Asia has become the locus of cyber conflict according to a Centre for Strategic and International Studies (CSIS) report. McAfee Labs "Threat Predictions Report" for 2013 expects that states and armies will now increasingly become both more frequent source
James Clapper, the United States’ director of national intelligence, also reports in the “US Intelligence Community’s Worldwide Threat Assessment” of March that there has been a significant increase in state actors’ use of cyber capabilities, and this could possibly lead to an increase in the probabilities of miscalculations, misunderstandings and unintended escalation. However, outside of a military conflict or crisis that threatens vital interests, he thinks it unlikely that other advanced cyber state actors will launch a “devastating attack”.
The CSIS report suggests that malicious activity in cyberspace, which could inflame existing tensions or increase misperception and miscalculation among governments of the intent and risk of cyber actions, poses the greatest cyber risk to security in Asia. Such activity includes “planning for military competition and asymmetric warfare, and engagement in economic espionage to gain long-term economic and trade advantages”.
For instance, Australia, China, North Korea, India, Malaysia, Myanmar, Japan and South Korea are developing military cyber capabilities and doctrine, while Brunei and Singapore are developing defensive cyber capabilities, and the capabilities of other Asian nations seem to range from “nominal to relatively sophisticated”.
In this context, lack of international agreement on shared norms for responsible state behaviour and applicability of international law, plus the potential for mistake, raises the probabilities of miscalculation and possibly conflict. Furthermore, there is no international or regional agreement on clear and harmonised definitions for what constitutes “cyber security”, “cyber attack” or “cyber defence” – lines between cyber crime, cyber espionage and cyber attack are also ambiguous. According to the European Parliament Committee on Foreign Affairs “Draft Report on Cyber Security and Cyber Defence” of 2012, even the very understanding of cyber security and other key terminology varies significantly between jurisdictions.
In light of these developments, and in addressing non-traditional security issues, the Asean Political-Security Community seeks to promote the renunciation of aggression and of the threat or use of force or other actions in any manner inconsistent with international law. Unlike nuclear weapons however, it is impossible to prevent the creation of advanced cyber capabilities and techniques.
Member states should therefore consider the feasibility of carving out a “no-use zone” by agreeing to not use advanced cyber capabilities in the region. Confidence-building measures and preventative diplomacy, such as exchanges among defence and military officials, can also be enhanced to ensure escalation does not occur between Asean member states or between Asean member states and third countries. Such instruments should aim to prevent conflict and ensure that the chances of miscalculation and misinterpretation are reduced.
Asean should further strengthen its relations with Asean dialogue partners and the international community by cooperating to tackle cross-border cyber challenges. It should also consider engaging other regional bodies and possibly establish joint working groups with the European Union and the East Asia Summit. A joint EU-US Working Group on Cyber Ssecurity and Cyber Crime was created in November 2010, and the European Parliament Committee on Foreign Affairs report of 2012 calls for accelerating cooperation and exchange of information on how to tackle cyber security issues with third countries, such as its proposals to engage the BRICS countries.
Noticeably, the report does not mention Asean or the Asean Regional Forum. The 2013 Cyber Security Strategy of the European Union does, however, outline the EU’s intention to seek closer cooperation with Asean in the future.
The Asia-Europe Meeting (ASEM), whose partners include the Asean Plus Three, 27 EU members and the European Commission, can also be engaged to explore these issues of common concern in an open and informal fashion in order to complement bilateral and multilateral cooperation efforts. Asian and European representatives can use this forum to discuss ways to enhance cooperation and host working groups to include the private sector and civil society.
Cooperation in tackling cross-border cyber threats should also be included within the ASEM 2012-2014 work programme and placed on the agenda of the 10th ASEM summit, which is due to be held in 2014.
In the future, Asean member states should agree a common position on shared norms for responsible state behaviour in cyberspace and the applicability of international law for the use of advanced cyber capabilities and techniques. At the upcoming G20 Summit in September and the Seoul International Cyberspace Convention in October, positions should be coordinated to promote Asean values and policies.
A common Asean position – or at a minimum, a common position paper – will reflect Asean views on what is emerging as a critical issue in international cooperation and international security.
Catriona H Heinl is a research fellow at the Centre of Excellence for National Security, the S Rajaratnam School of International Studies, Nanyang Technological University, Singapore.