Power rivalries and vulnerability in Asean digital space: Jakarta Post contributors

JAKARTA (THE JAKARTA POST/ASIA NEWS NETWORK) – The rivalry between global major powers, namely the United States and China, has shaken the digital space since 2018 when the Huawei vice-chairwoman was arrested in Canada upon the US’ demand.

Contestation that may have originally seemed far away with the borderless nature of the cyberspace issue soon enough hit home. The pandemic has given consumers in Indonesia and the world no alternative but to rely on digital services for two main reasons: Convenience and routine.

This has further proved the sustainability and longevity of this increasing trend, making citizens more and more reliant on the cyberworld and the region experience a surge in digital economic activities.

While economic growth is one of the reasons why cybersecurity should come first, the Indonesian government bears the responsibility to protect its citizens, not only physically, but also digitally.

Indonesia and its neighbors in South-east Asia are struggling to respond to the challenges that come with the increasing use of cyberspace. Privacy and security concerns in the cyber realm remain an urgent threat that the respective governments need to address.

In recent years, Indonesia, as well as other Asean countries, has experienced various cyber incidents. In May 2020, the consumer data of 91 million Tokopedia users were leaked, similarly Singapore’ Technologies Engineering Aerospace experienced 1.5 terabytes of sensitive data stolen, and in 2021 the number of hospitals and businesses in Thailand affected by malware skyrocketed, with similar issues faced by Malaysia. These incidents have increased concerns over digital privacy and cybersecurity.

What is concerning is the capacity of Indonesia, or the lack thereof, as well as other countries in the region, to protect itself. The rivalry of the great powers has increased the technological gap between the US and China on one side, with other countries that do not have the technological capacity or the industrial complex to provide a large enough supply for national critical infrastructures, such as Indonesia and most South-east Asian countries, on the other.

While the US-China technology rivalry pushes the two nations to advance defence systems and cyber capabilities, the tech rivalries are often not carried out directly against each other but are addressed to countries within their political landscape. This is relevant for Indonesia and South-east Asian countries which wish to maintain their neutrality, but are heavily dependent on economic and security cooperation with the major powers.

This situation, however, has made it difficult for governments of developing countries to protect their cyberspace and critical infrastructure, not only from attacks such as distributed denial-of-service (DDoS), but also espionage.

In October, Microsoft reported 47 percent of cyber espionage was directed toward government institutions. A report issued in December 2021 that dissected the Threat Activity Group 16 (TAG-16) of cyber espionage directed at the South-east Asian governments of Indonesia, Malaysia, Thailand, the Philippines and Vietnam targeting Defence Ministries, Foreign Affairs Ministries and other strategic ministries in relations with South China Sea issue should be a wake-up call.

When such cyberespionage occurs, it is difficult for affected countries to point fingers, let alone ask for compensation if damages occur. This is not only because cyberattacks are difficult to verify, but also because there is plausible deniability by the perpetrator and, in the diplomatic setting, accusations could reduce bilateral cordiality that may impact future economic and security cooperation.

China and the US are both vital economic partners to Indonesia and Asean, both the issue of economy and cybersecurity are interrelated in the effect the US-China tensions bring to Asean member states. Asean states have become more careful than ever in conducting trade and diplomacy with both countries and ensuring that there are no notions of taking sides.

However, how long this neutrality and impartiality can be maintained in the face of technological pressure remains a big question. While time is still on our side, there are several actions that Indonesia and Asean can take to address technological gaps and cybersecurity issues in the face of great power competition.

First, focusing on homegrown innovation to develop adequate cyber defence systems to ensure countries’ capabilities in the midst of the US-China rivalry. Yet, the question remains, where would the technology come from?

Another question is whether Asean states, in attempting to build their own cyber capacity, would invoke the concerns of major powers that have the ability to impose threats and digital destruction, as we have learned from past cyberattacks that came with grave impacts: Stuxnet, WannaCry and Not Petya.

Second, pushing for global and regional norms of responsible states’ behavior in cyberspace. As of now, Asean remains the only regional organization that subscribes to the 11 cyber norms, which include norms that countries should not allow their territory to be used for malicious cyber activities.

Regionally, Asean has fostered greater regional cybersecurity cooperation through various fora, including the Asean Ministerial Meeting on Transnational Crime (AMMTC), Asean Telecommunications and Information Technology Ministers’ Meeting (TELMIN), Asean Ministerial Conference on Cybersecurity (AMCC), Asean Cyber Capacity Programme, Asean Regional Forum (ARF) Inter-Sessional Meeting on ICT Security and the ADMM-Plus Experts’ Working Group Meeting on Cyber Security.

However, there is a need to ensure that these meetings really build technological capacity and resilience, rather than talk shop.

Thirdly, adequately keeping up and responding to the growing cybersecurity needs through issuing relevant policies that protect the government, private sectors and citizens while allowing them to reap the benefits of the digital economy.

Asean can help set the guidelines for a regional framework to support its member states to have proper regulation on cyberdefence, mitigation and prevention systems, take for example the Asean Framework on Personal Data Protection and Asean Data Management Framework.

However, true to the Asean way, it is each member’s capacity and willingness that enables the building of resilient national and regional cybersecurity. As the old adage says, we are as strong as our weakest link.

  • Ruth Latreia is a research assistant at the Centre for Strategic and International Studies (CSIS) Indonesia, where Fitriani is a researcher. The Jakarta Post is a member of The Straits Times media partner Asia News Network, an alliance of 23 news media organisations.

Join ST’s Telegram channel here and get the latest breaking news delivered to you.

Source: Read Full Article