When Russia invaded Ukraine in February 2022, the internet in the People’s Republic of China (PRC) echoed the Chinese government’s noncommittal stance, declining to portray Moscow’s military assault in Europe as an unprovoked attack. Censors commissioned by the ruling Chinese Communist Party (CCP) were similarly vigilant in early 2022, limiting online exchanges during a COVID-19 lockdown,
including information on how cloistered residents could get food and medicine. Though a few online posts thwarted government surveillance, the crackdown largely was successful.
The internet in the PRC is neither open nor free.Posts that criticize government actions disappear, subscribers’ accounts are suspended or dropped, and propaganda espousing the state’s viewpoint is rampant. Externally, the Chinese government uses threats and false promises to influence opinion, solicits other nations to further its strategies and embraces hackers who steal military technology and
intellectual property.
Authoritarian regimes such as those in the PRC, Russia and North Korea typically cite cyber sovereignty as justification for their online surveillance and actions.
They maintain that sovereignty applies in cyberspace as it does within nations’ physical boundaries.
How nations choose to manage their cyber resources is complex and sometimes nefarious.But there’s another approach, one taken by allies and partners in the Indo-Pacific and embodied in the Declaration for the Future of the Internet and other multilateral initiatives. The declaration, adopted in April 2022 by 61 nations, territories and multinational organizations, calls for an internet that is open, free and global.
The declaration’s subscribers don’t ignore bad actors. Japan, for example, has established a Cyber Defense Command and plans “to drastically strengthen cyber defense capabilities,” according to the Ministry of Defense’s white paper released in July 2022.
By reinforcing specialized cyber defense units, participating in practical exercises and conducting training, Japan plans to “be fully prepared for modern warfare, including information warfare and cyber warfare,” the
white paper states.
Supporters of the declaration, however, largely channel the internet’s original promise. “Here in New Zealand, we are great believers in the internet as a force for good,” Paul Ash, the prime minister’s special representative for cyber and digital, said at the declaration’s launch. “The principles outlined in this declaration really matter for us.”
Managing Boundaries
While most Australians understand territorial sovereignty, digital sovereignty is another matter, said Marcus Thompson, a retired Australian Army officer who served as the first head of information warfare for the Australian Defence Force.
Though hard to conceptualize, digital sovereignty is drawing much interest, Thompson wrote in an article for the Australian Strategic Policy Institute.
“Increased tensions with China, a constant flow of fake news, frequent references to cyberattacks conducted by sophisticated state actors and public announcements on foreign espionage have placed sovereignty front and center in the Australian psyche,” he wrote. “We’re in an era of cyber spies and cyber warriors.”
International law supports geographic sovereignty, which is the understanding that each nation has a right to self-government within its borders. The internet has no physical demarcations. Each nation can follow its own path, from the repressive domestic and aggressive international stances taken by the PRC and Russia to the approach adopted by declaration signers. “The debate on cyber sovereignty is often over whether sovereignty in cyberspace should be an extension of traditional sovereignty,” according to Harvard Kennedy School’s Belfer Center for Science and International Affairs in the U.S.
Increasingly, there’s a tendency to impose rules.
“Amid declining faith in the international system, a different form of protectionism is gaining steam with adverse consequences for billions of internet users,” Freedom House, a research institution based in Washington, D.C., said in “User Privacy or Cyber Sovereignty?” “Authorities in a growing number of countries are weighing measures to control the flow of data in and out of their national borders.”
The move to institute such directives, often taken with the intent of ensuring security and protecting citizens, was a motivation for the consensus-building declaration. Other factors were the increased prevalence of surveillance, ransomware and cyberattacks.
Usually, a nation’s stance on the internet aligns with its accepted practices and laws. Where free speech, privacy and human rights are valued and protected, internet use generally reflects those standards.
Conversely, where a government maintains tightfisted control over its citizens and has an aggressive, often surreptitious outward approach, the notion of cyber sovereignty offers convenient cover.
The commitment by the declaration’s signatories to an internet that prioritizes human rights and is “open, free, global, interoperable, reliable and secure” presents a conundrum. Idealistic visions of a pure and beneficial internet sidestep the growing need to monitor what appears online, both for national security and to uphold domestic laws and standards.
“Increased international tension, a resurgence of nationalism and failures to deliver security and privacy have undermined this original ideology,” said a report by the Center for Strategic and International Studies (CSIS), titled, “Sovereignty and the Evolution of Internet Ideology.”
Regardless of their respective nation’s commitment to internet freedoms, military forces in the Indo-Pacific and elsewhere strive to secure their cyber systems and ensure they’re prepared if conflicts arise.
Meanwhile, autocratic regimes intent on promoting self-serving initiatives foster what Freedom House viewed as “grave implications for the future of internet freedom.”
Even staunch defenders of free expression on the internet acknowledge having more questions than answers. But their collective belief remains firm: An accessible, robust internet featuring wide-ranging viewpoints is preferable to one that’s tightly controlled under the guise of cyber sovereignty.
Future Directions
Australia and the United States in November 2020 launched the first agreement to continuously develop a virtual cyber training range. The Persistent Cyber Training Environment (PCTE) is a platform for real-world defensive missions across boundaries and networks, the U.S. Cyber Command reported. It’s designed to evolve through shared use and development, sharpening readiness in cyber tactics, techniques and procedures. The agreement is an example of the networked approach that advocates of an open, free and global internet say is essential to deter malicious intruders. Communication and an exchange of information are vital, Maj. Gen. Susan Coyle, head of information warfare for the Australian Defence Force, told The Cognitive Crucible podcast. “We have great
relationships here within Australia, within the industry, with academia. We have wonderful and very long partnerships with allies and partners, in particular the United States.“There are so many opportunities, I think, for building really strong and authentic relationships, and it’s just something we’ve got to continue to do as we work together,” Coyle added.
Leaders of many Indo-Pacific nations believe their countries are stronger together. They have joined bilateral and multilateral alliances to leverage their collective heft in tackling a range of issues. The Quadrilateral Security Dialogue, comprised of Australia, India, Japan and the U.S., has refined its initiative to address cyber technology and cybersecurity. The Quad, as it’s called, “seeks to build resilience across our four countries in response to cybersecurity vulnerabilities and cyber threats,” according to a White House summation of the coalition’s accomplishments at its summit in Tokyo in May 2022.
Areas of focus are: critical infrastructure protection, led by Australia; supply chain resilience and security, shepherded by India; workforce development and talent, directed by Japan; and software security standards, steered by the U.S.The four nations’ leaders vowed to improve cybersecurity by sharing threat information and identifying potential risks. Each member country also will develop software for everyone’s benefit, according to The Record, a cybersecurity newsletter.
Also, the White House summary said the Quad will:
- Strengthen information-sharing among computer emergency response teams in each nation, including exchanges on lessons learned and best practices.
- Improve software and managed service provider security by coordinating cybersecurity standards for Quad governments’ procurement of software.
- Launch a Cybersecurity Day campaign to increase awareness and provide information and training in partnership with industry, nonprofits, academic institutions and communities.
The Quad is just one of the partnerships sharing resources and expertise to address technology and cybersecurity, which are major priorities for military organizations that rely heavily on communications and satellite networks for weapons systems and situational awareness.
Australia, the United Kingdom and the U.S.
formed AUKUS in September 2021 to “focus on cyber capabilities, artificial intelligence, quantum technologies and additional undersea capabilities.”
Decades earlier, the Association of Southeast Asian Nations committed to “promote active collaboration and mutual assistance on matters of common interest in the economic, social, cultural, technical, scientific and administrative fields,” reaffirming its pledge in May 2022.
Such partnerships respect international law and support integrated deterrence, which counters attempts to intrude on a nation’s internal operations through cyberspace, gray-zone tactics or direct conflict.Supporters of the coalitions scoff at Beijing’s accusations that the partnerships amount to a containment effort, according to Newsweek magazine.
They say the partnerships are an effective way to stymie incursions, cyber and otherwise, throughout the region.
Balancing Act
It’s a difficult line to walk: uphold principles of an open, free internet while striving to ensure private information, including military secrets, is not breached.The need for effective cybersecurity intensifies with the continuous development and ubiquitous nature of digital technology. The COVID-19 pandemic increased that need as more people went online to work remotely and businesses scrambled to speed their transformation to digital-based platforms.
“The steady extension of sovereign control into cyberspace occurs as nations seek to protect their citizens and find that the laissez-faire approach developed in the 1990s is too weak to do this,” the CSIS report stated. “Between the two poles of laissez-faire and overregulation, however, there is middle ground, and the task for policymakers is to identify if there are ways to meet legitimate concerns without damaging the prospects for innovation and growth.”
The Indo-Pacific is vulnerable to cyber spying and cyberattacks as democracies and partner nations compete with the PRC and other restrictive countries for influence.
Governments in the region have varying perceptions of cybersecurity. The signers of the Declaration for the Future of the Internet believe digital technologies should promote “connectivity, democracy, peace, the rule of law, sustainable development and the enjoyment of human rights and fundamental freedoms.”The PRC, meanwhile, asserts that cyber sovereignty gives governments the right to develop and regulate the internet as they choose within their borders.
In the PRC, that means an approach that routinely garners the lowest internet-freedom rating among 70 nations assessed by Freedom House. The nonprofit organization, which is largely funded by the U.S. government, is founded on the premise that freedom flourishes where governments are accountable to their people, and diversity of expressions, associations and beliefs is encouraged and protected.
“China is home to one of the world’s most restrictive media environments and its most sophisticated system of censorship, particularly online,” Freedom House stated in its 2022 report. “The CCP (Chinese Communist Party) maintains control over news reporting via direct ownership, accreditation of journalists, harsh penalties for comments that are critical of party leaders or the CCP, and daily directives to media outlets and websites that guide coverage of breaking news stories.”
The Chinese state blocks websites, removes
smartphone apps, and deletes social media posts that discuss banned political, social, economic and religious topics, the think tank reported.Meanwhile, Australia, India, Japan and other Indo-Pacific nations have accused the PRC of external offenses such as hacking computer grids and devices.The PRC’s insistence that sovereignty applies to the internet surfaced in a government paper in 2010, according to The Diplomat, an online news magazine.
The document proclaimed that within the PRC, the state has authority to control access to the internet, which it has subsequently done by imposing restrictions.Aware of efforts to infiltrate and disrupt their networks, Indo-Pacific signers of the declaration and their partners recognize the need to institute standards to preserve the integrity of the internet while preventing hackers from compromising security measures.
“The divide between nations that support governance models based on cyber sovereignty, primarily China and Russia, and those that believe in the multi stakeholder model, including most liberal democracies, is one of the most prominent ideological conflicts dividing cyberspace,” according to Harvard’s Belfer Center.
Declaration for the Future of the Internet
“We are united by a belief in the potential of digital technologies to promote connectivity, democracy, peace, the rule of law, sustainable development, and the enjoyment of human rights and fundamental freedoms.”
Thus begins the Declaration for the Future of the Internet, adopted in April 2022 by 61 nations, territories and multinational organizations. The pronouncement calls
for a commitment from “all partners who actively support a future for the Internet that is open, free, global, interoperable,
reliable, and secure.”
The nonbinding document “aims to ‘reclaim the promise of the internet’ and decries recent trends by authoritarian
governments to repress freedom of expression and deny human rights and fundamental freedoms,” according to an
assessment by Georgia Tech’s School of Public Policy in the United States.
The document’s signers acknowledge that a free and open internet presents risks and challenges. Every nation governs data to address vital concerns such as crime, terrorism and other national security threats, whether internal or external, according to the Council on Foreign Relations, a U.S.-based think tank.
The declaration rejects the use of the internet to repress freedom of expression or deny other human rights as seen in authoritarian nations. Offensive actions include broadcasting false information, conducting surveillance of citizens, installing domestic firewalls and staging shutdowns to prevent access to differing points of view.
“State-sponsored or condoned malicious behavior is on the rise, including the spread of disinformation and cybercrimes such as ransomware, affecting the security and
the resilience of critical infrastructure while holding at risk vital public and private assets,” the document says.Although the declaration does not mention the People’s Republic of China or Russia, many of the signers have criticized those regimes for their broad assertions of cyber sovereignty and denials of illicit online practices.In this respect, a Brookings Institution report concluded, the document frames a global divide and says as much about nations that did not sign as those that did.
The declaration cites the United Nations’ Universal Declaration of Human Rights, which proclaims that “the same rights that people have offline must also be protected
online, in particular freedom of expression, which is applicable regardless of frontiers and through any media of one’s choice.”
The Declaration for the Future of the Internet “is a great sort of articulation of everything we have done and need to continue to do,” said Paul Mitchell, chairman of the U.N. Internet Governance Forum’s Multistakeholder Advisory Group.
“The most important thing to do is to keep engaged … to make sure that this thing continues to be supportive in a
positive way for society.”
Disclaimer: The views and opinions expressed in this article are those of the author. They do not necessarily reflect the official policy or position of any agency of the U.S. government, Diálogo magazine, or its members.