From imperial Japan to Communist insurgents and Islamic terrorists, the Philippine-U.S. defense relationship has effectively evolved over its 70-year lifespan to meet the changing regional and global threat environment. However, over the past 20 years, this adaptation has faltered. During this period, cyber operations have become an increasingly prominent tool of international conflict. Whereas other security partnerships like the North Atlantic Treaty Organization (NATO) and the Japan-U.S. alliance have undertaken significant measures to enhance collective defense in cyberspace, cyber cooperation has lagged within the Philippines-U.S. alliance.
This is not merely a question of keeping pace with its collective security peers, as the inability to effectively counter cyber threats has resulted in new vulnerabilities that can undermine the alliance and hamstring its operations. A functional alliance should be capable of not only preempting large-scale disruptive attacks, but also rebuffing sustained cyber campaigns that degrade institutional trust and shape strategic outcomes.
When U.S. Secretary of State Antony Blinken travels to the Philippines on August 6, he will have an opportunity to remedy this lapse and formally extend the Philippine-U.S. alliance into the digital domain.
Cyber Conflict in World Affairs
Article IV of the Mutual Defense Treaty (MDT) commits the United States and the Philippines to aid one another in the event of an “armed attack” on either party. When the treaty was signed, amid the Korean War and less than a decade after World War II, the definition of an “armed attack” was obvious and seemingly unambiguous. Nevertheless, in recent decades, world affairs have seen the proliferation of gray zone operations like hybrid warfare and maritime militias that allow countries to reshape security conditions and advance their interests through actions below the threshold of armed attack.
This is particularly pronounced with the use of cyber means in the pursuit of strategic interests.
Cyber operations have been employed by governments to sabotage critical infrastructure, degrade military capabilities, damage economies, and artificially sow dissent, all whilst eschewing traditional notions of an “armed attack.” More than “cyber Pearl Harbors,” cyber operations have been employed like termites. Sustained cyberattacks with individually minimal impacts have significant cumulative effects that can reshape security conditions and yield significant strategic advantages. Recognition of the dangers posed by cyber operations has seen cybersecurity’s inclusion as a national security issue and the proliferation of cyber military capabilities.
However, the growth of cyber conflict poses an acute challenge to international alliances. While existing defense treaties commit parties to respond to an armed attack, what does this mean for cybersecurity, where the attacker’s identity may be uncertain and harm can be inflicted without producing human casualties? Moreover, how are these institutions expected to respond when the actions do not necessarily violate established international norms and laws?
This dilemma became apparent in 2007, when Estonia experienced a massive Distributed Denial of Service (DDoS) attack that crippled the country. The attack is believed to have been orchestrated by Russia, and Estonia sought to trigger NATO’s collective response commitments under Article V of the North Atlantic Treaty. NATO declined. Individual members and NATO itself were quick to dispatch assistance to Estonia, but Article V was not invoked because of the ambiguity over whether a cyberattack with no loss of life constituted an “armed attack.”
The inadequacies of this response and the continued growth of cyber conflict necessitate a significant reexamination of how alliances respond to offensive cyber operations. Notably, NATO as well as the U.S. alliances with Japan and South Korea have taken significant steps to extend alliance capabilities and commitments into cyberspace, including indications that a cyberattack can constitute an “armed attack.” Unfortunately, the Philippine-U.S. alliance has not kept pace with this development, and cybersecurity remains a blind spot within the alliance.
Cybersecurity in the Philippine-U.S. Alliance
Cyber cooperation has not been wholly absent from the Philippine-U.S. alliance. Following a series of retaliatory cyberattacks by patriotic hackers in China and the Philippines during the 2012 Scarborough Shoal standoff, both the United States and Philippines vowed to work together on cybersecurity. Moreover, from some of the earliest days of the internet, preexisting points of bilateral cooperation have provided mechanisms for cyber cooperation and incident response. This was particularly prominent in 2016 when the Philippines was struck by a series of significant cyberattacks, and U.S. agencies like the Department of Justice provided assistance. These episodes, and the subsequent inclusion of a cybersecurity event as part of the 2017 Balikatan Exercises, seemingly heralded substantive growth of cyber cooperation within the alliance. Yet, over subsequent years cyber cooperation has stalled.
The elections of Rodrigo Duterte and Donald Trump in 2016 posed challenges to the alliance that were uniquely detrimental to digital affairs. Along with direct attacks on the alliance, Duterte’s rapprochement toward China included significant cooperation in information and communication technology (ICT) development as part of China’s digital silk road. The inclusion of Chinese ICT in Philippine critical infrastructure increased U.S. concerns about Chinese espionage activities in the Philippines and brought Manila into direct conflict with the Trump administration and its global campaign against Chinese ICT companies like Huawei.
Beyond this elite discord, underlying divergence also became apparent within the alliance in how each government pursued national cybersecurity. While both governments made cybersecurity a national priority after 2016, the United States focused on foreign governments as the primary threat. Philippine national security and cyber policies do note the threat posed by foreign governments but emphasized cybercrime and non-state actors. This divergent threat perception not only led to differing cyber strategies but also different institutional preferences that may have unintentionally sidelined preexisting points of cooperation. As a result, while cybersecurity remains a topic of discussion within the bilateral dialogue, but joint statements and short-term programs have failed fail to advance the alliance’s ability to counter cyber threats.
The stagnating of bilateral cooperation in cybersecurity constitutes a vulnerability within the alliance. The Philippines ranks among the most cyber insecure countries globally, with its critical infrastructure identified as being especially vulnerable to a foreign cyberattack. Within alliance operations, a partner’s vulnerabilities are your own vulnerabilities, and successful cyberattacks on the Philippines could hamper the United States’ ability to use locations in the Philippines to respond to regional crises. So significant is this concern that the U.S. has been encouraged to consider standalone power facilities to support critical locations in the archipelago.
Nor is critical infrastructure the sole vulnerability. The prominent use of disinformation campaigns during this year’s national elections points to the Philippine population’s susceptibility to such operations. This is significant as China in particular has previously attempted to use disinformation campaigns to target support for the Philippine-U.S. alliance.
Consequently, while Blinken will not lack for topics of conversation when he meets with President Ferdinand Marcos Jr. this week, digital affairs must be on the agenda. There are key steps that can be taken to substantively advance cybersecurity within the Philippine-U.S. alliance.
At a recent conference, Ely Ratner, the assistant secretary of defense for Indo-Pacific Security Affairs, stated that Washington was working with Manila “to develop new bilateral defense guidelines that will clarify our respective roles, missions, and capabilities within the framework of our alliance.” It is essential that these guidelines formally recognize cyber operations as a type of “armed attack” that leads to invocation of the Mutual Defense Treaty. Such a declaration would extend the Philippine-U.S. alliance into cyberspace and bring the partnership in line with other U.S. alliances. Furthermore, while it is not advisable to detail the specific conditions that could trigger Article IV, including cyber operations under the MDT’s security umbrella closes a gap within the alliance that could otherwise be exploited by adversaries.
However, extending alliance commitments to cybersecurity is irrelevant if not paired with corresponding capabilities, investments, and institutional development. The lifeblood of the Philippine-U.S. alliance is its schedule of regularized defense diplomacy activities and the more than 300 defense exercises held annually. Cybersecurity must be integrated into these activities and regularized to promote sustained growth in bilateral cyber cooperation. Including cyber events as part of the bilateral activities illustrates this possibility, and existing mechanisms like the State Partnership Program offer established means to expand bilateral cyber engagement. Likewise, as the Philippines and the United States develop new institutions and agencies to enhance national cybersecurity, these new entities must also be included in cooperative undertakings. Activities like U.S. Cyber Command’s “Hunt Forward” missions offer an immediate means to both improve bilateral cybersecurity and cultivate links between U.S. and Philippine cyber forces that bolster operational effectiveness within the alliance.
Finally, it is essential to recognize that cybersecurity is a whole-of-nation problem that cannot be resolved independently of economic development, trade, and educational issues. For example, the Philippines’ desire for economic development and the need to keep pace in a digitized world led to its embrace of Chinese ICT. Just as cybersecurity should not be ignored for economic expedience, partners should not be expected to sacrifice their economic well-being without aid or assistance. Whereas developments like supply chain diversification present a chance to address these dilemmas in mutually beneficial ways, but these will require significant investments and sustained political support.
Blinken is unlikely to remedy such problems during one short visit, but is time for the alliance to realize that cybersecurity is a liability that neither government can continue to overlook.