Promoting International Peace and Stability in Cyberspace

good afternoon everyone how you were doing I hope you’ve had an amazing experience that this incredible conference it’s an absolute privilege to be here for a second year in a row Wow how about that and a great audience to come and speak to and a great opportunity to talk about some of the work that that we’re doing down under in this area so I’m totally freaking in it as you’ve just been told and I’m Australia’s ambassador for cyber affairs so I mean what do many of you think about if you were thinking about what an ambassador might be you probably think about cars with flags ruffling in the wind and you know embassy parties with endless flowing champagne and canapés and maybe tabletops full of chocolates and fare of Roche so I do some of that sometimes but also I’m a builder and I like building things and most of my time is actually spent in this job of building things and and working exclusively on an exciting renovation so let’s get a bit of audience participation I want to see a few hands here how many of you have tried renovating a house go on don’t be shy good now I could get an idea that’s quite a few people who try it it’s pretty hard work isn’t it I bet most of you have sweat you know blood sweat and tears over trying to renovate a house is pretty hard but in the end once you get your final product it’s worth it isn’t it because you get that amazing new renovated field or something you’ve produced yourself so I’m working on a long term project of renovation here of essentially a very old an ancient monument maybe akin to what you can see there on the slide and it’s being built for many many generations and the house is the International rules-based order which you probably hear a lot about in your newspapers from your politicians and it’s really gradually being built over many many years of testing and evaluation and failure at times over over decades it’s being built by monarchs by presidents by ambassadors and other diplomats as well and today though however we meet at a critical juncture also an exhilarating juncture in in human history but the house is being renovated in order that we can meet the challenge the digital age presents us all and as government’s we really are incredibly aware now might not be in the case 10-15 years ago but we’re so aware that there is a risk that probably all you in this room have known about for a long long time that unrestrained and irresponsible behavior in cyberspace has the ability to really cause considerable damage to society and old institutions sometimes need a bit of time to catch up and many of our current policies essentially are the Allegra see of the analog era and they need to be reinterpreted for this digital era that we now find ourselves in so if you like the gap between technology 4.0 and policy 1.0 really needs to be bridged and more rapidly than any other policy area that we’re dealing with currently so digital connectivity is the engine that we know is driving our modern societies our economic growth but the benefits that we’re now enjoying come with risks and you’ll hear that all the time won’t you I’m sure you’ve had so many presentations that tell you that but it’s it’s worth reinforcing and the difficulty we see now is that cyber security incidences that are global in scale have been the possibility for an awful long time and again many of you professionals in this room will have known that for an awful long time but now we’re seeing that come of age and actually being enabled and actioned in the global environment so now we think it’s a vital period in time in order that we act and ensure that the benefit that we all want to enjoy in in the digital space and for digital connectivity is protected and that essentially we protect also in the same token global security and stability so Australia what we’re doing is we’re upgrading our diplomacy that’s my responsibility in order that it’s fit for the digital age so I’ve got the honor of being the ambassador for cyber affairs it’s the first of its kind in Australia is the first time we’ve done it and it’s a recognition at the fact of how important this area of diplomacy is now to Australia’s interests in the global area but there’s scarcely an international issue that you will see which doesn’t have some kind of cyber component in its background and really many of the people in in the world I work in that world of multilateral diplomacy and the digital world hasn’t quite made its mark if you like in into the workplace so diplomacy is quite a strange and arcane language and symbols and I’ll share some of that with you because you might not even know you know under have been made aware of that in the past so ambassadors are appointed by letters of credence and they’re sealed copies which are sent to kings and queens and presidents prime ministers in order that those credentials are delivered and in some countries ambassadors present their credentials to a head of state and horse-drawn carriage there’s me in a horse-drawn carriage it’s pretty pretty nifty computer work that isn’t it to get me into that carriage certainly isn’t me in that carriage but essentially that is a ambassador’s carriage of a particular country no names and your seniority is judged on the number of horses that you have at the front of that carriage there’s four there I would probably require 10 no ego here at all we still call our official language cables because they they were based on the telegram telegrams that we know and enjoy from the past we transact business in notes verbally with language that wouldn’t be out of place in a Jane Austen novel and we also de marsh people when we’re pretty upset with them so you can see there’s quite a challenge in front of us but least of all me trying to get my carriage with at least ten horses on the front but in the past year more seriously what we now know is that there is an increasing catalogue of these instances which have global impacts and affect us all not pettier and one acquire two examples of this and in the last year and we know that there’s been this long-held potential but as I say it’s now being recognized and there are course many instances that will never make the public profile of these two instances and you’ll see those in your jobs every day but not pettier cause billions of dollars worth of damage and and we even know that worryingly it impacted the radiation monitors at Chernobyl wanna cry hits hundreds of thousands of computers worldwide 150 different countries impacted including the National Health Service in in the UK a significant critical infrastructure impacts that we’re seeing and what we’re concerned about now is the significance of these these instances shouldn’t be underestimated and that states and their proxies are viewing cyberspace as a domain to exert influence power and we’re witnessing that increasingly more frequently now in the modern era than we ever did in the past and it’s being used to undermine the security of other countries and malicious and irresponsible cyber activity is increasingly part of a pattern of reckless and deliberate conduct by States and their proxies we think that’s a growing threat to the international security and international stability that we know and enjoy and the growth in scale scope and severity of cyber instances demands more than just that technical response the safety and security of cyberspace we think is it has a direct bearing on the relationships between states we’re seeing that play out in your newspapers I guarantee everyday you’ll pick up a newspaper and see some kind of cyber incident that impacts upon the way that states talk to one another and interact and in that increasingly globalized world the ability of all of us to go about our daily lives is being impacted but we have the good foundations for the renovation of this house that we’re all renovating together here but we don’t need to bulldoze that house and start over again we think that there are existing groundwork to build on in this area and the international rules based order it’s supported the kind of economic prosperity that we all enjoy in this room and we are keen to ensure that that continues so we’re working on implementing what we call an international cyber stability framework which will renovate that international rules-based order to meet the challenge of the digital age and our renovation has five key pillars which you’ll see on their slide on the slide there we think that the application of international law to cyberspace is vital and to developing and implementing norms of behavior for States is important as well three deterring and responding to malicious instances is incredibly important to and for implementing confidence-building measures is a vital importance of five building capacity to manage cyber threats wherever you are in the world is increasingly important and these all of these things need to be carried out on a global scale so now I’m going to break some of that down for you so international law let’s let’s look at that first it’s a major pillar of what we do as States cyberspace is not a nun governed space as far as states are concerned the domain is new but the rules aren’t the international community including the powers that you would envisage being agreement on these issues US UK China Russia we’ve all agreed and Australia included that the fundamental starting point is the international law replies in cyberspace as much as it does in the physical space and that means that countries need to act in accordance with that law and with the same legal obligations that they would think about in the physical environment too so rather than trying to tie ourselves up in knots reinventing the wheel and renegotiating new treaties which will take decades and decades and decades we think we have that groundwork to build on and we just need to further in our understanding of how international law replies so we’re making good progress on that front and we’re working well secondly going to talk about norms so we’ve squared away a bit about international law as we’ve seen it moves slowly but you can compliment the fact that everything is cyberspace moves so fast by implementing norms which are a bit more flexible and we can perhaps do a little bit more about them well what are what are norms I don’t know in society we have certain behavioral norms I guess so when you meet and greet somebody you might shake hands with them that’s a social norm you might kiss the cheek of someone that you meet again there’s societal norms behaviors that develop to ensure that we all work together harmoniously and have mutual bit of respect for each other and what we’re doing so good progress has been made in this area 2015 we squared away that 11 norms of state behavior are agreed to through UN grouping we’ve put that with Australia into policy and what what are some of the things that are included in that firstly countries refrain from using cyber tools to damage critical infrastructure secondly countries should take appropriate measures to protect their own critical infrastructure from cyber threats and thirdly essentially countries have a responsibility to investigate malicious activity that’s emanating from within borders so it all sounds like basic stuff you might say that you’ve seen some break some of those norms already in the international arena and that’s where we think the next part of this building work takes place which is deterrence it’s quite a tough topic to talk about to be frank but there’s no point in having those rules unless there are consequences for those who are beginning to break them and that’s what we’re seeing in the international scene so we’re working with international partners to try and ensure that they’re being followed and this is our third pillar at its simplest what is deterrence is essentially making someone else think twice before they conduct an activity think about their risk calculus you know those risks are far more dangerous than the benefits that you’ll gain from a particular using a particular piece of malware and we’ve we’ve long practiced denial if you like through creatives so it deterrence by denial in terms of creating strong cyber defenses and and we’re working now as a community to ensure that groups of states increase the cost of that inappropriate behavior we can’t do this alone it has to be through coordinated efforts and I think you know as I suggested there are states who think they were immune to some of these issues through issues like not pettier through through wanna cry that these rules don’t apply to them but they do and we need to change that and such responses that we eventually take don’t have to be through cytonemes probably will rarely be through cyber means but they could involve all the different levers that you have at your disposal diplomatic measures legal measures policing actions economic or even in worst case scenarios military measures it totally depends on the incident but they should also include you in novel ways of responding and combining different levers of government and also broad a private sector that you might have and we need to understand as so much of this capability exists in the private sector how do we work on these kinds of deterrence issues with you now some of you are probably thinking you know this will start off very nice there’s an ambassador on stage who’s a diplomat no none of this sounds very diplomatic sounds like he’s quite an aggressive bloke and you’re probably you know wondering how can we do this if you don’t know who did it well doc our objective overall is to have stability in cyberspace we don’t want another governed environment where nobody stands to benefit and we’re worried about who’s around the next corner but what we’re understanding now increasingly is that attribution isn’t quite as hard and isn’t impossible as many used to say we’re getting better at that and I can assure you Australia’s getting much much better at this and we can assure you that also that our response is as and when they take place will be proportionate and consistent with domestic and international law we are responsible state actors and what we are saying is we’re calling on all countries to be responsible in the activities that they take confidence-building measures so this renovation is getting a little bit serious now it’s important to reinforce the pillars that we’re rebuilding this house in so the fourth pillar is confidence-building measures that we want to build this time and they foster trust between countries to prevent misunderstandings that could potentially lead to conflict and so when when we respond to these malicious actors States are confident that we’re doing so with solid justification and within the boundaries of international law one of the well well-known confidence-building measures is the red phone which exists between the Kremlin and the White House so they can pick up the phone have direct access and if anything goes wrong they know they can actually have a clearer understanding of what might be there so what are some of these ways you do confidence-building measures transparency dialogue bringing in broader stakeholders as well into that conversation and the sharing of views on different issues just getting a clearer understanding of where you stand risk reduction measures Australia and Malaysia for example we’re leading a piece of work in trying to make sure that we have workable points of contact across this region so we know exactly who to call if something goes wrong we know when and where to call someone and that person can action what we’re asking them to action so for example if if an attack on Australia appeared to be originating from New Zealand we would know exactly who to call and discuss the issue with and we also have a whole cooperative program in australia’s cooperation program and this brings me on to the final pillar which is capacity building and this is where we assist in building other sectors and other countries in having the ability to join this international cyber stability framework and the private sector have a huge job in assisting and working in this area to will stand to benefit from better cyber security in the region don’t we and globally so we set up the rules of the road with international law and norms carried and and said they’re called out we’ll call out those countries that don’t actually comply with those rules and norms that we put in place we build trust between states we need to ensure that all countries are able to protect themselves so what is Australia doing in this regard we’re investing thirty million dollars over four years in assisting countries in building their capacities and capabilities in order that they can also be part of this international cyber stability framework one of the key areas we work on is is focusing on cybercrime were hansung countries abilities to respond and investigate instances through working with their legislative measures with their judiciary’s with their with their cybercrime experts in order that they can really raise themselves up to the task and another priority is cyber incident response measures we’re working hard and investing in the region to ensure that there’s a better joint capability in that area and in the Pacific we’re working hard on on an organization called Paks on which is a network of cybersecurity response professionals in trying to share best practice and make sure that they are raising the bar together with a sustainable capability and the region will be stronger if we have stronger and more capable nations in cybersecurity as a whole so as we reach the end what are making key conclusions apart from the fact that I don’t have a carriage of 10 horses which I do have to go home and get something done about it so my life isn’t all parties either I kind of wish it was but it’s not the case don’t think for a second I sit there and lots of parties at Embassy receptions I don’t actually do that a lot at all I’m often they’re not on planes carrying out the diplomacy trying to ensure that all of these issues are dealt with by differ countries in our partners and this renovation it’s complex it’s slow burn at times it’s multifaceted and we’re trying to adapt that international rules based order in order that it really does meet the challenge of the digital age in which we’re in and despite the criticisms that you see quite regularly at the international wars based order we think has been that cornerstone of economic growth and prosperity again that we all enjoy in this room and if we reinforce those five pillars of the international cyber stability framework it’ll ensure that in cyberspace we have a prosperous future in cyberspace and not so much of a dangerous one in actions in cyberspace that threaten international peace and stability really should not be tolerated and we as a country and as groups of countries should be upholding the international rules based order online just as we do offline and if you like it’s not it’s not we’re not we’re renovating here we’re not demolishing and we don’t need to demolish the international voice based order for God’s sake we need to understand renovations are difficult you need to retain the character of the building that you need to modernize it to make sure that it’s ready for everything they’re set to come so all of us in this room have a responsibility and an interest in ensuring that that happens and as renovations are made I think many hands make light work so I’m enjoying that enjoying being here but also enjoying inviting you all to be part of this journey and make sure that we would take the international water-based order in for the 21st century and make it right for the digital age thank you you

Leave a Reply

Your email address will not be published. Required fields are marked *