On 8 August, the defence ministers of Canada and Australia released a Joint Statement on Strengthening the Canada-Australia Defence Relationship. The statement includes a lot of what you would expect, such as addressing the Indo-Pacific, but also goes beyond this to address the broader defence relationship, including in cyber.

This is of particular importance as Australia is much further ahead in policy and capabilities than Canada in cyber defense. Australia created its own Cyber Command in 2018, which was when Canada was only saying it was going to take on an assertive posture. Australia is a Westminster-style of government with 6 years of experience operating a Cyber Command and having an assertive posture in cyberspace. It also should not be considered coincidental that today, August 9, the Australia Defence Force announced “A New Era for the cyber domain,” which expands the Cyber Command from a unit to a full command under the Joint Capabilities Group, where it will work alongside the Australian Defence Forces’ (ADF) other space and cyber power divisions and commands.

Suffice it to say, this is a big deal and Canada and the Canadian Armed Forces (CAF) can learn a lot from the Australia and the ADF.

What does the statement say about cyber?

Not much, but this is the norm as it relates to Canadian cyber activities. However, what this statement says signals a lot if we put it in the context of Canada’s present cyber defence policy and plans with the CAF.

Overall, the statement only says three things about cyber:

• Research and technological collaboration to maintain the “technological lead in cyber, autonomous systems, quantum technologies, intelligence, surveillance, and reconnaissance…”

  • The focus here is on the sharing of information and R&D related to advanced information technology. This could take many forms from simply talks and sharing of information to track 2 or 3 initiatives to involve civil society.
    

• North Korea’s growing malicious cyber activity is a concern.

  • It’s good that they mention sanctions evasion right after cyber activity, as cyber operations through ransomware and other malicious activity to obtain cryptocurrency are one of North Korea’s primary methods for sanctions evasion these days.
    

• Bolster operational collaboration to address emerging cyber threats through Five Eyes

  • This is of most interest to me as it suggests that Canada and Australia will look to coordinate their cyber operations more. Australia is still developing and maturing its cyber force structures, but have been much more active with its offensive operations to target criminals and threat actors. Although Canada is starting to get in the game more, the military has much to learn.

What Does This Mean?

The CAF is presently undergoing a major shift in its cyber and digital policies and capabilities. This means that the CAF is also looking externally to learn best practices and establish ways to collaborate and work with its allies in these areas. While this may be an obvious thing to expect for the CAF to look to allies to learn best practices, this has been established by CAF policy since the first national cybersecurity strategy. The downside to this approach is that it significantly undervalues and ignores domestic research and capacity for research in this space that surpasses present DND/CAF capabilities.

The Indo-Pacific strategy states that Canada will actively work with partner countries in the Indo-Pacific on cybersecurity. We are now likely to see cooperation on this front between Canada and Australia. In January, Canada has already signed an agreement of cooperation with the Philippines to address cybersecurity. Australia signed a similar agreement with the Philippines, and the United States is similarly involved in working with the Philippines in cybersecurity.

It is clear that there are high-level discussions and planning by the Five Eyes revolving around cybersecurity cooperation in the Indo-Pacific. With the Philippines increasingly becoming a focal point of confrontation with China, it appears that the Five Eyes may be looking at the Philippines as a starting point. Further, we should not overlook the possibility of the Philippines being a pivotal location for cyber intelligence activities and operations overall. It is a fallacy to believe that all cyber operations can or should be conducted from your home country, but there are significant advantages to launching operations in a different location.

Canada has more to lose in not taking full advantage of this defence relationship than Australia. The Australian government has shown that it considers defence more important than Canada does and has leaned into developing cyber capabilities. Canada is simultaneously trying to make it look like it cares about defence while trying to make up for years of carelessly neglecting national defence. While Canada has downplayed joining AUKUS, there are significant advantages to joining Pillar 2 of AUKUS which Canada can make a contribution if it shows a strong commitment to engagement in the Indo-Pacific. Some reporting would indicate that Canada is attempting to garner an invitation, but nothing is definitive at this time. Regardless of the politics of this, there are major moves underway in the Indo-Pacific already if you know where to look.

If you aren’t already, you should begin to look at which Canadian firms have a presence or relationships with firms in the Philippines.