By Hannah Brown
Cyber threats are the new front line for our defence forces, according to the government’s new Strategic Defence Policy statement, released in July by Defence Minister Ron Mark.
This new emphasis is shared by scholars Hughes and Colarik, who have reminded small states like New Zealand that they are not immune to acts of cyberwarfare at the hands of their geopolitical rivals.
The new strategic defence policy replaces the last government’s 2016 strategy, which mentioned cyber issues eight times. The new strategy has upped that to 31, reflecting a growing consciousness within the government of the strategic importance of cyber defence.
It also discusses offensive cyber weapons for the first time, noting that comparable countries such as Australia and Canada have already developed attack capabilities, “conceiving of military effects in this domain as just as logical as in other domains” (New Zealand Government) raising the question of whether New Zealand has – or will – do the same.
Opinion is divided on whether these measures are necessary.New Zealand’s relative unimportance globally and general compliance with international law may make it less likely to an attack – and policymakers in small states like New Zealand need to make compromises to work within relatively small budgets. Conversely – without the sophisticated defences that greater powers like the US and China have – New Zealand could be perceived as a soft target.
In 2012, Thomas Rid argued that cyber war will not take place: “cyber war has never happened in the past. Cyber war does not take place in the present. And it is highly unlikely that cyber war will occur in the future”.
But since then, the threat level has risen. The Stuxnet attack that damaged Iranian government infrastructure in 2010 is now widely believed to have been the joint work of Israel and the USA: the first time the United States has used cyberweapons to cripple another country’s infrastructure.
The international Wannacry cyber attack of 2017 is widely believed – but not proven – to be executed by North Korea.The Russian government is currently accused of state cyberwar against the USA.
Given the Defence Force is not the lead agency for cyber-readiness in New Zealand, the cyber focus of its defence policy highlights the comprehensive, whole-of-government approach to cyber security taken by the New Zealand government.
Led by the Department of the Prime Minister and Cabinet and then the GCSB’s National Cyber Security Centre, New Zealand’s cyber defence is supported by a network of Ministries and agencies of which the Defence Force is just one. The seriousness with which its latest policy statement takes cyberwarfare hints at an increasing commitment across government generally.
Within that, the Defence Force sees its specific roles as protecting physical infrastructure such as undersea internet cables, furthering Five Eyes relationships, and helping develop legal frameworks to ensure New Zealand’s cyber capabilities – and potential future use of them – are lawful.
It’s an emerging area of international law preoccupying many governments. Because global cyber law is immature, The United Nations (UN) has offered itself as a platform to help governments develop it further. In a February speech, Secretary General Anthony Guterres stated “It is not clear how the Geneva Convention or international humanitarian law applies to that type of warfare. I am absolutely convinced that…the next great war will begin with a massive cyber attack” (Khalip, 2018, p.1).
It is unclear what role, if any, New Zealand will play in the development of international cyber law at the UN.
According to Defence Minister Ron Mark, we will learn more when a practical plan for implementing New Zealand’s new strategic defence policy is released towards the end of 2018.
Hannah Brown is a postgraduate student in Politics and International Relations at the University of Auckland.