The COVID pandemic has led to several changes in how we live our lives. Most notably, there has been a new focus on the resilience of national capabilities in the security and public policy fields, whether that capability is in producing toilet paper or maintaining the logistical lines needed for an effective vaccine rollout.
The 2016 US Presidential election demonstrated the importance of another capability, the security and resilience of our democratic institutions. Before 2016, many, even within the security and policy space, hadn't seemed concerned about the ability of our democratic institutions tosurvive a concerted effort to undermine them.
And why would they? Democracy has been steaming ahead for almost a century. In 1914, during the First World War, there were only seven democratic nation-states on earth. Then, 88 years later, in 2002, for the first time, most countries were democracies. Today 99 democratic nation-states constitute over half the world's population.
The increasing popularity of democratic governments, increasing social media uptake and decreased information gatekeeping provided through internet saturation have created the perfect breeding ground for someof the most widespread and low-cost information operations in history. Research by the Australian Strategic Policy Institute identified 48 public votes (41 elections and seven referendums) between 2010 and 2020 where cyber-enabled foreign interference was reported and finds that there has been a significant uptick in such activity since 2017.
Democracies are not faring well. The Economist Intelligence Unit's Democracy Index 2020 found that their global average Index score had hit an all-time low. Closer to home, the Australian National University's 2019 Australian Election Study found that trust in government had struck a similar all-time low, with just one-in-four Australians indicating they had confidence in their political leaders and institutions.
Democracy is more significant than just government. Many of the institutions we rely on for a healthy democracy fall outside the protection of government networks. Institutions such as political parties, journalists, think tanks, foreign-language media and diaspora groups all play a vital role in the health and resilience of our democracy, and these institutions are under attack. Russian interference in the 2016 US election peaked with the hacking of the Democratic National Committee email system. The 2019 European Union elections were notable because of the widespread targeting of non-government entities such as think tanks and non-profits. Australia hasn’t been spared either, in June 2020 the Prime Minister told Australians that sophisticated state-based cyber actor was targeting a range of Australian organisations including political organisations and all levels of government. In March this year, members of the Australian Uyghur diaspora were victims of a "well-resourced and persistent" cyber-espionage operation undertaken by hackers in China, according to Facebook.
This same Prime Minister told Parliament in February 2019 that our democratic processes were "our most critical piece of national infrastructure". Unfortunately, work to secure the fundamental aspects of our democracy that fall outside government is not promulgated. The 2019 MYEFO included $2.7m across the 2019-2023 financial years as part of the Cyber Security Resilience and Workforce Package to secure the networks of Australia's most prominent political parties, a good start but not enough.
It's time that the Australian government take its own words more seriously and begin thinking about our non-government democratic institutions as pieces of necessary infrastructure. Since the COVID pandemic struck, the government has released critical infrastructure security legislation that expands the legal definition of critical infrastructure. That’s not to say that non-government democratic institutions should be classified and regulated as essential infrastructure; these are often small and resource-poor organisations that could not adhere to the regulatory requirements of critical infrastructure status. Instead, the government should identify what technical support mechanisms they provide to essential infrastructure operators and consider extending those support mechanisms to non-government democratic institutions.
Support for essential infrastructure is not a novel concept; the Belfer Centre provides threat intelligence and incident response training to campaign staff in the US. Microsoft's Defending Democracy Program offers threat notification and security training for political campaign staff. TheAustralian government's critical infrastructure legislation proposes collecting telemetry data from virtual networks of infrastructure, and it would be a marginal cost to include the networks of democratic institutions.
The government may recognise that the resilience of our democracy is key to Australia's sovereignty. However, our democracy is currently under stress from internal and external forces. Suppose we are serious about mitigating foreign interference in our democracy. In that case, we must extend government support to the vulnerable non-government democratic institutions that are key to the health of our democracy.
The views expressed here are solely those of the author in a private capacity and do not represent the views of any current or former employers.