Security cameras near Microsoft's Beijing office. Western powers this week accused China of hacking the software giant's Exchange email system. Photo / AP
Here's a tough challenge: how to reconcile the huge expansion of digital trade and e-commerce during the Covid-19 pandemic within a rules-based framework, at a time when the super-powers are calling each other out for cyber incursions?
These incursions add to the sense of insecurity many businessesfeel in the internet arena. Major telcos — like Spark in New Zealand — tend to keep a lid on cyber attacks on Kiwi businesses. But as business operations become increasingly linked through 5G networks and the Internet of Things, the capacity for serious damage being inflicted by either state actors or cyber-criminals increases.
It is one of those great ironies of our times: the internet is a great enabler but also has the capacity to be the great disabler.
It's a challenge that New Zealand, as the host of the 2021 Apec meeting, must address, particularly as digital trade is on a staggering upswing.
At the same time, major issues have developed. Not simply data sovereignty and privacy, which has been a major preoccupation of the European Union for some time, and the confusing morass of regulation in this space. But a whole suite of issues which relate to the fact that cyber warfare has become a major issue in serious military spheres — not simply defensive but also offensive.
With Apec circles there is a sense that global governance of the cyber space must step up to underpin increasing digital trade and e-commerce. This is an area where New Zealand should not be afraid to confront the major players, but lay it on the line that co-operation is needed to establish workable frameworks for the future.
That's instead of falling prey to protectionists who favour competing global internet supply chains to limit risk.
This week, the United States — and allies in this field, including New Zealand — sang in unison by calling out China for, in the words of Andrew Little, the Minister for the Government Communications Security Bureau: the "exploitation of the Microsoft Exchange platform by Chinese state-sponsored actors, and the widespread and reckless sharing of the vulnerability, which led to other cyber actors' exploitation of it".
"We call for an end to this type of malicious activity, which undermines global stability and security, and we urge China to take appropriate action in relation to such activity emanating from its territory," said Little.
Inevitably, the Chinese embassy in Wellington hit back, dismissing the charge as a "malicious smear" and urging New Zealand to "abandon the Cold War" mentality.
In Beijing, the official spokesman for the Chinese Foreign Ministry returned fire, accusing the United States of ganging up with some other countries for unwarranted smearing and denigration of his country.
There was more besides. Alleged the spokesman, Zhao Lijian: most cyber attacks in the world come from the US, which is an open secret. According to openly available material, the US National Security Agency has built cyber surveillance centres in eight cities including Washington DC, New York City, San Francisco and Seattle, where the NSA intercepts and analyses flows of global telecommunication data, and monitors large amounts of emails, phone calls and online chats passing across US territory.
The ministry name-checked Wikileaks disclosures and Chinese security reports to make its point. You can find the full allegations on the Chinese Ministry of Foreign Affairs website (in English).
It is obvious that China is a leader in cyberwarfare research, along with the United States and Russia — and also Israel, whose head of cyber explained on a previous visit that nation's focus on both the offensive and defensive capabilities of their first-class cyber developments. These go far beyond the Iron Dome which provides early warning of missiles being fired across its borders.
The importance of confronting cybersecurity issues head on was brought into focus at the 28th PECC general meeting hosted virtually from Wellington this week.
The Pacific Economic Co-operation Council, which is affiliated with Apec, has as its object to support economic co-operation across the Asia-Pacific, bringing together serious minds from business, government, academia, media and other intellectual circles.
A session on "Emerging Issues in the Digital Economy" brought home the challenges facing our increasingly interconnected region.
Grace Gown, who is head of global government advisory at Access Partnership, talked of how digital trade is now booming, and e-commerce trends were "pretty staggering".
Figures Gown produced showed that when Covid hit and borders clamped down, some five to eight years of projected digital transformation was crammed into the first eight weeks of lockdown as people worked from home.
Cross-border data flows have increased. But the digital divide has also been exacerbated, affecting developing economies, women, people with disabilities and minorities.
There has been a proliferation of cross-cutting regulatory developments.
Lu Chuanying , director of the Cyberspace International Governance Research Centre in Shanghai, had a different take. Lu instanced areas of differentiation: national security, cyber military, ideology, industry and commercial.
Lu called for global co-operation to establish rules in cyberspace, particularly on transborder data, cybercrime co-operation, critical infrastructure protection and ICT supply chain integration.
A reflection which resonated with me: "nuclear weapons can be verified, but verifying how many states have cyber weapons and whether states are hiding weapons is a different challenge."
Disclosure: Fran O'Sullivan is a member of the NZ committee of PECC. This reflection, in her personal capacity, is published as part of the Herald's commitment to support NZ's Apec year.