This third paper in the International Cyber Operations Research Paper Series offers an analysis of how and under what guidance Australia and Japan now seek to build and employ their offensive cyber capabilities – the capabilities to disrupt, degrade, or deny a targeted computer system or network – to project their power outward across the region. In doing so, it offers the following observations:
First, Australia has been advancing its offensive cyber capabilities with an eye on a full spectrum of situations covering “grey-zone” activities prevalent in the Indo-Pacific. These capabilities are housed in its major intelligence agency and are intended to discourage offshore malicious actors from targeting its networks in violation of cyber norms.
Second, Japan has limited its external cyber capabilities to responses by its armed forces and to situations of an armed attack.
Third, notwithstanding the importance of a collective approach to filling gaps in cyber capabilities between Australia and Japan, there is growing divergence between like-minded States over the applicability of some rules of international law to cyberspace – notably the principles of sovereignty and due diligence. This could have an adverse effect on their willingness to take concerted and effective cyber measures against the growing “grey-zone” cyber activities in the region.