We live in the most interconnected era in human history. Instantaneous communications, transactions, and access to information keep our economies growing, infrastructure operating, governments working and people in touch.
The pace and development of new technologies, in conjunction with greater access, is delivering enormous opportunities for both economic and social development. However, as dependence on global Information Communications Technology (ICT) networks increase, the potential risks are also growing.
Australia and the United Kingdom welcome the Commonwealth Cyber Declaration, including its recognition of the Internet as a driver of economic growth, the role of the private sector in implementing appropriate measures to protect themselves and their customers from cyber threats, the coordination of approaches to the security of Internet-connected devices and associated services, the need to deepen cooperation to combat cybercrime and a commitment to promote clear expectations of responsible state behaviour in cyberspace.
Australia and UK reaffirm our commitment to co-ordinate cyber security capacity building efforts, particularly within the Asia Pacific Region, including through tangible support to the implementation plan of the Commonwealth Cyber Declaration. Such efforts can help all countries access the economic and social benefits of cyberspace, in addition to fostering international stability.
The rules-based international order must be upheld online, just as it is offline. Australia and the United Kingdom are concerned by the increased willingness of states and their proxies to pursue their objectives by undertaking malicious cyber activities contrary to international law and identified norms of responsible state behaviour.
We reaffirm our joint commitment to promoting an international stability framework for cyberspace based on the application of existing international law, agreed voluntary norms of responsible state behaviour and confidence building measures, supported by co-ordinated capacity building programmes.
We reaffirm our commitment to a free, open, peaceful and secure cyberspace. The foundation for responsible state behaviour in cyberspace is existing international law, including the law regarding the use of force, international humanitarian law, international human rights law and international law regarding state responsibility. We reaffirm that the UN Charter applies in its entirety to state actions in cyberspace.
We will promote the operationalisation of norms of responsible state behaviour recommended in the 2015 report of the UN Group of Governmental Experts on developments in the field of information and telecommunications in the context of international security. We draw particular attention to the norms prohibiting the use of cyber tools to intentionally damage or impair the use and operation of critical infrastructure during peacetime and the obligation of states to respond to appropriate requests to mitigate malicious ICT activity aimed at the critical infrastructure of another state emanating from their territory.
Australia and the UK will enter into a new era of practical cooperation to better deter, mitigate, attribute and counter malicious cyber activity by criminals, state actors and their proxies, and provide clear and consistent messaging of the consequences of such activity:
• Our operational agencies, including the Australian Signals Directorate and Government Communications Headquarters and the Australian Cyber Security Centre (ACSC) and UK National Cyber Security Centre (NCSC), will continue to work closely together, taking practical measures to counter malicious cyber activity by states, criminals and others. We will share our respective areas of strength and improvement, and pilot new tactics, techniques and capabilities.
• We will develop a joint assessment identifying the most nefarious state and non-state actors affecting our shared cyber security. This assessment will help Australia, the UK and our partners prioritise operational, legal and diplomatic engagement to disrupt malicious cyber activity and strengthen our collective defences.
• We will deepen co-ordination on mitigation strategies against both Advanced Persistent Threats (APTs) and the widespread commodity hacking that affects the economic prosperity of our countries including through the development and implementation of automated technical measures such as Active Cyber Defence.
• We will deepen co-operation on tackling cyber crime. This will cover the sharing of and building on best practice, and looking for creative ways in which greater pressure can be brought on to the organised criminal entities that cause us the most harm. We will also continue to promote the Budapest Convention on Cybercrime as the recognised global standard for tackling cyber crime.
• We will continue to call out unacceptable behaviour as we did in February condemning Russia’s use of the ‘NotPetya’ malware to attack critical infrastructure and businesses, and in December 2017 when we condemned North Korean actors’ use of ‘WannaCry’ ransomware to attack businesses and public institutions around the world.
• We will work with international partners to strengthen and coordinate global responses to malicious cyber activity. Our responses will be proportionate to the circumstances of the incident and consistent with our support for the rules-based international order and our obligations under international law. Australia and the United Kingdom call on all countries to likewise be responsible members of the international community.
Australia and the United Kingdom recognise that it is not just state actors that are pushing the boundaries of acceptable behaviour in cyberspace.
The Internet is increasingly being used for malicious purposes by terrorists, child abusers and criminal syndicates. We reaffirm, as agreed at the 2017 G20, the rule of law applies equally online as it does offline. Our two countries are committed to ensuring security and law enforcement agencies have the powers they need to keep the public safe while respecting human rights and data security.
Governments cannot meet the challenges of the digital age alone. We will work together, in collaboration with industry, to protect the public from those who seek to do harm by using the Internet for malicious purposes. We will continue to work closely with social media, technology, and telecommunications companies, and while welcoming steps taken so far we urge them to redouble their efforts to protect their users.