Text size: A A A

‘Pax Australis’ in the digital age: Redefining the Pacific security guarantee

By Nicholas Campton-Smith

We are in a new age of competition. The advance of digital spaces across physical, political, socio-cultural and economic structures challenges traditional understandings of sovereignty and national interest. The digital revolution exposes the growing prevalence and complexity of non-traditional security issues which complicate Australia’s traditional geopolitical and ideological approach to defining threats.

The digital revolution in the Pacific presents myriad opportunities for improving Australia’s engagement with the region for mutual benefit. Cyberspace enfranchises diverse communities, empowers economic participation, and offers pathways to address persistent developmental, humanitarian and climate crisis-induced challenges. Increased access to, use of, and control over digital spaces accelerates regional stability.

Simultaneously, increased connectivity further increases Pacific states’ risk of a range of sophisticated (and potentially devastating) cyber threats.

Australia is rightly invested in the ability of Pacific states to respond to these challenges. The Defence Strategic Review (DSR) and recent comments by foreign minister Penny Wong reiterate the criticality of a secure and stable Pacific region.

While undeniably welcome, these comments belie Australia’s current capacity to secure the cyber defences of our Pacific neighbours.

As a regional partner with longstanding links to our Pacific neighbours, Australia has demonstrated its commitment to the region, particularly in moments of crisis. In Bougainville, Timor-Leste, and Solomon Islands, we provided diplomatic, military, and policing support. In the face of recent humanitarian disasters —in Tonga, Vanuatu and Fiji— Australia responded with urgency. Australia’s commitment to Pacific security is more than words; it is demonstrable and decisive action.

But the Australian security guarantee to the Pacific has limited capacity to respond to a cyber contingency. We have neither the expressed intent nor legislative foundation to aid a Pacific partner in the wake of a serious cyber incident.

Notably though, the government is considering how to update the Defence Act 1903 to enable Australia to respond in a more flexible way to non-conventional, non-kinetic attacks. This provides an impetus for Australia to think seriously about how security assistance can be provided against cyberattacks existing in the grey zone beyond the threshold of conventional war.

The DSR also provides new, and welcome, immediacy to our conception of threat. Clear delineation of our sovereign interests and the means to secure them means Australia can act with greater purpose in the exercise and use of our Defence capabilities. It allows us the opportunity to redefine our interests in the Pacific; categorising cyberattacks as attacks on Pacific sovereignty affords greater latitude to ensure a stable and secure region.

Expanding Australia’s Pacific security guarantee to include cyberspace is both warranted and sound policy. A recent ransomware attack in Vanuatu crippled government services and operations for weeks. The volcanic eruption and tsunami in Tonga severed communications for a month. A sophisticated, targeted and sustained cyberattack on the critical infrastructure of a Pacific nation would be politically, economically and socially devastating.

With legislative backing and political intent, Australia can communicate to our Pacific neighbours our commitment to assist in the event of a cyberattack.

Expanding our security guarantee would require the introduction of important safeguards. Firstly, changes to the Defence Act would enable Australia greater flexibility to use cyber capabilities in a measured response. Secondly, any Australian assistance must comply with international principles of attribution, distinction, and proportionality. Lastly, we must underwrite internal Pacific efforts to address all emerging challenges in cyberspace.

Incorporating cyber into Australia’s existing security aid to the Pacific would be a step change in our security posture and relations with the region. It would require bold leadership from politicians, Defence and DFAT alike. But in practicality, it can be achieved through existing mechanisms.

Following ratification in 2018, the Boe Declaration on Regional Security is the Pacific’s blueprint for addressing traditional and non-traditional security challenges. It affirms an expanded concept of security with increased emphasis on cybersecurity, “to maximise protections and opportunities for Pacific infrastructure and peoples in the digital age.” The Boe construct eschews complex bilateral arrangements and multilateral forums that currently categorise the security architecture in the Pacific. It is an ideal mechanism on which to enshrine our cyber security guarantee and advance and promote a Pacific approach to cybersecurity.

Adapting existing Australian-funded regional mechanisms would enable Australia to support Pacific partners more readily in a cyber contingency. The Cyber and Critical Tech Cooperation Program is funded by Official Development Assistance (ODA) to strengthen regional cyber resilience and capacity. Its flagship program is the  (PaCSON), which promotes collaboration, information-sharing and incident response capabilities across regional cyber security incident response professionals.

PaCSON is already being utilised by all Pacific Island Forum (PIF) members to share information on cybersecurity. The Australian Cyber Security Centre (ACSC) represents Australia in PaCSON and is a critical vector to enable the deployment of cyber capabilities to respond to a significant regional cyberattack. PaCSON also works with the Pacific Fusion Centre, the Australian-funded and PIF-endorsed regional security assessment agency. With a security guarantee enshrined under Boe, endorsed by PIF and operationalised through PaCSON, Australia could effectively bolster the cyber deterrence of the Pacific and ensure the ongoing security and stability of the region.

An expanded security guarantee is an indispensable instrument to set international standards about collective security against non-traditional threats. This is particularly relevant for the Pacific, where the catastrophic effects of the climate crisis have precipitated countries like Tuvalu exploring the concept of a ‘digital nation’.

These moves provide unique opportunities to promote an international consensus on ‘digital sovereignty’ and the inalienable rights of citizens of a digital nation. It is also an opportunity to set expectations on how the security guarantee applies in a digital world. Australia could and should promote the perpetual and eternal sovereignty of countries like Tuvalu facing geographic collapse. A security guarantee to the region with an expanded cyber scope is a useful means to achieve this.

Pacific countries are not monolithic, but they do share unique security challenges that converge in cyberspace. As the climate crisis forces countries to exist within digital boundaries, an evolving concept of sovereignty will pose unique challenges. As small formal economies separated from major markets and with a high reliance on development assistance, the devasting effects of a cyberattack are heightened. And as countries with underdeveloped law enforcement capacity, the Pacific is particularly susceptible to transnational cybercrime.

In the face of these challenges, the cybersecurity of the Pacific is vital to ensure continued economic development and socio-political stability. Australia will continue to respond as we have in the past to security threats in the Pacific —domestic unrest, humanitarian aid and disaster relief, illegal fishing— but we lack the means and stated intent to respond to a sophisticated cyberattack.

With government reinforcing the centrality of the Pacific in our conceptualisation of interests, and the Defence Act reform modernising our ability to deploy non-traditional Defence resources, Australia is well placed to formalise an expanded security guarantee. Working with our Pacific partners and leveraging existing, proven mechanisms, Australia can help ensure Pacific countries are secured against cyberattacks that threaten their critical infrastructure, economy and sovereignty.

Nicholas Campton-Smith is a member of the Defence, Strategy and Industry Practice at Synergy Group with five years’ experience in the defence industry. Nicholas is practised in policy development, capability sustainment tendering, maritime domain awareness and open source intelligence. He has a master’s with Excellence in Strategy and Security from UNSW Canberra at the Australian Defence Force Academy.

Image: Adobe

Will Australia become a force to be reckoned with?

defence snipers
Reshaping Australia’s defence capability to project power into the region while stiffening northern air bases is a major change of direction. It's also incredibly expensive.
HIMARS
There is much to commend in the Defence Strategic Review - the big question is whether Defence is up to the task.
Defence systems
The mechanisms and support structures for Defence to deliver accelerated capability already exist. It is the behaviours that must be addressed.
Army
Far from being the biggest loser in the DSR, Army will become a more sophisticated and potent force with more reach than before.
Innovation
The Australian Defence Force needs rapid, timely and relevant solutions to a developing geo-political situation that will outrun the slow pace of science.
Navy
While the Navy's nuclear-powered submarine plans are well known, another review will determine what happens with Australia's surface fleet.
Pacific security
Australia will continue to respond to security threats in the Pacific but we lack the means and stated intent to respond to a sophisticated cyberattack.
Air Force F35As
The RAAF gets just a page and a half in the Defence Strategic Review, which leaves open opportunities to boost Air Force capability.
procurement - defence
To address its procurement problems, Defence needs to make several shifts in culture and make-up, experts say.
Youth and defence policy
Defence and the government need to do a much better job of responding to the legitimate concerns of young Australians.
Australia will have to build more digital muscle to resist cyber attacks or even potentially use offensive tactics against foreign targets.
Defence spending
Australia is limited on how much it can produce at home, putting pressure on Defence's already stretched budget across acquisition, sustainment, workforce and operations.