Cyber maturity in the Asia-Pacific region

Cyber metric banner croppedThe Ukraine-Russia Cyber War is Heating Up’, ‘Catastrophic Heartbleed bug exposes 60% of private internet data’, ‘NSA surveillance program reaches ‘into the past’ to retrieve, replay phone calls’. The public discussion surrounding cyberspace is fraught with dire warnings, fear mongering and outright panic. The reality is that cyberspace is as complex and multifaceted as the tactile world in which it’s entwined. While risks to privacy, assets, and even security are real, cyberspace also drives social mobility, economic empowerment, and connectivity. For this reason, to truly understand and act in cyberspace, a more comprehensive dialogue on the opportunities and pitfalls of the most unique of global commons must be developed.

Today, ASPI’s International Cyber Policy Centre releases its inaugural Cyber Maturity in the Asia-Pacific Region 2014 report (PDF). The report attempts to capture this complexity and organise it in a digestible manner, using metrics to provide a snapshot through which government, business, and the public alike can garner an understanding of the cyber profile of regional actors. Cataloguing hardware and capabilities provides only a thin description of the cyber domain. Maturity on the other hand looks at the presence, implementation and operation of cyber-related structures, policies, legislation and organisations. These maturity indicators encompass whole-of-government policy and legislative structures, military organisation, business and digital economic strength and levels of cyber social awareness.

The Asia-Pacific region is ideal for exploring the concept of cyber maturity. It has undergone tremendous economic growth, political transformation and social change. The development of cyberspace and the information and communications technology that powers it has been an integral part of the region’s socioeconomic growth. The online environment is also growing rapidly in importance as an avenue for political and social expression in Asian societies. At the same time, the potential for conflict in the region is on the rise, as the traditional power brokers jostle for position. While it’s clear that all the countries analysed are increasingly cognisant of cyberspace as a critical area, the approaches and priorities each adopts are diverse, and it’s the exploration of each sector that proves most revealing.

Cyber maturity weighted scores

Cyber maturity weighted scores

China received well-deserved high scores for international engagement and the military’s role, but business-government digital dialogue, public awareness, and the vast gap in urban-rural connectivity are a drag on China’s cyber maturity. Singapore is incredibly cyber savvy, but legislation that verges on censorship remains an area of concern. Myanmar suffers from a stark absence of infrastructure, but increased foreign investment in recent years, matched by ambitious government efforts, shows clear potential. Australia for its part leads the regional pack, with strong capabilities and international engagement. However a lack of whole-of-government strategy, ambiguity surrounding leadership and the need for an updated cyber strategy leave room for improvement.

Oversimplifying the cyber domain as one where spooks, crooks, generals, and nefarious actors lurk in every corner presents a geography where conflict rules the day. But looking into the complexities of what cyberspace means, opens room for engagement, confidence-building, capacity-building and cooperation. While many paint the Asia-Pacific as a cauldron of conflict, likening it to pre-World War I Europe, conflict isn’t inevitable, and the report shows there’s incredible opportunity for governments, business, and even society as a whole to engage with regional partners. While likeminded states such as Japan, Singapore, United Kingdom, and United States provide the most opportunities for Australia, there are areas for engagement across the region.

International engagement with China, military-to-military cooperation with India, and bolstering CERT-CERT dialogue with Indonesia, all offer avenues to collaborate. There’s no doubt that cyber conflict is a real possibility in the Asia-Pacific, but as a global common it’s international cooperation that’ll secure cyberspace. Fighting cybercrime requires transnational responses, digital economies rely on an international marketplace, and social empowerment rises from connectivity. Cyberspace mirrors the conflicts and partnerships of the international community, and a mature approach to cyberspace must be equally all-encompassing.

The Cyber Maturity in the Asia-Pacific Region 2014 report (PDF) and infographic is the first edition of an annual series that seeks to both inform and spur debate. Join the discussion @ASPI_ICPC #cybermaturity.

Tobias Feakin is a senior analyst at ASPI and director of ASPI’s International Cyber Policy Centre. Klée Aiken and Jessica Woodall are analysts in the ICPC. Images (c) ASPI 2014.