Ben Morgan’s Pacific Update – A simple explanation of this week’s military and political developments in the Pacific

China and cyber espionage 

On Monday 25 March, the US and UK issued statements condemning Chinese cyber espionage operations.  Chinese state-sponsored hackers are alleged to be running a large scale cyber espionage programme targeting government departments, politicians and activists in both nations. Both the UK and US protested directly to the Chinese government and announced sanctions of Chinese individuals and companies associated with this activity.   

Then on Tuesday 26 March, the New Zealand government’s intelligence services announced that New Zealand’s parliamentary services network was compromised in 2021, including that there had been a loss of information to Chinese hackers.  New Zealand has not announced sanctions but as Otago University international relations expert Professor Robert Patman told the Guardian just naming China is an unusually strong action “To name China – a superpower – publicly as engaging in foreign interference in New Zealand domestic political affairs is quite a serious charge” he said, highlighting the gravity of the government’s statement.  

How cyber espionage is organised 

This activity is conducted by criminal hackers linked to the Chinese government’s Ministry of State Security.  The label that US and allied intelligence agencies use to identify these group is Advanced Persistent Threats (APT) followed by a number that identifies the specific group i.e. APT 39, APT 40 etc.  The individuals in these groups are civilian hackers, recruited by intelligence service agents to conduct cyber espionage and cyber attack. This allows nations to fund and support useful intelligence or cyber war operations while keeping the operatives ‘at arms length.’  This type of activity is not unique to China, all nations use similar techniques.  In the book @War – The Rise of the Military-Internet Complex, author Shane Harris provides a excellent overview of the tactics and techniques of cyber war used by the US. Tactics and techniques that are probably universal. 

Essentially, cyber espionage aims to get into organisation or individual’s cyber networks then discretely gather information or create secret ‘backdoors’ that can be used later, either to gather more information or to attack the network.  Often these operations take years of patient work, small breaches being used to create pathway’s into a network that may not be exploited for years.

Around the world there are thousands of people constantly testing targeted networks on behalf of national governments. Likewise, every government is employing teams of people with similar skills to stop this activity.  A constant, invisible and undeclared war going on in cyber space as every nation seeks intelligence and weaknesses that can be exploited to shut down a potential enemy’s data networks.  Key targets are the military, infrastructure providers and politicians.  

Cyber operations in the Pacific

In the Pacific, China, the US and every other country with an interest in the region is conducting similar operations, creating a significant issue for small nations.  In these columns we have discussed Australia and the US’s activities to ‘harden’ cyber networks in the region.  Australia funding cyber-security activity to support small Pacific nations develop their cyber security capabilities and a contingent part of the US programme to install undersea data cables in the regions is that any organisation connecting to them meets US security protocols. 

Obviously, the largest players are China and the US but rest assured every other nation is undertaking this type of activity.  Sometimes looking at allies and partners, but mostly at potential threats. 

Chinese cyber operations are indicative of New Zealand’s position in Pacific politics 

The size and scale of China’s cyber espionage operations is a surprise to many people, especially in New Zealand. China is New Zealand’s largest trading partner and generally the countries enjoy a good relationship, additionally many New Zealanders see their own country as isolated and outside the machinations of global strategy.  

However, it is worth noting that the APT implicated in the New Zealand operation, APT 40 has a specific focus. Mandiant, Google’s cybersecurity subsidiary monitors APTs and its information is that “APT40 is a Chinese cyber espionage group that typically targets countries strategically important to the Belt and Road Initiative.”  New Zealand plays a key role in the Pacific, it is an ally of Australia and exerts an influence on many smaller Pacific nations, several of which benefit from ‘Belt and Road’ investment.  

Further, 2021 was a busy year in the Pacific. In March 2021, the Sunday Telegraph reported that Australian Vice-Admiral Michael Noonan had met with his UK counterpart Admiral Tony Radakin to discuss getting US and UK help developing a nuclear powered submarine fleet. A discussion that eventually led to the AUKUS deal, a situation that may have triggered a higher level of interest in New Zealand policy especially since “Mandiant Intelligence believes that APT40’s operations are a cyber counterpart to China’s efforts to modernize its naval capabilities.”  Mandiant’s research links APT 40 to a naval intelligence campaign launched in 2016, after the Chinese navy recovered a US Navy under sea drone (or Unmanned Underwater Vehicle (UUV) in military terminology).  

Although, the idea that New Zealand was specifically targeted in 2021 because of Australian interest in developing its nuclear powered submarine fleet is speculation, based only on public source information, it is a useful speculation that provides an example of a possible reason why China targeted New Zealand.  In this example, information gleaned from ‘off the record’ New Zealand political discussions, or briefings to MPs may provide useful background information about Pacific politics for Chinese diplomatic activity i.e.  In 2021, China may have wanted to know how New Zealand would react if Australia, the UK and US formed an alliance, or how they thought other Pacific nations might react?  

Further, New Zealand is a member of the ‘Five Eyes’ intelligence network and there is always the possibility that in political briefings and discussions there could be an unintentional breach of confidential information.  Often security breaches are indirect, a careless statement or choice of words that when put together with other pieces of information completes the puzzle and confirms intelligence assessments. 

Mandiant’s dossier on APT 40 indicates that although the group’s initial focus was naval, it has expanded its operations into the political arena  “In addition to its maritime focus, APT40 engages in broader regional targeting against traditional intelligence targets, especially organizations with operations in Southeast Asia or involved in South China Sea disputes. Most recently, this has included victims with connections to elections in Southeast Asia, which is likely driven by events affecting China’s Belt and Road Initiative.” 

So, this week’s revelation is not at all surprising because China, like all nations, is constantly watching and listening electronically.  This week’s revelation is important because it highlights to New Zealanders the important role their nation plays in Pacific politics. Important enough that its politicians and their supporting public servants were subject to a specific, targeted attack.  We can speculate about the motivation but its unlikely that neither APT 40 or New Zealand’s intelligence agencies will be telling us anytime soon.  Instead, this information is important for New Zealanders because it reminds them that their country is a key influencer in the Pacific and that its foreign policy matters, enough for it to be targeted in a specific and invasive manner.  A key point that should influence foreign policy decisions and decisions about investment in cyber security. 

For more information about APT 40 – https://www.mandiant.com/resources/blog/apt40-examining-a-china-nexus-espionage-actor 

Tensions mount in the South China Sea, Japan, South Korea and Australia back Philippines

The South China Sea is back in the spotlight.  Chinese and Philippines vessels clashing near the Second Thomas Shoal. China claims almost all of the South China Sea, a claim that is not internationally recognised and that puts it at odds with its neighbours, including Philippines.  Several nations surrounding the South China Sea dispute China’s claim including Philippines.  

Over the last year China has focused on enforcing its claim to the Second Thomas Shoal, a tiny speck of land about 270km west of the Philippines and 1,100km south-east of China. Philippines maintains a small garrison on the Shoal that China is working hard to make unsustainable.  China’s strategy is to use its Coast Guard’s larger vessels to ‘bully’ any Philippines supply vessels travelling to the garrison.

Last weekend there was a tense five-hour stand-off as Chinese Coast Guard vessels manoeuvred aggressively and used powerful water cannons to try and stop a Philippines supply ship reaching the Shoal.  

The confrontation was tense and dangerous resulting in the US State Department issuing a statement confirming that it “stands with its ally the Philippines and condemns the dangerous actions by the People’s Republic of China (PRC) against lawful Philippine maritime operations in the South China Sea on March 23.”  The Chinese ambassador was ‘called in’ by the Philippines government on Tuesday to receive an official protest.  

On Wednesday, China’s Foreign Minister Wang Yi responded with a statement that blamed Philippines stating that “The root cause is that the Philippines has changed its longstanding policy stance, reneged on its own commitments, continued to provoke and stir trouble at sea, and undermined China’s legal rights.” The statement included a threat that “China-Philippines relations are at a crossroads. Faced with the choice of where to go, the Philippines must act with caution.” 

China’s claim to the South China Sea has been reviewed by an international tribunal that found against it, and most countries do not support the claim.  China’s aggressive behaviour around the Second Thomas Shoal has been consistent for most of the last year, creating considerable concern not just in the Philippines but in the wider region.  Across the South China Sea there a numerous specks of land claimed by different countries any of whom could find themselves in the same position as Philippines.  

Philippines is too small to match China militarily so its response is to highlight China’s behaviour and seek collective security through partnerships and alliances.  This week Japan, South Korea and Australia issued statements condemning China’s behaviour, a powerful and important demonstration of support. Australia’s ambassador in the Philippines, Hae Kyong Yu’s expressing his nation’s deep concerns and describing the incidents as “…part of a pattern of deeply concerning behaviour by China which endangers the peace and security of the region, threatens lives and livelihoods, and creates risks of miscalculation and escalation.” 

China will respond and nations openly supporting Philippines may suffer informal or formal economic sanctions.  However, their support for Philippines is vitally important because collective security is the basis for deterrence.  China can easily overpower Philippines and force its claim on the smaller nation but is more likely to be deterred if it faces a wider coalition.  The South China Sea is a very tense area that nations across the Pacific need to be studying because it indicates an increasingly aggressive approach in Chinese foreign policy. 

Melanesian update 

A regular update on the Pacific’s least reported trouble spot; Melanesia. 

Bougainville’s independence leaders look for an alternative route to self-determination

Bougainville is a small island located immediately south of Papua New Guinea. Bougainville’s people are ethnically distinct from their Papuan neighbours and in the 1980-90s fought a long and bloody war for independence. Since the war finished in 1998, Papua New Guinea and Bougainville have been negotiating a peace settlement that could lead to the island’s independence. 

Most recently a plebiscite referendum was held in 2019, the result of which was that Bougainville’s inhabitants want independence. The next agreed step in the process is that Papua New Guinea’s government must consider the matter and decide if Bougainville can break away.  However, the vote has been put off several times and now Bougainville’s independence supporters have suggested a new route to self-determination.  

Ezekiel Masatt, Bougainville’s representative has suggested that instead of following the planned steps that include getting Papua New Guinea’s parliament to vote on the issue the island may simply declare independence.  Two weeks ago, a draft Bougainville constitution was made public. 

This week Masatt pointed to the fact that with a constitution, Bougainville could simply declare independence.  He suggested Bougainville could follow Papua New Guinea’s example, it gained independence from Australia by writing a constitution and declaring independence.  

At this stage Masatt’s statements are rhetoric designed to force Papua New Guinea’s parliament to address this long-standing issue.  However, this is a risky option because my assessment is that Papua New Guinea does not want to relinquish control of the mineral wealth of Bougainville.  Therefore, this situation may continue to escalate providing another point of instability in Melanesia.  

Video of a heavy-handed Chinese police operation in Fiji made public 

This week, a 2017 video of heavy-handed Chinese police tactics in Fiji was released.  The video shows a contingent of Chinese police arriving in Fiji, raiding premises and seizing people wanted by the Chinese authorities.  The video then shows the arrested people being immediately taken on board Chinese aircraft to be flown back to China. 

The video is scary because a large force of police arriving in another country and making arrests under their own nation’s law without any local legal process sets an alarming precedent. One that tramples over concepts of sovereignty and the rule of law. Additionally, this behaviour is becoming increasingly widespread as informal Chinese ‘police stations’ crop up around the world ‘policing’ local Chinese communities.  Often, this police activity includes surveillance of and the sometimes arrest and rendition of local anti-Chinese Communist Party activists as well as criminals. A potentially dangerous imposition on local laws. 

Ben Morgan is a bored Gen Xer, a former Officer in NZDF and TDBs Military Blogger – his work is on substack