Digital China: Has Australia been spooked?
Australia needs clear heads, objective analysis and confidence-building measures to manage its cyber relations with China.
In May 2019, former prime minister Paul Keating claimed that the current hostility to China from the Australian government arose because “nutters” were in charge of the country’s intelligence agencies. His statement was both inappropriate and incorrect. But the country at large has clearly been spooked by several things that China is doing. The agencies need to do more in public to help the country navigate these challenges in a calm and considered way.
Digital China has become a major determinant of international order in Asia. Old questions about “peaceful rise” and naval power have been supplanted by urgent and unanswered questions about entanglement in cyberspace, about cyber power, and about latent Chinese potential for sabotage of global telecommunications. Fear and uncertainty about things that might happen in cyberspace have replaced an earlier confidence about an order premised on more tangible, more conventional measures of power and influence. The old order was a place where China was still seen as rising but not yet dominant. The new order is, for some parties at least, about urgently preventing China from becoming dominant in cyberspace.
Fears of digital China can be traced to the rise in its international cyber espionage documented most fully (in public at least) by agencies of the US government and private corporations beholden to it. The issue took on new prominence in 2011 when the US National Counter Intelligence Executive reported on commercial cyber espionage against that country, naming China as the leading antagonist.
By 2013, US anxiety reached new heights when the National Security Adviser, Thomas Donilon, issued unprecedented public demands on China to cease and desist. The espionage issue has remained very prominent in global diplomacy, with President Donald Trump declaring China’s continuing theft of intellectual property as one foundation for his declaration of a trade war with that country in 2018.
In Australia, the espionage concerns played out in a decision by the former Labor Prime Minister Julia Gillard in 2012 to block the Chinese company Huawei from bidding for work or a supply relationship in the National Broadband Network.
By 2018, the concerns over cyber espionage were augmented, at least in the case of the US and Australia, by heightened concerns over sabotage as countries around the world pondered the implications of possible involvement of Huawei in deployment of 5G technologies in national communications systems. (Huawei systems already occupy a strong market position internationally in 4G networks.) The US and Australia now agree that the Chinese company should be excluded not just because of long standing concerns about espionage but because of the potential risk of sabotage in a political crisis.
Moreover, the two close allies are collaborating in a global campaign, directed in part at equally close allies (the UK and Canada), to bring their positions into line with the US and Australian one. The division within the Five Eyes intelligence alliance was around the issue of whether it made sense to try to build a globally secure 5G system at the same time as excluding the world’s second biggest national economy and a world leading technology provider from it.
Battle lines drawn
While all parties – China, the US, Australia and allies – pressed on for a continuation of mutually beneficial trade and investment, by 2018 new battle lines were firmly put in place by the US alliance and like-minded countries. Many such countries (22 in all) agreed to a policy of diplomatic retaliation against what they saw as unacceptable and unabated malicious activity in cyberspace by China. These countries agreed on a new “axis of cyber evil”: China, Russia, Iran and North Korea. This policy, labelled “persistent engagement” and originating in the US, provided a mechanism for early and joint public attribution by the coalition of major cyber attacks and for public and joint diplomatic protest to the countries concerned over the activity. The policy was augmented by the Cyber Deterrence Initiative, also US-led, which involves retaliatory attacks (in cyberspace and in non-cyber fields) by the US and other allies in response to specific cyber attacks from the cyber axis powers.
The shift to a more robust position on cyberspace retaliation by the US, Australia and allies was facilitated by four strategic circumstances. The first was the US policy of rebalance, which saw the Americans refocus on Asia as a major theatre of strategic competition. The second was growing alarm over maritime and military affairs in Asia because of tension along most of China’s ocean frontier, especially its massive island building on features in the South China Sea it had occupied for more than two decades. Third, China’s ruthless application of advanced information technologies to support escalating domestic repression has tainted all forms of information and communications technology (ICT) collaboration with the country. Fourth, there has been the growing sense of lawlessness in cyberspace. Western allies have been painting China, North Korea, Iran and Russia as major villains. For their part, Russia and China have publicly declared their sense that the West is using cyberspace to undermine their domestic political order. They like to remind the world of the revelations of Edward Snowden about massive cyber espionage by the US. By the end of 2016, despite agreement one year earlier in the United Nations Group of Governmental Experts on possible voluntary norms for security in cyberspace, that consensus had already collapsed. A military arms race in cyberspace became the dominant dynamic and it was overlain with alarm around information warfare in the broader sense, as evidence of Russian cyber interference in the US election mounted.
Misunderstanding China’s cyber power
The sharp contours of the escalating conflict have fostered sensationalist rhetoric and crowded out more subtle analyses of the emerging realities. On close examination, China is not holding a strong hand. It wants to win, or at least score highly, in cyber competition but it simply is not holding the right cards. As documented in my 2018 book Cybersecurity in China, the country has a weak cyber industrial complex and its universities have proven unable to turn out qualified professionals in the very large numbers needed for a diverse array of advanced cyber skills. The country’s cyber security workforce deficit has been estimated by Chinese authorities to reach 1.4 million people by 2020.
A missing link in our knowledge of China’s cyber scene is just how much it depends on foreign technology and foreign workers (working offshore) for its capability. We do know that the Chinese government will have to rely for years to come on Microsoft for the front-line security of the majority of its official desktop computers. The US-based company won a contract to supply Windows 10 for Government (Chinese) as part of a joint venture with the China Electronics Technology Corporation (CETC). The Microsoft announcement in 2017 should be essential reading for anyone wanting to understand the deep penetration of US technology and specialists in China’s cyber ecosystem.
In spite of its undoubted cyber offensive capability for espionage, China is weak in defence in this domain. My book references many analyses from Chinese sources that bear out this judgement. Moreover, capability for cyber espionage is child’s play compared with what is needed for sustained military engagement in cyberspace in a political crisis. The environment will be characterised by multi-vector, multi-wave, multi-theatre cyber attacks directed at military and civilian targets. In this field, the US (supported by its allies) stand head and shoulders above China. An easy reference point for this comparison lies in the field of the C4ISTAR systems of the two sides.
C4ISTAR is the acronym for Communications, Computers, Intelligence, Surveillance, Targeting Acquisition and Reconnaissance, which in short is the “brain” of the Americans’ war fighting capability — be it for kinetic operations alone or for combined cyber and kinetic operations. But even a minute of reflection on the term should reveal the fact that there is almost zero kinetic activity in the military sphere that is not dependent on cyber military survivability of the C4ISTAR systems. A state whose armed forces cannot defend themselves well in cyberspace (including the systems in outer space supporting such defence) will be at the mercy of the awesome offensive cyber military power of the US and its leading cyber allies. According to a 2019 US Air Force report, the US has ten times as many communications satellites as China and three times as many intelligence, surveillance and remote sensing satellites.
Chinese leaders fully appreciate the country’s weaknesses and vulnerabilities in cyberspace (and outer space). But they face several big dilemmas in framing an international policy that can help them compensate for their weaknesses while not surrendering on core policy positions on the domestic front, especially enhanced surveillance and escalating political repression.
Restorative diplomacy
The discussion above paints a confusing picture. On the one hand, China looks increasingly like a belligerent actor believing that it can test the patience of the liberal Western democracies because it has new-found economic and conventional military power. On the other hand, its leaders know that it is profoundly disadvantaged in key areas of capability in cyberspace. In classic political science terms, such a dichotomous reality would seem to suggest either an imbalance of political power among the ruling elites (a leadership split) or an underlying sense of fragility about their hold on government, or a combination of both.
Any strategy for restorative diplomacy with China on cyberspace issues, including a more accommodating position toward companies like Huawei, would have to be framed against that consideration of political fragility within China – while holding the line on deterrence of malicious activity.
Moreover, in practical terms, the emotional and political taint that now affects Australia’s relations with digital China, and companies like Huawei, makes restorative diplomacy almost impossible. The antagonism is being fuelled by the cruel reality of the Chinese government’s escalating domestic repression using cyber means, and because of exaggerated perceptions of massive gains by China from its theft of intellectual property by cyber espionage. Whether well-founded or not, attitudes in the US toward China’s activity in cyberspace are now almost as outraged as they were in response to the Soviet invasion of Czechoslovakia in 1968 or China’s massacre of students in Tiananmen Square 1989. And Australia has been swept up in that American cyber outrage in a way that Britain and Canada have not.
At the level of national foreign policy, it would seem almost impossible for Australia to consider more collaborative relations with China in cyberspace affairs unless and until the latter desists from its most egregious malicious activity. Not much will change as long as Australian elites continue to accept uncritically the sensationalist rhetoric and exaggerated claims about the impacts of digital China on the country’s national security.
Even corporations and scholars are becoming increasingly locked-in to non-collaborative positions when it comes to digital China. The hostile public mood has been stoked by Clive Hamilton’s 2018 book, Silent Invasion, which is premised on that author’s false (and ludicrous) claim that “China plans to dominate the world.” But the mood has also been set by a government intent on finding any excuse for new national security legislation for electoral gain. The leaders of this government appear to have lost sight of the enduring authoritarian character of China’s government and it seems they were never schooled in the decades long history of China’s interference in Australia, most of it marginal and unsuccessful.
The latest driver of this anti-China cyber hysteria is the executive order signed by Trump on May 15 this year. The decree calls out sabotage as the main cyber threat in peacetime from foreign states, and declared a cyber national emergency, the third such emergency decreed by a US President in less than four years.
Most importantly, the executive order includes provisions for the US to ban all ICT trade with any country labelled as an adversary by the President. The order places a complete ban on US companies or individuals conducting future business of any kind with foreign ICT corporations from a country the US administration has formally declared to be an adversary. The order also makes it clear that banned products and services will be any that are “supplied by persons owned by, controlled by, or subject to the jurisdiction or direction of foreign adversaries.”
At the time the order was signed, it was unambiguously directed at China, even though the country was not named. Within days, several leading corporations globally had begun to curtail links with China, including in discussions about 5G technical standards.
What would have been less visible during those early days is the high degree of agitation against the White House order by leading US tech companies who have staked much of their future growth on China and by leading banks which depend on continued ICT cooperation with China for basic cyber security of inter-bank transfers.
A détente is clearly needed in Australia-China cyberspace relations. But confidence building measures, such as Track 1.5 dialogues, will be useless unless China is prepared to scale back its malicious activity in cyberspace and its cyber-enabled domestic repression. On the Australian side, we need more balanced analysis which can only be achieved by boosting our expertise in China’s politics and economy and giving greater respect to the views of global leaders in research in those fields. Conflict is still escalating. We need clear heads and objective analysis.