Australian Outlook

Defining Cyber Diplomacy

10 Nov 2021
By Mark Bryan F. Manantan
Rear view of young man typing and looking at computer monitor while sitting at the table in dark room. Source: Penn State https://bit.ly/3fsfl9a

Diplomatic practice is central in laying the groundwork for cooperation among state and non-state actors within an interest in cyberspace. However, diplomatic approaches towards cyberspace are fraught with complicated challenges.

The scale and speed of technological advancements in cyberspace are unprecedented. As the fourth industrial revolution dawns, bringing with it the reality of big data, artificial intelligence, and quantum technology, the world is entering a new level of more sophisticated hypoconnectivity, blurring the nature of interaction and exchange between offline and online communities. The role of the new cyber frontier is significant for the way that nation-states conceptualise their interests in a contemporary world. It is somewhat of an Achilles heel for governments who seek to mitigate its threats while maximizing the opportunities it offers. As the possibilities for innovation in cyberspace grow, so too does the potential for competition and to some extent, conflict.

States are gradually focusing their attention on policy mechanisms that might promote and safeguard their interests within the cyber domain. Many policymakers grappling with the uncertainty of this uncharted territory are also cognizant of the urgency underpinning the need for shared and accepted rules, protocols, and behaviours that will facilitate smooth interactions between global actors within it.

Compared to traditional domains of land, air, and sea, where diplomacy has neatly laid the bedrock of state’s normative interaction, cyberspace is both complex and continuously evolving. Despite the commonly held notion that cyberspace belongs to the global commons, cooperation in this area has been fragmented and ad-hoc. The intangible and ever-changing nature of cyberspace, which has attracted a mix of actors with varying normative and ideological motives, suggests the need for coherent multi-stakeholder diplomatic approaches that are innovative, agile, and adaptive. Thus, the concept of cyber diplomacy has become an emerging frontier to develop cooperation and interoperability in such a contested space.

Cyber diplomacy is broadly defined as the use of diplomatic tools and initiatives to achieve a state’s national interest in cyberspace that are commonly crystallised in the national cybersecurity strategies. Cyber diplomacy encompasses a wide range of diplomatic agenda, such as establishing communication and dialogue between state and non-state actors; prevention of a cyber arms race; development of global norms; and the promotion of national interests in cyberspace through cybersecurity policies and engagement strategies. It also focuses on the evolving roles of diplomats and the reorganisation of various departments and ministries of foreign affairs to cater to the rising prominence of cybersecurity in the pursuit of foreign policy or the role of new technologies in the processes and structures of diplomacy.

Cyber diplomacy is informed by multiple dimensions of soft power and is considered an effective solution in mitigating the outbreak of massive political or economic uncertainties, risks, and potential conflicts emanating from cyberspace. Fundamental elements in the cyber diplomacy toolbox are cyber capacity-building, confidence-building measures, and the development of cyber norms.

Capacity building in cybersecurity is motivated by the ultimate goal of deterring threats. States are developing the cyber capacity to reduce cyber-related as well as conventional threats posed by rival actors. It involves the diffusion of technical, governance, and diplomatic expertise required to ensure resilience against online threats, encompassing the enactment of national cybersecurity strategies, the establishment of computer incident response teams, and the strengthening of law enforcement bodies. However, the dimensions of the capacity building have evolved beyond standard technical considerations or regulatory frameworks to include raising education and awareness. As the nature of cyber threats knows no borders, capacity building emerged to aid developing economies facing various security challenges due to uneven or lack thereof of technical skills and resources. Addressing such debilitating condition requires human resource development, institutional and organisation reform, private-public cooperation, and access to internet connectivity itself.

Confidence-building measures (CBMs) in the cyber domain enable greater information-sharing to mitigate uncertainty, enhance predictability and transparency on motivations and intent, and facilitate crisis management or remediation strategies among states. As cyber activities are cloaked in secrecy, CBMs provide mechanisms to prevent and regulate certain behaviour by reducing ambiguity and suspicion. Information-sharing in CBMs revolve around threat actors’ profile; tactics, techniques, and procedures (TTPs), systems and vulnerability disclosures; as well as the publication of cyber doctrines and national cybersecurity policies. CBMs are also paving the way in the promotion of cyber norms by establishing shared expectations on nation-states’ acceptable conduct as well as mitigating a cyber arms race in the development of capabilities.

Cyber norms are defined as the “standards of appropriate behaviour concerning the use of ICT” in the context of maintaining international stability and security. They are “voluntary, nonbinding norms as an alternative to law.” Conversely, international law can serve as a basis for cyber norms, and cyber norms can be codified into international law for cyber conflict or cyber warfare, as exemplified in the Tallinn Manual.

Amid increasing cyber-attacks to critical infrastructures, data breaches, cybercrime, cyber espionage, online theft and pilferage of trade secrets, and offensive cyber operations carried out by state or non-state actors, cyber diplomacy can mitigate cyber aggression or the escalation of conflicts. The hyperconnected and transboundary nature of cyberspace makes it critical for states to develop and engage in cyber diplomacy rather than exclusively rely on cyber defense. Through capacity-building initiatives and CBMs, state and non-state actors may be able to establish an atmosphere of predictability and transparency. And with the constant interaction and on-going collaboration in such areas, the potential creation and adoption of cyber norms that regulate responsible state behaviour become feasible over the long term.

The past decade has seen a rise in the call by states for more cooperative cyber diplomacy strategies. Most notable among these cyber diplomacy efforts was the US–China Cyber Agreement in 2015 entered by President Barack Obama and President Xi Jinping. The agreement led to the reduction of Chinese cyber-espionage activities along with a recalibration of cyber policies on the part of Beijing, which led to a friendlier US–China cyber relation. Additionally, non-state actors, including multinational and private companies, are also actively engaged in cyber diplomacy. Microsoft boasts its own Global Security Strategy and Diplomacy Team, while Huawei has collaborated with Microsoft and East-West Institute to develop standards to influence ICT procurements. Despite being sub-state actors, such ICT companies are exuding diplomatic agencies to promote cyber norms.

But despite the positive momentum in cyber diplomacy among individual state and non-state actors, underlying tensions at the multilateral level have stalled cooperation especially on critical issues of further developing cyber norms and the applicability of international law in cyberspace. There is brewing contestation between western democracies and authoritarian camps stemming from their differing views on the application of the right to self-defense, international humanitarian law, and the use of countermeasures in cyberspace. While the US advocates on constraining cyber-based conflict, Russia and China are more concerned about preventing the occurrence of conflict in the first place. Russia and China believe that the US could potentially use international law to justify the use of cyberweapons in the event of an armed conflict. The US, Russia, and China fundamentally diverge in identifying the nature of cyber conflict itself.

There is a deep-seated fundamental divide between the US and its allies versus Russia and China grounded on their diverging ideological proclivities on the broader aspect of internet governance. On one hand, Western democracies led by the US advocate for a multi-stakeholder approach that champions inclusivity of participation in the promotion and adoption of international norms and rules, particularly the free flow of information. On the other, Russia and China are more concerned about maintaining information control for the sake of national security which falls under their notion of cyber sovereignty. This growing divide thus makes a strong case for the potential balkanisation of the internet marked by the rise of digital borders between those who espoused cyber sovereignty versus the free and open flow of information.

The underlying logic behind the so-called “Splinternet” phenomenon also reveals the simmering battle for global technological supremacy between the US and China. It is no secret that China continues to advance its efforts in technology standard-setting to challenge and eventually replace the rules and principles governing the internet which were predominantly established and influenced by the US. If successful, this could lead to the proliferation of decentralised internet infrastructure, giving birth to a “Western” and “Eastern” version of the internet ecosystem.

Therefore, the path towards developing cyber norms that will promote and preserve more stable and secure cyberspace remains desolate. As the current relationships among the US, China, and Russia continue to deteriorate, the momentum for the great powers to come to the table is nowhere in sight. This makes the prospect for cooperation among the perceived gatekeepers of the cyber domain highly implausible, and thus, challenging the argument that cyber norms presents the most realistic pathway in addressing cyber threats. Recognising the uncertainty and challenges on the progress of international cyber norm-making, compounded by the evolving threats and changing vulnerabilities in cyberspace, states are devising a panoply of diplomatic tools and initiatives in cyberspace with an increasing emphasis on cyber deterrence.

Mark Bryan F. Manantan is currently the Lloyd and Lilian Vasey fellow at the Pacific Forum and concurrently, a non-resident fellow at the Center Southeast Asian Studies at the National Chengchi University in Taiwan. Recently he was based at the Center for Rule-making Strategies at Tama University in Tokyo, Japan, and East-West Center in Washington DC as a 2020 US-Japan-Southeast Asia Partnership in a Dynamic Asia Fellow.

This is an extract from Mark Bryan F. Manantan’s article in the Australian Journal of International Affairs titled, “Advancing cyber diplomacy in the Asia Pacific: Japan and Australia.” It is published with permission.