Submit your essay to the AI-Cybersecurity Essay Prize Competition by January 2, 2025.
The AI-Cybersecurity Essay Prize Competition
Read more
Main Logo Expert commentary on tech and security

Co-designing Pacific cybersecurity and human security

Tim Stevens / Debi Ashenden / Sally Burt / Elena Steiner 17 December 2024
Share On:
How can a human security approach to cybersecurity involve local stakeholders and improve overall societal resilience in Pacific small island communities?
Main Top Image
Image created using Midjourney

In November 2022, the tiny Pacific nation of Vanuatu was cut off from the global internet by a ransomware operation possibly perpetrated by Russian cybercriminals. For 11 days, government services were unavailable, hospitals and schools were severely affected, and Vanuatu’s 315,000 citizens struggled to access basic amenities. With Australian support, services were slowly restored, but the experience demonstrated how vulnerable small island countries are to cybersecurity incidents.

The incident showed the fundamental connection between cybersecurity, which protects digital systems from disruption and subversion, and human security, which focuses on the safety, stability and well-being of individuals and communities in their everyday lives, beyond conventional state-focused security frameworks.

Pacific Small Island Developing States (SIDS) like Vanuatu face a perilous combination of threats to human security, including shrinking fisheries, limited economic growth, rising seas, and breakdowns in social cohesion. Cybersecurity has a crucial role in addressing these issues but its conceptual and political connections with human security are underspecified and have yet to translate into regional policy and practice.

As such, a revised approach to cybersecurity and human security is necessary. Specifically, we ask how influential regional security partners like AUKUS (Australia, UK, USA) can realign their cyber statecraft with Pacific human security and cybersecurity objectives. We offer four principles to guide regional cyber statecraft, all of which contribute to a Pacific cybersecurity approach with SIDS’ human security interests at its core.

Capacity building as statecraft

Cybersecurity interventions in the Pacific focus primarily on cybersecurity capacity building (CCB). The need for CCB is not in doubt: it can help SIDS benefit from technology and promote their security and resilience. 

CCB draws upon formal frameworks for improving the cybersecurity ‘maturity’ of participating states. State-funded organisations like Australia’s Oceania Cyber Security Centre and the UK’s Global Cyber Security Capacity Centre assess partner countries’ cybersecurity maturity and propose roadmaps to enhance security measures. These well-established initiatives aim to meet the cybersecurity ambitions of both donors and recipients, with the latter retaining significant control over how they allocate resources.

For donor countries, CCB is an important tool of cyber statecraft. However, its focus on technical capacity is not sufficient to address other local digital and human security needs.

The disconnect

The Pacific Islands Forum of 16 South Pacific SIDS plus Australia and New Zealand recognises climate change as their greatest regional threat. They also assert the value of a human security approach for addressing ‘widespread and crosscutting challenges to the survival, livelihood and dignity’ of Pacific peoples and elsewhere see cybersecurity as a crucial mechanism ‘to maximise protections and opportunities for Pacific infrastructure and peoples in the digital age’. 

Forum nations cooperate on regional cybersecurity mechanisms like the Pacific Cyber Security Operational Network and the Pacific Islands Law Officers Network. They support  United Nations cybersecurity initiatives and seek accession by Pacific states to the Council of Europe Convention on Cybercrime. However, this cooperation has not translated to a comprehensive strategy with fully articulated links between cybersecurity and human security  by local and regional powers. This creates a critical gap, as cybersecurity initiatives are not formally aligned with the broader human security agenda of Pacific SIDS. 

Connecting cybersecurity and human security

The Pacific Islands Forum has repeatedly emphasised that human security threats ranging from climate change to COVID-19 are compounded by the region’s limited capacity to withstand external shocks, including cyberattacks from external actors. 

Pacific nations face unique cybersecurity challenges due to limited resources, inconsistent connectivity, and a range of external cyber threats driven by crime and geopolitics. Poor cybersecurity increases exposure to cybercrime; their position in the Pacific puts them in the crossfire of East-West competition. In this context, cybersecurity must defend against external digital threats and safeguard human security.

Vanuatu’s ransomware experience highlighted the fragility of the island’s critical infrastructure. Other countries like Palau have also been targeted. The Pacific Islands Forum itself was infiltrated by hackers in 2024. Cyber operations against SIDS assets, including these incidents, are regularly suspected to involve China, as SIDS become entangled in broader geopolitical dynamics and China seeks to counter US regional influence.

Digital technologies can help improve insecurity emanating from environmental challenges. They can play important roles in monitoring environmental indicators, enhancing economic diversification, sustaining dispersed communities, and communicating Pacific political concerns to the world. 

A human security approach to cybersecurity ‘prioritizes the individual, and views [digital] networks as part of the essential foundation for the modern exercise of human rights’. Linking human security to cybersecurity, however, requires changes in how cybersecurity is perceived and exercised. 

Incorporating human security would shift the focus of cybersecurity from the sovereign state to the rights-bearing individual. State interests should not be the main or only consideration in cybersecurity decision-making. 

Linking the two would also position cybersecurity as an enabling foundation of human security, a way of comprehending and responding to how people perceive everyday security and insecurity.

Neither a conventional state-centric approach to cybersecurity, nor a one-size-fits-all mindset, is a sustainable basis for cyber statecraft by well-resourced actors, such as the AUKUS countries, seeking to meet Pacific cybersecurity and human security needs. 

Four principles

We propose four principles for reframing cyber statecraft and furthering Pacific human security. They build on existing policy commitments and work together to raise the level of cybersecurity for SIDS nations and communities.

First, all stakeholders should adopt a human security approach that recognises its critical importance to regional stability, aligns cybersecurity policy with human security objectives, and integrates human security into Pacific statecraft.

Second, overseas powers like the AUKUS countries should collaborate with all relevant regional parties and stakeholders to explore the relationship between cybersecurity and human security, ensuring comprehensive regional arrangements that respect local social, economic, and political concerns.

Third, as far as possible, cyber statecraft should lead to the co-design of cybersecurity initiatives with the populations it intends to support. These should be appropriately adapted to local cultures and worldviews and meet the specific and unique needs of diverse and distributed Pacific communities. Such initiatives are currently rare in the region but have been shown elsewhere to enhance resilience and drive positive security outcomes.

Fourth, all countries must ensure their cyber statecraft postures and actions do not inadvertently harm Pacific human security, especially in the context of regional power dynamics and US-China strategic competition. Friendly nations should seek to protect local communities as much as they aim to counter Chinese activities in the Pacific.

Human security for strategy and stability

Supporting human security via cybersecurity is critical for the stability of the Pacific region. Our principles suggest that powers like AUKUS can develop strategically sound statecraft that is grounded in cultural sensitivity and aligned with Pacific SIDS’ aspirations. By boosting security and resilience in SIDS and prioritising regional concerns, the AUKUS coalition can further its strategic interests in the Pacific. 

The authors received funding from the Security and Defence Plus (SD+) initiative of the PLuS Alliance.

avatar
Tim Stevens
avatar
Debi Ashenden
avatar
Sally Burt
avatar
Elena Steiner

Related

Featured image
Binding Edge
Reading between the lies: using leak sites to analyse ransomware trends
Janina Inauen / Max Smeets 1 November 2024
Read more arrow
Featured image
Binding Edge
Public-private collaboration in Ukraine and beyond
Taylor Grossman / Monica Kello / James Shires / Max Smeets 4 April 2024
Read more arrow
Featured image
Binding Edge
Predatory Sparrow: cyber sabotage with a conscience?
James Shires / Max Smeets / Hannah-Sophie Weber 9 December 2024
Read more arrow

Terms and Conditions for the AI-Cybersecurity Essay Prize Competition

Introduction

The AI-Cybersecurity Essay Prize Competition (the “Competition”) is organized by Virtual Routes (“Virtual Routes”) in partnership with the Munich Security Conference (“MSC”). It is sponsored by Google (the “Sponsor”). By entering the Competition, participants agree to these Terms and Conditions (T&Cs).

Eligibility

The Competition is open to individuals worldwide who are experts in the fields of cybersecurity and artificial intelligence (“AI”). Participants must ensure that their participation complies with local laws and regulations.

Submission Guidelines

Essays must address the question: “How will Artificial Intelligence change cybersecurity, and what are the implications for Europe? Discuss potential strategies that policymakers can adopt to navigate these changes.”

Submissions must be original, unpublished works between 800-1200 words, excluding footnotes but including hyperlinks for references.

Essays must be submitted by 2 January 2025, 00:00 am CET., through the official submission portal provided by Virtual Routes.

Only single-authored essays are accepted. Co-authored submissions will not be considered.

Participants are responsible for ensuring their submissions do not infringe upon the intellectual property rights of third parties.

Judging and Awards

Essays will be judged based on insightfulness, relevance, originality, clarity, and evidence by a review board comprising distinguished figures from academia, industry, and government.

The decision of the review board is final and binding in all matters related to the Competition.

Prizes are as follows: 1st Place: €10,000; Runner-Up: €5,000; 3rd Place: €2,500; 4th-5th Places: €1,000 each. The winner will also be invited to attend The Munich Security Conference

Intellectual Property Rights

The author retains ownership of the submitted essay.

By submitting the essay, the author grants Virtual Routes exclusive, royalty-free rights to use, reproduce, publish, distribute, and display the essay for purposes related to the Competition, including but not limited to educational, promotional, and research-related activities.

The author represents, warrants, and agrees that no essay submitted as part of the essay prize competition violates or infringes upon the rights of any third party, including copyright, trademark, privacy, publicity, or other personal or proprietary rights, breaches, or conflicts with any obligation, such as a confidentiality obligation, or contains libellous, defamatory, or otherwise unlawful material.

The author agrees that the organizers can use your name (or your pseudonym) and an image of you in association with your essay for purposes of publicity, promotion and any other activity related to the exercise of its rights under these Terms.

The organizers may remove any essay-related content from its platforms at any time and without explanation.

The organizers may block contributions from particular email or IP addresses without notice or explanation.

The organizers may enable advertising on its platforms and associated social media accounts, including in connection with the display of your essay. The organizers may also use your Material to promote its products and services.

The organizers may, at its sole discretion, categorise Material, whether by means of ranking according to popularity or by any other criteria.

Data Protection

Personal information collected in connection with the Competition will be processed in accordance with Virtual Routes’ Privacy Policy. Participants agree to the collection, processing, and storage of their personal data for the purposes of the Competition.

Liability and Indemnity

Virtual Routes, MSC, and the Sponsor will not be liable for any damages arising from participation in the Competition, except where prohibited by law.

Participants agree to indemnify Virtual Routes, MSC, and the Sponsor against any claims, damages, or losses resulting from a breach of these T&Cs.

General Conditions

Virtual Routes reserves the right to cancel, suspend, or modify the Competition or these T&Cs if fraud, technical failures, or any other factor beyond Virtual Routes’ reasonable control impairs the integrity or proper functioning of the Competition, as determined by Virtual Routes in its sole discretion.

Any attempt by any person to deliberately undermine the legitimate operation of the Competition may be a violation of criminal and civil law, and, should such an attempt be made, Virtual Routes reserves the right to seek damages from any such person to the fullest extent permitted by law.

Governing Law

These Terms and Conditions are governed by the laws of the United Kingdom, without regard to its conflict of law principles. Any dispute arising out of or in connection with these Terms and Conditions, including any question regarding its existence, validity, or termination, shall be referred to and finally resolved by the courts of the United Kingdom. The participants agree to submit to the exclusive jurisdiction of the courts located in the United Kingdom for the resolution of all disputes arising from or related to these Terms and Conditions or the Competition.