The Future of Cybersecurity across the Asia-Pacific

Introduction

China’s Pursuit of Cyberpower

Adam Segal

Russia’s Cyber and Information Warfare

Valeriy Akimenko and Keir Giles

North Korea’s Objectives and Activities in Cyberspace

Daniel A. Pinkston

A Necessary Contest: An Overview of U.S. Cyber Capabilities

James A. Lewis

Japan: An Exclusively Defense-Oriented Cyber Policy

Benjamin Bartlett

A Collaborative Battle in Cybersecurity? Threats and Opportunities for Taiwan

Hsini Huang

Positioning ASEAN in Cyberspace

Elina Noor

Introduction

Conventional security and warfare have been thoroughly mutated in the information age, and Asian nations are at the forefront of the technological developments that are driving these changes. China is investing heavily in technologies such as artificial intelligence (AI) and 5G and exporting many of its technological products regionally and globally, while limiting the cyber capabilities of foreign countries and companies within its borders. In the recent presidential elections in the United States and Taiwan, coercive tactics involving cyberattacks and information warfare were prevalent. As a result, many countries have recognized the need for new cybersecurity measures to protect the integrity of the democratic electoral process. Securing digital markets and other interests is also a priority. The Association of Southeast Asian Nations (ASEAN), for example, held a cybersecurity summit in 2018, and Singapore launched the ASEAN-Singapore Cybersecurity Centre of Excellence in October 2019 to conduct research and train personnel for responding to cybersecurity threats.

This roundtable examines the cyber policies of the United States and its key adversaries and partners in Asia from a variety of perspectives, including their offensive and defensive cyber capabilities and the military applications of these tools. Adam Segal opens the roundtable by discussing China’s cyber capabilities as well as its vulnerabilities. Though Beijing can be expected to escalate its cyberattacks over the next five years, Segal notes that “CCP leaders are likely cognizant that China is vulnerable to similar attacks.” He argues that this equity between strength and weakness will limit China’s use of cyberattacks to military targets for fear of retaliation. For now, China presents a threat and serious challenge in the Asia-Pacific region.

Another cyberpower, Russia, has demonstrated offensive capabilities in several areas. Valeriy Akimenko and Keir Giles provide a thorough analysis of Russia’s cyber activities, both offensive and defensive, as part of the country’s comprehensive information warfare campaign. Most importantly, they claim that Western approaches to cybersecurity are suitable for responding to more traditional cyberthreats but insufficient “for the wider and more holistic tactics like the ones adopted by Russia.” Moscow has woven cyber capabilities into the fabric of its information warfare, circumventing the defenses of its rivals with subversion and disinformation and limiting the effectiveness of countries focused on more traditional cyberdefenses.

Daniel A. Pinkston analyzes North Korea’s offensive cyber capabilities. Though the country is normally considered technologically backward, Pyongyang’s highly skilled hackers can produce sophisticated and destructive cyberattacks, including bank robberies and ransomware attacks. Pinkston notes that the “methods to discover the sources of attacks are improving,” but that due to the country’s opaque nature, “attribution still takes considerable time,” which allows North Korea to strengthen its own computer network defenses. He argues that such attacks are likely to continue as long as the Kim dynasty remains in control.

James A. Lewis discusses U.S. cyber policy and the United States’ failure to keep up with the continuously morphing cybersecurity challenges that have emerged after the Cold War. Although Washington was “originally a pioneer in the use of cyber techniques,” Lewis asserts that it “now lags behind as the domain evolves beyond conventional military and espionage activities.” Across the Pacific, U.S. ally Japan is challenged by its own constitutionally imposed restrictions in the face of heightened regional threats. Benjamin Bartlett discusses Japan’s efforts to strengthen both its defensive and offensive cyber capabilities. The latter are important for disrupting adversarial attacks. Though the country’s national security policy “does not necessarily preclude further development of offensive cyber capabilities,” Bartlett contends that “it is unlikely that Japan will develop them in the near future.”

The final two essays cover the cyber policies of Taiwan and ASEAN, respectively. Hsini Huang provides an account of the administration and infrastructure governing cyber policy in Taiwan amid increasingly tense cross-strait relations. Taiwan has “chosen to play the role of regional cybersecurity facilitator in exchange for more cross-country information sharing and cooperation with its regional friends” rather than independently develop cyber capabilities. In a similarly nonconfrontational manner, ASEAN has also opted for cooperation and multilateralism in pursuit of international security. Elina Noor concludes that “ASEAN’s approach is to consolidate centrality while continuing to engage—if not, enmesh—its larger dialogue partners in cooperative efforts.” As member states will likely remain targets of cyberattacks, ASEAN will need to build collective cyber capacity at all levels.

In the near future, Russia and China will continue to pose the largest cybersecurity threats to the United States and other democracies, while North Korea also remains a menace in this domain. The asymmetric nature of cyberwarfare, as well as the range of capabilities that countries can employ, provides unique challenges to the United States and its friends and allies. “As digital technologies become central to social and commercial activity,” Lewis observes, “U.S. priorities in cyberspace will need to adjust.” Cyber policies going forward must be more comprehensive and holistic to defend the wide range of areas threatened.