The Monthly Roundup: 2024 in Cyber & Tech
ASPI Cyber, Technology & Security analysts write on the issues that have defined 2024 in the field – and what 2025 might have in store.
This is a special edition of ASPI's Daily Cyber & Tech Digest, a newsletter that focuses on the topics we work on, including cybersecurity, critical technologies, foreign interference & disinformation. Sign up for it here.
Welcome to this year’s final edition of The Daily Cyber & Tech Digest Monthly Roundup! To wrap up the year, the Cyber, Technology & Security team at ASPI share their top picks for stories that have made a difference in 2024 – and make some predictions for 2025. See you all in the new year for more roundups!
Compete, Sanction, Regulate: Summarising 2024
The race for critical technology dominance continues
The US-China technology competition continued to escalate in 2024. In 2022, the Biden administration started taking measures, such as the CHIPS and Science Act, to secure its semiconductor industry by limiting China’s access to chips and fabrication tools. Subsequent export restrictions have stymied China’s progress in critical technologies field which require chips, like high performance computing, machine learning and natural language processing. In December this year, the US announced further export controls on 140 Chinese companies, again targeting semiconductor toolmaking companies. Chinese industries bodies retaliated by classifying US chips as ‘no longer safe’.
The global electric vehicles (EVs) market also became a front in tech competition in 2024. The US imposed a 100% tariff on EVs while restricting subsidies on any EVs with parts made in China. Since 80% of the electric batteries fitted in EVs are made in China, this new restriction also impacts American EV manufacturers like Tesla. In addition, the Biden administration proposed banning Chinese software and hardware managing vehicles communication because of the national security risks associated with the remote manipulation of vehicles through their internet connection and navigation systems. The Canadian government followed suit by applying a 100% tariff on Chinese EVs.
The EU, highly competitive in the critical technology space in the ASPI's Critical Tech Tracker, also voted to increase the import tariffs on Chinese-built electric vehicles to 45.3% in addition to the 10% import duty applied to all EU car imports. The European Commission justified its decision by arguing that the generous Chinese government subsidies afforded to Chinese EV manufacturers have placed European automakers at an unfair competitive disadvantage with the influx of low-cost Chinese EVs.
Despite these restrictions, China continued to direct enormous resources into its drive for technological and scientific advancements. ASPI's Critical Tech Tracker 2024 update showed an inversion in research leadership between the US and China over the past two decades with China overtaking the US in high-impact research. We are likely to see this trend continue throughout 2025.
TikTok faces growing headwinds
Long-standing concerns over Chinese-owned social media app TikTok came to head in multiple democracies in 2024 — suggesting that 2025 will likely be a make-or-break year for the company. In early December, it seemed TikTok was finally set to be removed from US app stores after years of controversy, negotiations and litigation. The popular social media app has faced accusations of censorship, data privacy violations, and national security risks in relation to its ownership by Chinese company ByteDance, which like all Chinese companies is required by law to assist Chinese security and intelligence services when requested. A looming ban was set to take effect on 19 January after the Chinese-owned social media company lost its appeal in US federal court. Yet again, TikTok has gotten a temporary reprieve. This week, the US Supreme Court agreed to hear the company’s case and fast-tracked oral arguments so the court can rule by 10 January.
TikTok’s future elsewhere is looking increasingly uncertain. In November, Canada announced it would shut down the company’s operations in the country citing a recent national security review, though the app remains available in app stores there. Later that month, TikTok faced intense scrutiny after the shock victory of a far-right pro-Russia candidate without major party backing – but with the support of tens of thousands of suspicious-looking TikTok accounts – in Romania’s first-round presidential vote. On 17 December, the European Commission opened an investigation into TikTok for a potential failure in its ‘obligation to properly assess and mitigate systemic risks linked to election integrity’.
In 2025, we expect to see the results of all these proceedings, which will likely shape the future of how Chinese technology companies with western democracies.
Hybrid threats from Russia and China proliferate…
More countries began to take more seriously the hybrid warfare domain in 2024. On 16 December, the EU issued its first ever sanctions targeting hybrid threats originating from Russia by sanctioning 16 individuals and three entities involved in cyberattacks, assassinations, and disinformation campaigns.
Russia is collaborating more with China in disinformation operations. For example, during this year’s elections in Solomon Islands the two spread information accusing the US of fomenting riots and trying to orchestrate regime change. Beyond the Pacific, China’s tactics included the use of its state media to promote Beijing’s viewpoint in multiple languages. Beijing has also taken to using online influencers, as well as using fake personas and inauthentic accounts through its Spamouflage network.
In the global year of elections, we saw an increased use of AI and deepfakes to influence voters, as in the case of India’s election. Iran and North Korea used the rapidly developing digital tools for illegal activities and to influence election, which Microsoft and OpenAI managed to detect. Additionally, there is a growing concern in the use of proxies to mask disinformation origins. Such operations exploit local populations to amplify divisive narratives, tarnishing reputations while maintaining plausible deniability.
In 2025, we expect to see increasing collaboration between malicious actors using hybrid tactics, which will need to be tackled through stronger global multi-stakeholder partnerships to enhance intelligence sharing, regulate digital tools, and disrupt financial networks supporting disinformation campaigns.
…but China’s hybrid threats targeting Taiwan face (some) pushback
The most high-profile target of hybrid threats in 2024 was once again Taiwan. While the year saw some of the largest military and paramilitary drills aimed at intimidating Taiwan’s people and government, Beijing also subjected Taipei to intensifying hybrid threats in other areas to force it into accepting unification on Beijing’s terms. Taiwan’s partners, on the other hand, have often been reluctant to draw any specific red lines against this type of coercion.
But times are changing. In August, the Australian Senate passed a bipartisan motion concerning the interpretation of UN General Assembly Resolution 2758, which made it clear that Resolution 2758 ‘does not establish the People's Republic of China's sovereignty over Taiwan and does not determine the future status of Taiwan in the UN’. The resolution recognized the PRC as ‘the only legitimate representative of China to the United Nations’ and removed the representatives of Taiwan. However, Beijing has since misrepresented the resolution to argue that Taiwan falls within China's international law identity and that the UN has endorsed this view.
Throughout the year, many more countries followed Australia’s move. The UK Parliament, Dutch House of Representatives, Canadian House of Commons and European Parliament all passed similar motions rejecting Beijing’s misinterpretation. All of this gives hope that 2025 will also be a year where Taiwan’s partners continue to push back against what is Xi Jinping’s preferred strategy of unification: steady but intensifying coercion through hybrid threats. And hopefully not just in the information domain, but also supporting Taiwan in its efforts to be more resilient to Beijing’s military, economic, cyber, and diplomatic tactics to effectively assert control over the island.
Authoritarian technology and surveillance undermine human rights
As the ‘axis of upheaval’ grew closer and democracies continued to backslide, 2024 was another year of tech-enabled surveillance and repression. Opposition politicians, journalists, minority groups, as well as activists and human rights practitioners are being targeted, with a tightening of controls extending to general governance and borders management. The use of spyware, such as Pegasus, has become increasingly widespread, in conjunction with other tactics of digital surveillance and online harassment that have resulted in serious human rights violations, silencing of critics of power and transnational repression.
The use of technology to tighten control is a global phenomenon but often has nuanced local iterations. In Australia, for example, government and the private sector were repeatedly called out for alleged tech-enhanced human rights violations against immigration detainees, or the rights of workers infringed by big corporations. Most tragically, the world saw increasing use of technology in conflict zones, including the use of AI-enhanced weaponry in military settings. This has contributed to a devastating civilian death count of Palestinians in Gaza, where the Israel Defence Force conducted AI-enhanced systematic bombings. Additionally, as TIME magazine put it, in the battlefields of Ukraine we may be witnessing the first true ‘AI war’.
With the steady worsening of active conflicts around the world, political and economic instability, and the continuing rise in authoritarian practices, the intersection between technology and human rights will continue to be a topic of concern in 2025.
Minilateralism triumphs
In the face of greater US-China strategic competition in the Indo-Pacific, more bilateral and minilateral ties have emerged in 2024. Other factors such as climate change and economic shocks hastened the pace of innovation. However, as the region’s strategic situation deteriorates, many like-minded countries have this year continued to strengthen relationships in cyber and critical technologies.
AI regulation was a key regional focus. The AI Seoul Summit in May, for example, resulted in the release of the ‘Declaration and Statement of Intent toward International Cooperation on AI Safety Science’. Also in Seoul, in September, the Responsible AI in the Military Domain Summit was held and culminated in the release of a ‘Blueprint for Action’ supported by 61 states, setting out a roadmap for establishing norms of AI in the military.
Much attention was also directed towards AUKUS Pillar 2, a partnership between Australia, the UK and the US with respect to advanced capabilities including AI, quantum, electronic warfare and hypersonics. In April, Japan was the first official partner country to engage under Pillar 2. New Zealand, Canada and South Korea are likewise being considered for specific advanced capability projects, as announced in September to mark the three-year anniversary of the AUKUS pact.
As we progress in 2025, technological cooperation will be a priority for many regional countries, as highlighted in an ASPI report released earlier this month about the importance of Australia-South Korea cooperation on critical technologies. We will continue monitoring the role of middle and emerging powers in progressing science and technology innovation.
Sovereignty prevails in cyberspace
When it comes to multilaterals, sovereignty emerged as the defining principle of cyber governance in 2024. Cyber sovereignty remains the rallying concept around which states have found consensus, with initiatives reinforcing the idea that cyberspace governance cannot rely solely on universal norms that disregard local contexts. Two major initiatives swept through the United Nations with strong support from the international community: the UN cybercrime convention and the ‘Global Digital Compact’ (GDC).
Once deemed unlikely, UN member states reached a consensus on a draft of the cybercrime convention on 8 August. The Russia-proposed text has faced criticism from civil society groups and the tech sector, which argue that its broad scope could be misused by authoritarian regimes. Concerns include provisions allowing governments to compel companies to hand over data, potentially bypassing domestic laws, and to prosecute individuals abroad under vague cybercrime charges. Although Australia and like-minded states initially opposed the convention, they have agreed to its terms citing adequate safeguards to prevent misuse.
The DGC, unlike the convention, is not a binding legal framework but a roadmap for a fairer digital ecosystem that promotes the responsible use of technology. This landmark agreement enshrines the principle that the internet is not the domain of a few but a shared space governed by equitable norms. However, the GDC remains a set of voluntary principles, with implementation reliant on the willingness of stakeholders.
As the international community prepares for further discussions in 2025, including the potential establishment of a permanent UN mechanism for cyber security, a critical question looms: will this trend lead to the growing marginalisation of non-governmental stakeholders such as civil society groups?