Preparing for New Challenges
An Initiative by
Deputy Director, ASPI International Cyber Policy Centre
Dr Jake Wallis
Program Head of Information Operations and Disinformation, ASPI International Cyber Policy Centre
The brisk construction of AUKUS – the new Australia–UK–US technology-focused trilateral that made world headlines in September – is an example of how the strategic environment in the Indo-Pacific is changing, and quickly. Traditional security issues continue to loom large, but today’s most pressing challenges are shifting to less familiar domains: cyberspace, technology and the information environment.
Many of these emerging challenges fall into the category of ‘hybrid threats’. They include cyberattacks and data theft, disinformation and propaganda, foreign and electoral interference, attacks on critical infrastructure, lawfare (the use or misuse of legal systems to target critics), economic coercion and supply-chain disruption. The aim is to undermine and destabilise societies, whether overtly, covertly or through the use of proxies.
The Indo-Pacific will have to grapple with a huge range of hybrid threats and find a path forward. The stakes are high. The region is at the centre of global geopolitics, as one of the most dramatic contests for power in human history plays out before us. It is also the globe’s chief incubator of innovation, provider of digital labour and maker of critical technologies. The disruption caused by hybrid threat activity will impact on the Indo-Pacific more than on any other region of the world.
Many hybrid threats are often difficult to detect and attribute. Those being targeted may not be aware of the malicious activity occurring under their noses, and even once it comes to light, the culprits may be difficult to pinpoint. The Covid-19 pandemic has only amplified the situation. With many adjusting to home-based work, and in various stages of travel restrictions and lockdowns, populations are more vulnerable to threats emanating from cyberspace and connected technologies than ever before. All this makes countering hybrid threats and implementing deterrence measures incredibly difficult.
The Indo-Pacific contains more than half the world’s millennials – a generation of digital natives ripe for disruption and malign influence.
Online platform use across the region is enormously diverse – internet users in South-East Asia, for example, can traverse a mix of local, American, Chinese and North Asian platforms. This creates a fragile online environment in which bad-faith actors, including state and non-state actors (such as extremist and conspiracy groups), can thrive. Some groups have leveraged legitimate public concerns over vaccine rollouts and data privacy to build and propagate conspiracy theories that undermine trust in democratic institutions. So it’s no surprise that the region’s governments, civil society sector and business communities are struggling to keep pace with these emerging challenges, which blur the line between conflict, peace and standard economic activity. Many are facing the same challenges but lack an awareness of what is happening elsewhere, resulting in ineffective, poorly coordinated deterrence measures.
Responses to traditional security challenges have developed over many decades. There are protocols, frameworks and international groupings to monitor, manage and counter security threats. The patchwork of approaches on offer – engaging with multilateral bodies, international diplomacy and long-term alliance frameworks – isn’t perfect, of course. But there are agreed norms, and forums to consult in the event of a crisis or to learn from others’ experiences.
Multilateral bodies are a vital part of the international system, but because of how they’ve been set up, they’re often years behind the real-time challenges that states and societies are facing. Certain topics, such as technology and disinformation, are given scant attention. The Indo-Pacific hasn’t yet constructed the regional architecture or built the organisational capacity to discuss emerging security challenges, let alone how to deal with them. This gap leaves it vulnerable to strategic imbalance: unable to monitor and counter hybrid threats, or to implement the deterrence measures that North America, Europe and other regions are increasingly coordinating on through independent bodies set up to deal with these challenges.
Cooperation on emerging security challenges is difficult in a region of great cultural, linguistic, economic and political diversity. But it is not impossible.
The European Centre of Excellence for Countering Hybrid Threats (Hybrid CoE), based in Helsinki, offers a template the region can learn from and adapt. Hybrid CoE was officially established in 2017 by nine participating states, NATO and the European Union. Over the last four years, a further thirty states have joined, and the organisation continues to tackle a growing crop of regional challenges. Hybrid CoE thrives in bringing together expertise from across the European Union, NATO and allied partner nations. This international collaboration brings greater benefits than any one state could produce alone.
An Indo-Pacific hybrid threats centre would increase the region’s capabilities to prevent and counter hybrid threats. It would need to focus on topics of importance to the region – these would not always be the same as the pressing security challenges that Europe, for example, faces. But, like Hybrid CoE, it would produce research, offer policy advice, facilitate regional 1.5 track dialogues and capacity building, run regional exercises and training, and spearhead collective defence measures.
To be truly valuable, the centre would need to be fully independent – that independence would need to be guaranteed and fiercely protected by its founders. Without this, it could be subject to the unique interests of its funders and fail to deliver on its promise.
Governments, multilateral and minilateral bodies in the Indo-Pacific, including ASEAN and the Quad, should help to shape and support the creation of such a centre. The global business community, particularly large internet and technology companies – heavily invested in the region’s growing markets – also have a role to play. One question worth exploring is whether such a centre should run as a public–private partnership, rather than exclusively by governments. There is a sound logic to this, given the private sector builds and maintains the very infrastructure that malign actors exploit in their attacks.
Neither governments nor industry can always address large-scale hybrid threats alone; solutions require creative strategic thinking across sectors.
A hybrid threat centre could be a forum for collaborative multilateral discussions around strategies, initiatives and capacity building for countering hybrid threats. As the Indo-Pacific starts to emerge from Covid-19, it could also help support social resilience and cohesion across the region by providing an opportunity for states and other stakeholders to share lessons and collaborate on common challenges.
With its young population and rapidly growing economies, the Indo-Pacific will be the focus of global strategic competition for decades ahead as rising states flex their muscles and find ways to assert their political power. If an Indo-Pacific hybrid threat centre is designed to meet the requirements of the region and its key stakeholders, is independent and is informed by a strong evidence base, it can act as a fulcrum, bringing together governments, industry and civil society – at a time when greater collaboration and regional resilience is more needed than ever.