that lack comprehensive cyber regulations should err on the side of caution when engaging with the CCP on ideas for establishing an international cyber co-governance strategy.’

By assessing the CCP’s strategy of becoming a ‘cyber superpower’, its principle of ‘internet sovereignty’, and its concept of ‘community of common destiny for cyberspace’, this report seeks to address how the CCP is working to build a consensus on the future of who will set the rules, norms and values of the internet.

The report also examines the World Internet Conference – a ‘platform through which the CCP promotes its ideas on internet sovereignty and global governance’ – and its links to the CAC.

Translated versions of this report are also available in IndonesianMalaysianThai, and Vietnamese.
The translation of these reports has been supported by the U.S. State Department.