The cyber–maritime security nexus and priorities for UK–Australia–ASEAN cooperation
31 Mar 2022| and

The UK government’s Integrated review of security, defence, development and foreign policy presents the Indo-Pacific as a region of increasing geopolitical and economic importance over the next decade and suggests that competition will play out in ‘regional militarisation, maritime tensions and contest over the rules and norms linked to trade and technology’.

The contested and congested oceans and connectivity links that make up the Indo-Pacific form an epicentre of great-power competition in which Southeast Asia is central.

Closer engagement with ASEAN states is therefore an essential part of a strategy that seeks to position the UK as a global actor in the era of strategic competition. But Britain is not alone, and an increasing number of other European countries are reasserting their positions in the region too.

Following the British government’s announcement of its Indo-Pacific tilt, in 2021 the UK became the newest ASEAN dialogue partner (Australia was the first, in 1974) and deployed a carrier strike group  to tour the Indo-Pacific. Operation Fortis was the UK’s largest operational naval deployment to Asia since the 1997 handover of Hong Kong.

In the wake of the AUKUS announcement and in light of the UK’s broader maritime ambitions, how can the UK work with Australia to contribute to maritime security in the Indo-Pacific? What can they jointly bring to this crowded space? And how can ‘external powers’ engage with ASEAN states in areas of common interest while circumventing sensitivities and avoiding raising tensions?

In a new ASPI report, released today, UK, Australia and ASEAN cooperation for safer seas: a case for elevating the cyber–maritime security nexus, we identify cybersecurity and technology capacity-building as priorities for UK–Australia–ASEAN cooperation in maritime security. This is a value-adding area that draws on the strengths of the UK and Australia to foster partnerships with non-military actors and addresses civilian-related aspects of maritime security.

The list of cyber incidents affecting maritime security is slowly but steadily growing and includes the malfunctioning of critical control systems, the exfiltration of sensitive data, the manipulation of systems to allow trafficking and smuggling to occur unnoticed, commercial and military espionage, spoofing of navigation systems, and manipulation of identification transmissions. While digitisation and automation of processes have been a priority for the maritime industry, cybersecurity has been lagging other comparable critical sectors of the global economy.

A first steppingstone for cybersecurity capability is access to incident-response resources. Some initiatives have been undertaken, including by Singapore’s port authority and maritime-focused cybersecurity companies, but altogether these efforts are just a drop in the ocean, given the magnitude of Southeast Asia’s maritime activity and the lack of an industry- and region-wide approach to and apprehension of the risk.

Risks aside, digital and emerging technologies are presenting marine industries with huge potential. Access to ‘maritime big data’, in combination with applications based on artificial intelligence and machine learning, will help to inform decisions on the most efficient routing; precise and reliable forecasting of scheduled arrivals; docking, off-boarding, load forwarding and reloading; and insurance of risks related to maintenance and accidents.

The Verumar project in the Philippines identified nine groups of technologies that are disrupting conventional fishing and other marine economic activities. Collecting and analysing meteorological, oceanographic and hydrographic data is helping efforts to support responsible fishing and combat illegal, unreported and unregulated fishing; track of maritime pollution; and monitor maritime economic resources and biodiversity.

Strengthening capabilities for maritime domain awareness through the adoption of digital technologies serves joint UK–Australia–ASEAN interests and their respective industries. The UK and Australia would be well placed to take responsibility for standard-setting in the development and deployment of these emerging technologies so that they reflect shared norms and the needs of the Indo-Pacific maritime community.

Maritime supply-chain resilience is emerging as a significant economic and security concern. The incident in 2021, in which MS Ever Given obstructed traffic in the Suez Canal, immediately reverberated through global supply chains and demonstrated the dependence of the world economy on accurate forecasting. Delays and disruptions in the shipping of critical rare-earth minerals prompted Australian mining company Lynas Rare Earths to charter its own vessel and secure a continuity of supply to customers through a processing facility in Malaysia.

Overall, the industry is expected to need to meet demands for faster and more accurate and predictive shipping. As Southeast Asia continues to ride the wave of e-commerce, major manufacturers will require logistics partners that are more flexible and agile. An ‘Uberisation’ of maritime transport is already taking shape that may soon involve a greater number of shippers operating with more small and medium-sized transporters.

Southeast Asia is not a chokepoint only for maritime trade but also for internet connectivity. With a high concentration of fibre-optic cables landing in and through the region, Southeast Asia is gradually developing into a hub for hyperscale data providers in the region’s digital economy.

Marine-based infrastructure such as communications cables and relay stations on the ocean floor is often overlooked, but is responsible for transporting 95% of the world’s data. While deliberate disruptions to undersea cables may occur, especially when exact locations are known, they are more likely to be damaged as a result of natural disasters or accidental collisions. The Indonesian government recognised that vulnerability when it tasked the navy’s Hydrography and Oceanography Centre to map and potentially rearrange its underwater geophysical landscape of cable and pipes to mitigate potential threats.

By exploring the cybersecurity and emerging technology dimensions of maritime security, the UK and Australia enter largely uncharted territory. Both countries, however, possess a demonstrated track record of maritime, cyber and tech expertise, experience and resources to partner with ASEAN countries in building further regional capacity in technology-enabled maritime security.

Managing the advent of new technologies in Southeast Asia’s maritime operations—military, civil and commercial—and ensuring the confidentiality, integrity and availability of systems and networks will increasingly underpin the safety and security of the maritime domain, including the legal aspects of maritime borders.