• read the article paying attention to the words in bold
  • summarize the main ideas
  • comment on the ideas expressed by the author
  • compose 3 questions for discussion















As their alliance turns 70, Australia, New Zealand, and the U.S. now face different challenges from China.

August 25, 2021, Patricia O’Brien


Patricia O’Brien is a historian, author, analyst and commentator on Australia and Oceania. She is a faculty member in Asian Studies at Georgetown University and in the Department of Pacific Affairs, Australian National University, and is Adjunct Faculty in the Pacific Partners Initiative at the Center for Strategic and International Studies (CSIS), Washington DC

Seventy years after Australia, New Zealand, and the United States signed a treaty committing them to defend one another and work together to ensure a peaceful Pacific, the alliance has assumed new and crucial relevance as all three countries face economic, political and diplomatic challenges from China.

The ANZUS Treaty, named with the initials of the three countries, emerged in 1951 from the nations’ shared history and became an important element of post-World War II international relations. Now, as the Pacific region is ominously poised on the brink of war, the alliance is again a key part of international relations and power struggles.

Deep Shared Pasts

Beyond the ancient connections between Indigenous Hawaiians and New Zealand’s Maori people, the three nations’ stories have been intertwined for centuries.

Britain began colonizing Australia in 1788 because of the loss of the American colonies. Some advocates wanted to relocate American loyalists, as well as indentured servants once destined for North America, to the South Pacific instead. Exiled British loyalists scattered around the empire, with only some reaching the South Pacific. But for 160,000 convicts, Australia’s colonies became their place of banishment over the next 80 years.

At the end of the 18th century, New England whalers and sealers began arriving in New Zealand and Australia. Complex ongoing connections spanned the Pacific over the subsequent years from trade, idea flows, and movements of people, fueled especially by Pacific gold rushes. All three societies developed similar nation-founding myths out of their parallel experiences of conquering Indigenous peoples to form their respective “White nations.”

Complex interconnections reached new heights during World War II. In 1940, spurred by impending war, the United States recognized Australia as an independent nation, distinct from the United Kingdom. Two years later, the U.S. did the same for New Zealand, while the three nations’ military forces were joined in fighting a war against imperial Japan.

The Cold War Birth of ANZUS

All three nations played critical roles in bringing about Japan’s 1945 surrender, and all were transformed by that experience. More than a million U.S. troops were stationed in Australia and New Zealand to defend those countries against feared Japanese invasions. The sheer numbers of U.S. soldiers, among the countries’ combined 8.6 million residents, reshaped the provincial societies, Americanizing their music and romantic rituals. Australia and New Zealand were also transformed by 17,000 women leaving their homelands to become American wives and mothers.

Then from 1949, when Communists took over China, the Pacific region was plunged into the Cold War. The outbreak of the Korean War in 1950 further escalated anxieties about communism’s spread. Yet Australia and New Zealand still felt threatened by a rearmed, “aggressive” Japan.

There was a complication, though: The U.S. wanted to rapidly rebuild Japan to help defend democracy and peace in the North Pacific. This objective was to be enshrined in a proposed mutual security alliance with the former bitter enemy.

The U.S. had been ambivalent about formalizing security arrangements with only Australia and New Zealand. As the U.S. advanced its Japan treaty in 1951, however, Australia and New Zealand met this development with what the U.S. State Department called “great suspicion and disapproval.” So the three nations devised a compromise to placate Australia and New Zealand’s concerns.

That compromise was a trilateral agreement, the ANZUS Treaty. It guaranteed each nation’s security and set up ongoing regional cooperation to protect peace in the Pacific. The ANZUS Treaty was signed in San Francisco on September 1, 1951, seven days before the signing of the Japan-U.S. treaty.

ANZUS Strained and Repaired

In the U.S., ANZUS is little known. But in Australia and New Zealand, the treaty has been a defining part of national security for 70 years. Its popularity has shifted based on public opinion about the U.S. president at the time, or his wars.

In the 1980s, stark differences over nuclear power led the pro-nuclear U.S. to suspend its alliance commitment to the anti-nuclear New Zealand. Tensions eased during the wars in Iraq and Afghanistan, and bilateral ties, including security cooperation improved markedly. New Zealand and the United States signed the Wellington Declaration in 2010, followed by the 2012 Washington Declaration, which “strengthened the defense relationship by providing a framework and strategic guidance for security cooperation and defense dialogues.” These steps, however, fell short of a full restoration of the alliance.

In more recent years, emphasis has shifted to the many unifying facets of the nations rather than points of difference. In 2021, as when ANZUS was born in 1951, the activities of China are reshaping the alliance. This has been evident in a renewed stress on long-standing friendships, cultural common ground and regional partnerships on defense matters.

New Tensions With China

Both Australia and New Zealand had been economic beneficiaries of the rise of China, both nations’ largest trading partner, while pragmatically maintaining close ties with the U.S. as well.

The balance shifted in 2020, when Australia led calls for investigations into Chinese accountability for the COVID-19 pandemic. China’s response was quick: It suspended economic dialogues, targeted trade reprisals on some Australian exports, and, most alarming, state media threatened missile strikes.

Amid these escalating tensions, Australian Prime Minister Scott Morrison made an ominous speech evoking a region “eerily haunted by similar times many years ago in the 1930s” that led to the Pacific war.

Even so, the value of Australia’s exports to China actually increased 33 percent over the past year, in part thanks to rising prices of Australian iron ore.

Though Australia is again closely aligned with the U.S., there is one major caveat. Australia’s ongoing fossil-fuel-friendly policies differ from the Biden’s administration’s sweeping climate agenda. Biden has pledged not to “pull any punches,” even with Australia, to solve a global problem.

New Zealand is still trying to balance Chinese and U.S. interests. Rapidly rising regional tensions over Taiwan, the South China Sea and China’s hand in eroding human rights and democracy, not to mention its treatment of Australia, are testing the nation’s leaders.

Shifting Focus to the Pacific Region

Because of China, the U.S. is increasing its attention to the Pacific at levels not seen since World War II. Two recent bipartisan congressional bills address Chinese influence in multiple arenas, including scientific research security and China’s economic, political, and military efforts.

In related efforts, the U.S. military has announced plans to build new bases in three strategically located Pacific island countries. The countries – the Federated States of Micronesia, the Republic of the Marshall Islands, and the Republic of Palau – were U.N. trusts administered by the U.S. but are now independent nations freely associated with the U.S.

ANZUS is fundamental in this U.S. strategy. Both Australia and New Zealand are substantially increasing defense spending in ways that further bind the three nations’ militaries together. Also key is the intelligence-sharing agreement dating back to World War II, “Five Eyes,” which also includes Canada and the U.K.

In addition, the U.S. and Australia are part of the “Quad,” a four-nation group, with Japan and India, building on Cold War security agreements to meet China’s rise in the Indo-Pacific region.

While military tensions in the mid-2021 Pacific are high around Taiwan, Hong Kong, and the South China Sea, the U.S. has just concluded Operation Pacific Iron in Guam and the Northern Marianas, a huge demonstration of air, land, and sea power. Also, biennial joint exercises called Talisman Saber recently concluded in Australia, involving 17,000 troops from U.S. and allied nations. These exercises were also aimed at demonstrating power and battle readiness. China watched these activities closely.

As ANZUS turns 70, the deep, entwined pasts of New Zealand, Australia and the U.S. will continue to fundamentally shape the Pacific’s uncertain future.

Responding to cyberattacks as allies: implications for the ANZUS alliance

James Mulvenon
Since 1952, the ANZUS Treaty has been a foundation for the military and national security relationships between the US and Australia. While the alliance has no integrated defence structure or dedicated forces, the two countries have ‘fought side-by-side in every major conflict since the First World War’ and continue to maintain extensive ministerial consultations, joint exercises and intelligence sharing. For most of this history, the parties to the ANZUS Treaty were concerned solely with kinetic military conflict, but the rise of cyberconflict necessitates an expansion of the scope of the alliance.

Why do we need cybercooperation?

Strategic cooperation in cyberspace between like-minded state actors such as the US and Australia is now absolutely critical to the national security of both countries. The main drivers are twofold: our collective reliance on cyberspace for an increasing percentage of global trade and commerce, and the corresponding rise of serious threats to what is universally acknowledged to be flawed technical architecture. Even as the world becomes more dependent on cyberspace in every facet of life, the threat environment has become more dire, exacerbated by a desire to prioritise connectivity over security.

The spectrum of cyberthreats ranges widely from lower level threats like defacements to intermediate threats like botnets and malware, and beyond to a new threshold of cyberattacks established by the Stuxnet worm. Not only is the spectrum wide, but the potential actors and adversaries are proliferating at the speed of the network. States and non-state actors, including state-sponsored organisations or proxies, have varying levels of capability and intent, but still comprise a significant level of threat in cyberspace. Increasing dependence on cyberspace across all dimensions of national power (political, economic, military, diplomatic, social) only increases our vulnerability and the potential negative consequences of not adequately understanding the threats.
While Stuxnet is considered the new pinnacle of cyberthreats, cyberespionage, not cyberattack or cyberwar, is currently the most pressing risk for the US and its allies in cyberspace. Strategic espionage against political, military and intelligence targets can change the outcome of interstate conflicts and even alter the balance of power, while economic espionage can result in substantial economic losses and can endanger future
competitive advantage. Within the espionage realm, ‘advanced persistent threat’ poses the most significant, sustained challenge to actors in cyberspace.
Another important class of threats against states includes activities designed to deny access to cyber-resources, such as the distributed denial of service (DDoS) attacks against Estonia in 2007, which took down the websites of many Estonian organisations, including the parliament, banks and media
following increased tensions with Russia.
The Estonian disruption also included defacements and other lower level methods, although the DDoS attacks caused the most significant, sustained damage. While some Russian hackers have taken responsibility for the attacks, no official connection with the Russian Government has been uncovered.

The Estonian experience was repeated during the 2008 cyberdisruptions before and during the brief war between Georgia and Russia, including defacement and DDoS attacks against Georgian Government and media websites, again presumably by Russian-backed actors. Taken together, these various classes of cyberthreat present a significant threat to the viability of cyberspace as a usable domain for states, groups or individuals, necessitating a systematic examination of the dynamics of cyberconflict.
In short, the advanced persistent threat problem is global, so the solutions can’t be isolated within an individual country. Instead, countries with similar values and institutional structures must band together in a ‘coalition of the willing’ to develop common strategies, policies, laws, standards and technical approaches. Given the long history of the relationship between Canberra and Washington, it’s natural to see the ANZUS Treaty as the foundation of strategic cooperation between Australia and the US.

What cooperation strategies should we pursue?

Before discussing specific strategies, it’s important to note a number of structural conditions and constraints that shape the cooperation environment. First, the governments of both countries are keenly aware that key resources for the effort, including time, bureaucratic energy and even travel dollars, are finite and must be optimised for the greatest potential gain. Second, we must recognise that the major ‘problem’ countries operating in cyberspace—China, Russia and Iran—are also the most difficult to talk to, and the cyber issue is inextricably intertwined with a wide array of other points of strategic tension and conflict with the three countries.
Given these factors, we should first align and normalise cybercooperation among ourselves before pursuing the more difficult challenge of cyberdialogue with adversary states. To this end, we can build upon over a decade of successful bilateral and multilateral exchanges, led in the US by the State Department, to synchronise cyber-related laws and regulations and establish formal points of contact at the working levels. The intent of these exchanges has been to improve information sharing, joint investigations and our common defence.
Strategically, we seek to create a cyber cordon sanitaire among Western, developed nations, while more starkly delineating the boundaries of the cyberthreat ‘sanctuary’. Operating as a common bloc also unquestionably strengthens our bilateral and multilateral negotiations with adversary states, preventing them from playing us off against one another.
Why does this cooperation work? The answer lies in our similar political, legal and economic systems, as well as our long history of fighting together as an alliance.
Our political systems share the same core values, including representative democracy, freedom of the press and governmental transparency. Our legal systems enshrine protections of privacy and civil liberties. And our economic systems are anchored in the encouragement of genuine private enterprise
as opposed to the state capitalist systems of our main cyberadversaries. While the symmetries between Western systems aren’t always exact, the similarities far outnumber the differences.
While these commonalities facilitate cooperation in peacetime, cooperation under conditions of cyberconflict is very different.
We’re very early in the development of strategic and military understandings of the nature of cyberconflict. In many ways, it feels like 1946, when the US had detonated atomic weapons but there had been very little strategic thinking about their employment.
But what is cyberconflict? One definition describes it as: the conduct of large scale, politically motivated conflict based on the use of offensive and defensive capabilities to disrupt digital systems, networks, and infrastructures, including the use of cyber-based weapons or tools by non-
state/transnational actors in conjunction with other forces for political ends.
Cyberconflict includes activities conducted by both state and non-state actors against a variety of targets. It encompasses a number of activities that pose threats to individuals, organisations and nation-states, as well as traditional military and intelligence operations. An alternative definition
notes that cyberconflict is ‘broader than cyberwarfare, including all conflicts and coercion between nations and groups for strategic purposes utilising cyberspace where software, computers, and networks are both the means and the targets.’ At its most basic level, cyberconflict encompasses activities
conducted by many kinds of actors in order to achieve a strategic gain.
Given the huge stakes and potential damage to networked economies like those of the US and Australia, it’s natural to begin with an examination of the notion of cyberdeterrence.
While the US wisely retains the intention and capability to initiate cyberconflict at a time and place of its own choosing, it naturally seeks to deter other adversaries from the same goal, particularly given the asymmetric dependence of the US on cyberspace for economic, political and technological power. While it’s well known that US government, military, and corporate networks have been the target of sustained computer network exploitation activities over the past 10 years, the country hasn’t yet been the target of the type of large-scale computer network attack envisioned by Richard Clarke and others in their writings.
How can we explain this apparent gap? Why have adversaries not taken advantage of clear vulnerabilities to launch cyberattacks against the US? Is it because they haven’t developed sufficient capabilities to do so?
That’s hard to believe, given the sophistication of the intrusions and methods. Has there not yet been the right combination of strategic circumstance and perceived payoff, such as the China–Taiwan contingency involving US military intervention, to justify using known capabilities? Or, despite its strategic confusion, does the US currently benefit from a form of tacit cyberdeterrence from computer network attack, and if so, what is
the basis for this tacit deterrence?
When unpacking cyberdeterrence, the canon typologises deterrence into two categories: deterrence through denial and deterrence through punishment.
Cyberdeterrence through denial is also primarily based on computer network defence. One piece of good news is that the ‘attribution problem’, which occupies centre stage in the discussion of the dilemmas posed by cyberdeterrence by punishment, is not as significant an issue in cyberdeterrence by denial, because it isn’t critical to know who might attack, only whether you’re vulnerable to attack. Also, two primary methods for
protecting retaliatory forces are mobility and concealment. Cyberforces, by virtue of their form factor (a laptop is easier to conceal than a ballistic missile submarine), are already more mobile and more concealed than nuclear forces ever were. Finally, the inability to disarm an adversary’s cyberattack capability has three benefits: reduced incentives for pre-emption; more focused and proportional retaliation; and reduced demand for immediate retaliation (‘use it or lose it’). But the cyber offence–defence balance is a huge problem for cyberdeterrence by denial.
Fundamental security was not built into the architecture of cyberspace, and we have been gluing security onto the side of the network ever since. Without fundamental re-architecting of the network, which is unlikely in the short-term, is deterrence by denial even possible? In the short term, Rattray argues that these defensive dilemmas put a greater onus on risk management than impenetrable protection:
Diffuse vulnerabilities and limited resources also require defensive efforts
predicated on managing the risks of attacks rather than establishing
comprehensive defenses capable of assured protection.
But Owens et al. write that ‘the gap between the attacker’s capability to attack many vulnerable targets and the defender’s inability to defend all of them is growing rather than diminishing.’10 In addition, cyberoffensive
capabilities are dramatically cheaper than effective cyberdefensive capabilities. As is often pointed out, the cyberwarrior, armed perhaps with a minimal kit (computer, internet connection and publicly available tools) only needs to find one way in, but the cyberdefender, protecting perhaps a huge network of thousands of heterogeneous nodes with dozens of access points, needs to bar every possible avenue of approach.
Thus, cyberdeterrence by denial is also cost-prohibitive. For both of these reasons, it appears that cyberdeterrence by denial may be less credible than deterrence by punishment.
In the cyber-realm, deterrence by punishment theoretically offers better chances of success, especially against adversaries that have well-developed cyberinfrastructure. As Owens et al. argue:
Deterrence by punishment is more likely to be an effective strategy against nations that are highly dependent on information technology, because such nations have a much larger number of potential targets that can be attacked. Nevertheless, even nations with a less technologically sophisticated national infrastructure are probably vulnerable to cyberattack in selected niches.
Moreover, the will to retaliate is arguably less of a factor in cyberattack than in nuclear strategy, given its plausible deniability, potentially covert nature, and less physically destructive effects.
Yet cyberdeterrence through punishment is also highly problematic. The main challenges for cyberdeterrence through punishment are:
• the so-called ‘attribution problem’, which makes it difficult to identify the attacker in the first place
• a series of credibility problems, including automaticity of response, unavailability of retaliatory targets, demonstration of effect, uncertainty of cybereffects, repeatability of effect, survivability of retaliatory capability, thresholds, signalling, command and control, and extended deterrence.
None of these challenges can be solved through policy measures alone, such as stated declaratory policies. All of these challenges create strategic instability in cyberconflict and undermine the utility of deterrence through punishment.
This leads us to the stark conclusion that the current cyberspace domain is inherently unstable. The strategic cyber-environment is marked by an inability to establish credible deterrence and effectively prevent the emergence of adversaries and conflicts in cyberspace detrimental to US interests. The sources of this instability are manyfold. First, the technical architecture undergirding cyberspace is highly permissive of cyberintrusions and attacks, resulting in a system that’s extremely hard to defend and confers dominance on the offence. The defender can mitigate the asymmetry by reducing the degree of interconnectivity, or even disconnecting networks, but that’s very costly, given the growing reliance of the US and advanced nations on those networks for a wide range of economic activity and military operations. Second, the design of the architecture often provides the attacker with anonymity and plausible deniability, aided by the lack of effective
governance of the network focused on mitigating malicious activity. Third, the relatively low cost of technology and operations significantly lowers the barriers to entry for the attacker, enabling a wide range of actors to acquire capabilities.
Fourth, cyberoperations running at the rapid ‘speed of the network’ deny defenders and the political leadership sufficient time for assessment and decision-making. Automation may mitigate this problem, but the risks are
both high and unknown. Fifth, the pace of technological change and the breadth of network connectivity are outpacing both defensive approaches at the enterprise or engineering level and the policy and legal constructs promulgated to guide their operations. Moreover, these conditions are
only getting worse with the proliferation of social media and mobile communications, and the migration to cloud computing. An internet underground capable of exploiting these trends is alive and well, with pirates and mercenaries thriving in a swampy ecosystem that makes hiding and attacking too easy.
Last, while the issues are acknowledged, little progress is being made in improving security and resilience as a key aspect of internet governance.
Given this state of strategic instability in cyberspace, it’s more important than ever for allies such as the ANZUS Treaty countries to bolster their collective cyberdeterrent by coordinating information sharing and
technical cybercapabilities across all three realms of computer network operations (defence, exploitation and attack). This is a natural extension of the language in Article II of the treaty calling for all parties to ‘separately and jointly by means of continuous and effective self-help and mutual aid [to]
maintain and develop their individual and collective capacity to resist armed attack.’
A higher and more complicated goal would be to link the nations’ cyberdeterrence and declaratory policies such that cyberattacks would be covered under Article V’s language that ‘an armed attack on any of the Parties is deemed to include an armed attack’ on all. If deterrence fails, however, it’s equally important for the ANZUS Treaty partners to coordinate their kinetic and non-kinetic responses to a foreign cyberattack through
information sharing about defensive signatures and the synchronisation of exploit and attack operations.
Current and future cooperation challenges
One current arena for cooperation and conflict between states involves what might be called the ‘re-sovereigntisation’ of cyberspace.
During the early years of the internet, when cyberspace was not the technological foundation for global commerce, states had the luxury of permitting the architecture to grow organically and not being concerned
with its strategic value. Now that the situation has clearly changed, all states have come to an important realisation: every node of the network, every switch, router and computer, is either located within the sovereign boundaries of a nation-state and therefore governed by its laws, or travels on
submarine cables or satellite connections that are owned by companies incorporated in sovereign nations and therefore bound by their laws. In other words, there’s no ‘commons’ in cyberspace similar to air, sea and space, and there’s no part of the global architecture that is ‘sovereignty-less’. The implications of this realisation are profound, and explain why countries like China are keen on moving internet governance from non-governmental organisations like ICANN (the Internet Corporation for Assigned Names
and Numbers) and the Internet Governance Forum to state-based organisations like the United Nations International Telecommunications Union. The battlelines have been clearly drawn (compare the White
House’s recently published International Strategy for Cyberspace with China and Russia’s proposed International Code of Conduct in cyberspace), and Western nations need to develop policy responses that are properly aligned and mutually reinforcing.
Among the future cooperation challenges are the ‘long game’ issues in cyberspace, especially shaping the global information technology standards regimes. For many years, organisations such as the Internet Engineering Task Force and IEEE were dominated by knowledgeable technical personnel with little interference from governments, which had adopted a laissez faire approach to standards development.
China’s unwillingness to pay royalties for existing standards and protocols such as CDMA led Beijing to fund an aggressive, state-driven industrial policy to develop parallel, indigenous standards for nearly all of the existing protocols. While most of the Chinese standards have been rejected by the International Organization for Standardization and other governance
bodies as technically inferior to the existing standards, China, exploiting its status as ‘the world’s IT workshop’, has been able to force multinational companies assembling equipment in-country to integrate the rejected standards into their products, thus distorting the standards regime.
Western countries were late in recognising this strategy and its implications, and have been playing ‘catch-up’ ever since. Because the standards debates today will define the nature of the technical architecture and the corresponding cybersecurity challenges of 5, 10 and even 20 years from now, it’s important that the US and Australia develop a common approach on the standards issue and coordinate their efforts.