This post will be the first of a three-part series based on my participation in an ASEAN Regional Forum (ARF), hosted jointly by the Chinese and Malaysian Governments in Beijing. The intriguing title of the workshop was ‘Measures to Enhance Cyber Security—Legal and Cultural Aspects’. I’ll come back to why that’s so interesting in my third post, as it appears that the cultural aspect of the debate has caused a great deal of heated discussion amongst state representatives. But more of that later. My first two pieces will give a flavour of the thoughts I put forward in my address to the ARF.
In my first post on The Strategist I looked at the divisions that exist between the various states that are contesting cyberspace and suggested that there was a divided road ahead in terms of how cyberspace is governed in the years to come. Broadly speaking, the Western liberal democratic states of US, Australia, Canada, UK and Western Europe are on one side of the debate, and the roughly aligned Chinese, Russians and a collection of former Soviet states are on the other. But the picture in the Asia–Pacific region isn’t as clear cut and it’s far from easy to determine exactly where nations align or compete.
In recent years, the region has seen tremendous economic growth, with several states identifying Information Communication Technology (ICT) growth as an integral part of their socioeconomic development. The cyber domain is clearly an enabling mechanism that has allowed the Asian economies to grow so rapidly. Asian societies have wholeheartedly adopted the internet and it has become an important avenue of political and social expression.
Governments across the region struggle to balance the rapid growth of ICT with their concerns over social stability, national security, and cultural values. These tensions manifest themselves differently according to each state’s context. The region is home to some of the least connected countries, alongside burgeoning ICT markets such as China and South Korea, which have rapidly become highly connected nations. The degree of information control across the region varies as well, with some of the world’s strictest regimes of information control on one end and relatively unfettered communication environments on the other. The continued growth of internet connectivity in Asia, particularly in the mobile realm, has occurred alongside a growth in the ability of states to monitor and control the flow of information; as connectivity grows, so does the legal, regulatory, and technical capacity for states to monitor it.
With so many different political, economic and national security concerns playing out across the region, this can bring potential competition which is being played out in the cyber domain. Be it cybercrime, or cyber espionage, the Asia–Pacific is becoming a focal point for this competition.
The international community has tried various ways to create a cyberspace that’s palatable to all parties. Leaving aside the suggestions by the Chinese, Russians and their allies that international legally binding agreements are required to solve these issues, there are other areas that’ve been highlighted as the most logical pathway forward. These include steps short of binding agreements such as building international norms which encourage responsible state behaviour in cyberspace, confidence building measures (CBMs), transparency measures, and capacity building.
Frequently these measures are viewed in a disconnected manner as though they’re unrelated, rather than being part of a process which achieves the same goal. I’ve proposed that they be seen in the ’round’ as helpful steps in encouraging responsible norms of behaviour in cyberspace. Once viewed as different but mutually reinforcing steps on the long path to creating ubiquitous norms, then it’s possible to see how they all fit together. Norms should be seen as a continuous process of engagement and dialogue rather than a discrete activity, and while the coexistence of different behaviours should be expected (including violations of agreed approaches in some instances), this process nonetheless has a number of virtues:
- it creates patterns of engagement and expectations, and in doing so provides opportunities to resolve crises and disagreements as they arise
- it can facilitate increased understanding of mutual risks, leading to greater co-operative behaviour
- it increases the range of options available, which can be useful as the decision-making calculus of a state is very likely to change over time.
Over the longer term, history shows that norms promoted by states perceived to be successful have a ‘socialising’ effect that encourages others to adopt them.
These are all valid reasons for pursuing this path, but at the same time it’s important to examine other, more practical pathways for advancing the debate, as norms evolve over many years rather than months. In the short to medium term, more practical measures such as capacity building, transparency and confidence building measures are vital in building the necessary relationships and partnerships which engender cooperation between states. Through practical measures, norms of behaviour are socialised and over time, mindsets are changed, preconceptions are altered and common understanding of norms begin to emerge.
So what are the specific measures that can be taken by the ARF to begin this process, and what kind of CBM or capacity building can take place in order that longer-term objectives can be built? In my next post I’ll look at practical measures ASEAN states can take to begin this slow process.
Tobias Feakin is a senior analyst at ASPI.