Start your day with intelligence. Get The OODA Daily Pulse.
In late January 2023, the Quadrilateral Security Dialogue, or “Quad,” issued a joint statement that pledged to collaborate to better secure cyberspace and foster an international digital economy to benefit the global community. Dubbed “the Challenge,” this effort consists of a checklist for individuals as well as commercial entities to review their security postures and provides best practice cybersecurity recommendations to be implemented to make persons and entities more cyber resilient. Additionally, the Challenge seeks to establish common cybersecurity requirements for critical infrastructures and foster more robust cooperation on information sharing in the Indo-Pacific region under this partnership. Given the region’s history with prolific cybercrime, and Quad members like India and the United States often being exploited by such activities, this initiative has the potential to be a regional exemplar of how countries can work together against common adversaries.
Officially called the Quadrilateral Security Dialogue, the “Quad” is a group of four countries: the United States, Australia, India, and Japan. The organization began as a loose cooperation following the 2004 tsunami, dissolved in 2008, but then revived in 2017, as a means of counterbalancing Chinese diplomatic and military interests in the Indo-Pacific. Since the Indo-Pacific region spans two oceans, it is an important geographic location to preserve the multiple security interests that span a wide variety of areas to include but not limited to maritime rights, questionable island territory claims, natural disaster response, the conduction of joint naval exercises, and most recently, cybersecurity cooperation. Indeed, the Quad’s expressed interest in ensuring the security of telecommunications, and specifically, 6G technology, is a not-so-subtle dig at China whose telecom providers and telecom equipment manufacturers have been the center of security concerns over spying and other illegal cyber activities. Given that 6G technology is a priority project for China, getting shut out of regional markets would impact its aspirations and expansion of its sphere of influence.
China’s brazenness in cyberspace is well known as it has been global in scope, aggressive, and unrelenting. While the United States has and continues to be a top target for the multitude of Chinese cyber campaigns, members of the Quad have also been caught in the crosshairs of cyber misconduct running the gambit from cyber crime activities to more nefarious exploitation of critical infrastructure networks. In 2021, the Australian government joined its allies in publicly identifying China as a perpetrator of malicious cyber operations.
Similarly, in 2021 Japan attributed years’ worth of network exploitation against more than 200 Japanese companies and research institutes to one of China’s military units. And finally, in perhaps the most egregious of hostile cyber acts, Chinese state-sponsored cyber attackers conducted frequent probes into accessing India’s power grid.
A formal cybersecurity agreement between Quad member countries would lead to better multinational cooperation, facilitating threat information sharing and collaborative investigations, and aid in attribution efforts. Furthermore, these joint efforts could be leveraged to collectively deliver political and economic sanctions against transgressor countries as a way of punishing some of the most egregious attacks, like those against critical infrastructures. This would send a message to other states that certain cyber activities would not be tolerated, and if undertaken, risk being countered by the full capabilities of the Quad. The potential of Quad effectiveness is not lost on other countries that have similar security interests. Nations like New Zealand, South Korea, and Vietnam have expressed interest in joining the Quad, and all have been victimized by China’s aggressive cyber campaigns stealing sensitive data. While there doesn’t appear to be a move to add new members to the Quad at this time, it is clear that there is an appetite for expansion, particularly as China’s threat stature increases globally.
This obviously worries Beijing who sees the Quad as a unified problem to achieving its aspirations. No longer a loose confederation, the governments of the Quad have come together expressly to contain China’s cyber, economic, and maritime security plans and policies. If the Quad should continue to formalize its alliance and obtain tangible results in these areas, then perhaps the Quad would then elect to include those countries on its periphery to further reduce Chinese regional influence. And while this hasn’t occurred as of yet in any of the previously mentioned security plans and policies of interest, they certainly could. Strategic competition benefits a group committed to its end goals, especially when they potentially offer alternatives to the trade that China now provides them. And if push met shove, how far would the Quad go to support Taiwan? This would be anathema to Beijing. It’s therefore unsurprising that China has tried to counter Quad activities via an onslaught of propaganda taking swipes at the Quad and condemning it for promoting Cold War values. Beijing clearly sees the Quad as an opponent able to deliver a considerable blow to its interest. It may not make a perfect strike, but it doesn’t have to. It only needs to make an impactful dent.
Collaborating on cybersecurity is a good way to signal to Beijing that the region including the United States will start to be more aggressive in going after Chinese cyber groups that have been operating with impunity over the past 20 years. The United States has been actively implementing its “defense-forward” strategy in which U.S. Cyber Command (CYBERCOM) proactively go after cyber threats to counter attacks before they are able to be operationalized. These “hunt forward” teams have been active in Ukraine, and by CYBERCOM’s standards, have been effective. Considering that a 2022 National Cyber Power Index report recorded Australia in the top 10 with India and Japan lower on the larger scale but still among global leaders on the list, any enhanced cooperation could prove effective in identifying, monitoring, and ultimately mitigating the effects of Chinese cyber espionage, which has long supported China’s economic rise. Defense forward operations to curb rampant cyber espionage appears consistent with commitment to persistent engagement and “degrade the capabilities and networks of adversaries.” No-hack pacts haven’t worked; maybe this will.
It’s still too early to ascertain what the impact of the cybersecurity initiative will be. The more intertwined countries become with China, the more difficult it will be to reproach Beijing without suffering a consequence, if there are no alternatives in place to offset any losses. Further complicating the scenario are emerging technologies like artificial intelligence and next generation communications that further strengthen the bonds that hold countries to China. For the Quad to be effective, it will need not only to bolster its joint commitment to one another, but also put into effect joint maritime exercises and very public cybersecurity initiatives to show China a cause-effect relationship to its questionable activities.
While there is nothing that will stop Chinese cyber operations, increased threat and intelligence information-sharing, remediation, attribution, and more importantly, disrupting its cyber networks might just be a successful combination to stem the flow. And that just may be the very catalyst needed to rally other regional victims of Chinese cyber spying onboard to pushback against this brazen activity. And hindering China from operating unabashedly in its own backyard would be a good place to start to dull the sharpness of Beijing’s global aspirations.