The Australian government has said there will be consequences for states breaking international norms in cyberspace, and is prepared to take "military measures" in response to malicious cyber attacks.
Launching Australia's first International Cyber Engagement Strategy this morning, Foreign Minister Julie Bishop said a number of states were testing the limits of what is permissible.
“Cyberspace is not an ungoverned space. Just like in the physical domains, states have rights but they also have obligations. Existing international law applies to states' conduct in cyberspace, complemented by agreed norms of responsible state behavior,” she said.
“Increasingly, states are testing the boundaries of what is and isn't acceptable in cyberspace. Australia will cooperate with its international partners to deter, mitigate and attribute malicious cyber activity by criminals, state actors and their proxies, including those that seek to interfere in the internal democratic processes of states,” she added.
Bishop will seek “high-level reaffirmations” from heads of state that they will work within international law when it comes to cyber activity.
If hit by malicious cyber activity, the strategy explains that Australia could respond with “law enforcement or diplomatic, economic or military measures”, which could include “offensive cyber capabilities that disrupt, deny or degrade the computers or computer networks of adversaries”.
The document says the country has the capability to attribute malicious cyber activity to "several levels of granularity" down to specific states and individuals.
In April, the government first acknowledged that Australia possesses an “offensive cyber capability” that can be drawn upon when responding to attacks on the nation’s networks. In June, the Australian Signals Directorate was cleared to use its offensive cyber capabilities to target “
Australian Defence Force rules of engagement and consistent with international laws.
The strategy also calls for “greater candidness” from other states in the relation to the military use of offensive cyber capabilities.
“Just as more and more states are embracing the opportunities of cyberspace to improve service delivery and drive economic growth, it is unsurprising that more and more states are exploring military applications of cyberspace,” the document states.
“In and of itself this is not a concern – provided that states acknowledge that military activities in cyberspace are governed by the same sets of rules as military activities in the physical domains,” it adds.
As part of the strategy, Australia will also seek to create an architecture for cooperation between allies to respond to “unacceptable behaviour in cyberspace” quickly and within international laws.
Australia already engages in cyber policy and cyber security discussions with countries including Canada, China, India, Indonesia, Japan, New Zealand, the Republic of Korea, the United Kingdom and the United States, the strategy states.
The strategy was authored by Ambassador for Cyber Affairs, Tobias Feakin.
Feakin’s role, and the formation of the international strategy, was set out in the government's $230 million 2016 Cyber Security Strategy to prioritise and coordinate Australia's engagement on cyber issues on the world stage.
The document covers commercial opportunities for Australian businesses with respect to cyber security, how to "support a free, open and secure Internet" worldwide, the protection of human rights and democracy online and the use of digital technologies in international development.
“Australia's interests in cyberspace are diverse and interconnected: from capturing the economic prosperity promised by digital trade and technology enabled-development, to securing Australia from the threat of cybercriminals and preserving stability in cyberspace,” Feakin said today.
“All of our efforts, both globally and regionally, will be delivered in partnership. We will combine the unique and complementary skills of other countries, the private sector, civil society and the research community,” he added.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.