By Francis Domingo*
The emergence of cyberspace as a domain of strategic competition has made it more complicated for the Philippines to leverage the advantages of the information revolution. The Philippines is currently strengthening its network readiness by building critical information infrastructure, enhancing connectivity and implementing policies to manage the impact of new technologies. But as network readiness improves, the country will become more vulnerable to cyber intrusions by capable adversaries.
In 2017, actors traced to Vietnam leaked sensitive government documents from Malacañang Palace and the Department of Foreign Affairs in response to President Rodrigo Duterte’s preference to strengthen ties with China. Despite these incidents, there was no clear policy response from the Philippines. The Philippines is prepared to secure government networks and critical information infrastructure but responding effectively to state-sponsored cyber intrusions poses a greater challenge. The leadership, careful management and prudent communication required can only be developed over time.
Given these challenges, the next administration must supplement existing measures to protect the country’s national interests in cyberspace. While the Philippines has engaged in several diplomatic cybersecurity activities, these are currently not considered part of national efforts to secure cyberspace. The next administration must consider cyber diplomacy as a tool for managing hostile and politically motivated cyber operations.
Cyber diplomacy is the ‘use of diplomatic resources and the performance of diplomatic functions to secure national interests with regard to the cyberspace’. It is an essential tool for less-capable states to project soft power by shaping the foreign policy preferences of other states through culture, values and policies rather than force or sanctions. Since using technologies to shape state preferences has become established practice, cyber diplomacy is useful for states in a competitive geopolitical environment. The Philippines can strengthen its cyber diplomacy through three initiatives — incorporating diplomatic activities in the national cyber strategy, promoting cyber norms and sustaining international cooperation.
The Department of Foreign Affairs has actively participated in regional and global cybersecurity engagements, but diplomatic activities are not yet integrated in cybersecurity efforts. The government views cybersecurity as a domestic issue because perpetrators of cyber intrusions are predominantly criminals and hacktivists. Indeed, the Department of Foreign Affairs is not even considered a stakeholder in the government’s cybersecurity efforts. Diplomatic activities must be considered because states are the most consequential actors in cyberspace and the main proponents of hostile cyber interactions.
The next administration should also promote cyber norms. The UN norms for responsible state behaviour in cyberspace is a significant global initiative to mitigate cyber threats and conflicts, which the Philippines can use to strengthen its cybersecurity posture. There are two measures that the Philippines can pursue.
The first is naming and shaming states that violate international norms and laws. Attributing cyber incidents to specific actors can impose reputational costs and convey important signals to adversaries and rivals. These efforts could be similar to the numerous diplomatic protests filed in relation to Chinese grey zone operations in the West Philippine Sea, in line with the culture of conflict avoidance in the region. While naming and shaming measures risk blowback and may expose the Philippines to more significant cyber intrusions, this is still a more viable option than relying on the private sector or not responding at all.
The second measure is ‘accusation’, the process by which one or more actors allege that a state bears responsibility for a cyber operation. ‘Accusation’ is different from naming and shaming because attribution and condemnation of a state can be done in private, without exposing the sponsor the cyber operation. These actions are crucial in strengthening cybersecurity, given that East Asia is considered to be one of the most active regions for cyber conflict.
Sustaining international cooperation should be the next government’s third initiative. Because cyber operations are not constrained by geographical boundaries, cooperation is necessary to manage increasingly complex threats. The Philippines must continue engaging with platforms such as the UN Open-ended Working Group on Developments in the Field of Information and Telecommunications in the Context of International Security and the Global Forum of Cyber Expertise because these platforms strengthen international cooperation. For instance, the Working Group contributed to developing global cyber norms while the Forum strengthens cyber capacity-building by connecting the needs, resources, expertise and practical knowledge of the global community.
Cyber diplomacy is an inevitable tool for less-capable states in the twenty-first century. While the Philippines is working to enhance its cybersecurity posture, it cannot compete with the cyber capabilities of more powerful states. If the next administration intends to manage conflict and competition in cyberspace, it must strengthen cyber diplomacy.
*About the author: Francis Domingo is tenured Assistant Professor at the Department of International Studies, De La Salle University, Manila. The arguments in this article are based on his book, Making Sense of Cyber Capabilities of Small States.
Source: This article was published by East Asia Forum