Already contending with a tense geopolitical backdrop, there is an urgent need for countries in Asia to cooperate, if not harmonise on cyber security issues and reduce their respective vulnerabilities.
There is no escaping the fact that over the past ten years the Asia-Pacific region has increasingly become a global point of strategic interest and competition. While the United States has renewed its economic and military focus in the region, China has rapidly modernised and expanded its military forces, and tested the boundaries of international norms in the South and East China Seas. Both countries seek to influence nations in the region in order to gain greatest access to Asia’s rapidly expanding markets
Set against this evolving strategic landscape, the Asia-Pacific has undergone tremendous political transformation and social change. The development of cyberspace and the information and communications technology (ICT) that powers it has proven to be an integral part of the region’s socioeconomic growth.
The online environment is also rapidly growing in importance as an avenue for political and social expression in Asian societies. But technological development in the region varies dramatically. It is home to some of the world’s least networked countries, such as Myanmar (1.1% internet penetration) and Cambodia (4.9%) plus some of the most networked, including South Korea (84.1%) and Japan (79.1s%). It also encompasses burgeoning ICT markets such as China and India. Although increasing connectivity has generated undeniable benefits, it has also created new vulnerabilities for governments and the private sector in the areas of national security and online crime. These tensions have manifested differently according to each state’s domestic context.
Although increasing connectivity has generated undeniable benefits, it has also created new vulnerabilities for governments and the private sector in the areas of national security and online crime. These tensions have manifested differently according to each state’s domestic context. In an environment such as cyberspace where gains are high, the probability of capture is low and deniability rules, many different economic and political confrontations are playing out simultaneously. A by-product of this tension has been a rise in the number of countries that have acquired or are seeking offensive cyber capabilities.
Assessing Cyber Maturity in the Asia-Pacific Region
As connectivity grows, so does the need for cyber-focused policies, legislation and regulatory frameworks. Governments in increasing numbers are starting to address shortfalls in their domestic arrangements, but there are many states that lag behind in either the formation or implementation of cyber-centric mechanisms, frameworks and policy.
To make considered, evidence-based cyber policy judgements in this regional context, there is a need for better tools and information to assess the ‘cyber maturity’ of nations in the region. In response to this over the past twelve months the Australian Strategic Policy Institute’s International Cyber Policy Centre has developed a Cyber Maturity Metric which provides a guide to the regional picture. The UK and the US were included in the study as a benchmark upon which to gauge how well other nations were developing their responses to the challenges and opportunities that cyberspace offers.
Nations’ cyber maturity was measured across four different topics, governance structures, military application, digital economies and business, and social engagement. Scores were applied across the different research questions and then a total cyber maturity score was given out of 100.
Most governments across the region are now beginning to understand and prioritise cyber issues as a core tenet of policymaking. While the urgency and thoroughness of how nations respond to the issue varies significantly, all countries examined in this study are grappling with ‘cyber’ as a component of state power.
In the past year, there has been a rapid expansion in many nations’ cyber policies and governance frameworks. At the forefront of these policy developments have been India, Japan and Singapore, all of which have introduced impressive-looking policy documents that link together the various departments and agencies with responsibilities for cyber issues.
However, implementing the policy recommendations found in these documents will not be an easy task. At the opposite end of the scale are those nations that lack an adequate focus on their cyber policies, this list includes Cambodia, Myanmar, the Philippines, Thailand, Papua New Guinea, and Indonesia. There’s an opportunity for nations that have sophisticated mechanisms in place to help build policy capacity in those nations that are in need of support.
Military Use of Cyber
There are no surprises about which nations are leading the way in the military aspects of cyber capabilities: the US, China, UK, Australia, Singapore and South Korea. However, the increased utilisation of cyber capabilities by the North Korean regime over the past year is a concern.
This has put the South Korean government under pressure to respond to cyber incidents as they arise without an escalation between the two countries, creating another challenge for strategic planners. The onus is on Seoul to develop an ever more sophisticated and mature cyber policy architecture and resilience framework so that it can remain clearheaded in its responses, preventing incidents from turning into large-scale military action in the face of extreme provocation. There’s no doubt that we will see increased military cyber developments in the region.
Inevitably the Snowden ‘cloud’ has hung over the Asia–Pacific region as much as it has over the rest of the world, and this has increasingly had a bearing on the international dialogue
on cyberspace. However, a great deal of discussion continues in the region about confidence building measures, capacity building and transparency in the cyber domain, mainly through the ASEAN Political and Security Community.
These discussions present an opportunity for nations to increase their cooperation and mutual assistance in cyberspace. Australia had been at the forefront of international efforts chairing the UN Group of Government Experts on Development in the Field of Information and Telecommunications in the Context of International Security (UNGGE) in 2013, pushing for a strong practical agenda through ASEAN Regional Forum Workshops, and working hard on practical policing capacity building.
China has also been utilising similar avenues, albeit with different agendas, and its energetic efforts in the international arena cannot go unnoticed. There is a need for nations in the region to coordinate more proactively on cyber issues especially given the wider, sometimes tense, geopolitical strategic backdrop. This environment could potentially see small miscalculations in cyberspace or misperceptions of cyber actions result in extremely damaging consequences.
Tobias Feakin is also Senior Analyst National Security and Director, International Cyber Policy Centre, ASPI
Dr Tobias Feakin
Senior Associate Fellow