North Asia More Cyber `Mature' as Nations Build Online Defenses

  • Australian Strategic Policy Institute ranks 20 countries
  • Cyber-maturity rank includes governance and implementation

A series of online attacks in the past year has spurred Japan and South Korea to bolster their cyber defenses, improving their ranking on a yearly list of “cyber maturity”. Australia was one of the main decliners.

South Korea last year faced a barrage of cyber-attacks, with many thought to originate in North Korea, while Japan passed legislation putting its National Information Security Center in charge of cybersecurity after hacks on targets including the nation’s space agency and its largest defense contractor.

“South Korea and Japan have a different threat environment to Australia’s,” said Tobias Feakin, director of the International Cyber Policy Centre at the Australian Strategic Policy Institute, which compiled the ranking. “It has only taken them a year to write policies, implement them and smash down barriers in between departments.”

Japan climbed to second in the 2015 ranking from fifth last year, while South Korea rose to third from fourth. Australia fell to fifth from third as Japan, South Korea and Singapore improved at a faster rate. The U.S., which is included because of its Asia-Pacific exposure, ranked first.

The ranking takes into account governance structures, financial cyber-crime enforcement, military applications, digital economy and business, and social engagement. “Maturity’ is demonstrated by the presence, implementation and operation of cyber-related policies, legislation and organizations,” said Feakin.

The following are summaries on the region’s main countries with their scores. Countries are rated in 10 different categories on a score of 1 to 10. The full report can be seen online.

U.S.: New Laws, 90.7

The U.S. delivers strong cyber policy through a sophisticated government structure and comprehensive legislative framework. The establishment of new cyber laws has been relatively successful, and the Obama administration has enacted several executive orders in relation to the regulation of cyberspace.

Japan: Increased Authority, 85.1

The government has a comprehensive, cross-departmental approach to cyber policy. Increased authority for government cyber agencies and the introduction of new laws reflect a continued and concerted rise in cyber maturity.

South Korea: Strong Understanding, 82.8

South Korea demonstrates a strong understanding of cyber issues and efficient coordination of various agencies through an overarching policy. The persistent threat from North Korea has resulted in a clear prioritization of cybersecurity issues and offensive capabilities, both domestically and in South Korea’s foreign engagement.

Singapore: National Masterplan, 81.8

Singapore has continued to implement a coherent cyber policy, aided by the National Cyber Security Masterplan 2018. The government has comprehensive legislation, Internet regulation and a military network defense.

Australia: Lacking Coherence, 79.9

Australia continues to improve on cyber maturity, as evidenced by the opening of the Australian Cyber Security Centre in 2014, but there remains a paucity of coherent national cyber policy. This will improve if the government delivers and effectively implements its promised cyber strategy.

Malaysia: Social Awareness, 68.3

Dedicated cyber agencies and a more structured legislative framework have boosted Malaysia’s cyber maturity. It has moved beyond a purely technical view of cyberspace and now engages with international partners on policy and broadens its social awareness through the activities of universities and think tanks.

China: Greater Clarity, 64

China has improved its cyber maturity by clarifying and centralizing the coordination of government cyber agencies and continuing to produce relevant legislation. Cyber crime is actively but inconsistently addressed. The country appears to have a deepened understanding of the cyber-military threat but has failed to translate this into a tangible policy or program.

Vietnam: Ad Hoc, 53.6

Vietnam has a modest government structure and legislative framework for addressing cyber issues. The government is involved in international efforts to combat cyber crime, but its ad hoc indications of interest in military applications suggest limited capabilities in that area.

India: Policy Ambiguity, 50

While India has shown a strong awareness of cybersecurity issues, policy ambiguity and inaction have left it without a fully implemented government strategy.

Thailand: Additional Laws, 49.1

Thailand has a maturing cyber-governance structure and is developing more legislation. It would benefit from taking part in a more comprehensive debate that goes beyond capacity building to cybersecurity and governance.

Philippines: Weak Enforcement, 46.8

The Philippines has diversified cyber legislation and dedicated cyber-crime agencies but continues to suffer from weak enforcement. Awareness of cyber-military issues isn’t translated into policies or capabilities.

Indonesia: National Agency, 46.4

Indonesia has delivered on its promise of a National Cyber Agency - a notable improvement in organizational structure - and laws to address cyber crime are being developed. But low government–private sector interaction and insufficient telecoms infrastructure means Indonesia is failing to capitalize on the potential of its digital economy.

North Korea: Mainly Military, 16.4

North Korea takes a highly structured and regulated approach to cyberspace but suffers from a lack of policy and cyber-crime agencies. The focus is mainly military, and the government is suspected of having sophisticated offensive capabilities. The regime’s isolationism extends to its cyber policy: it has no apparent international engagement on the issue. Domestic computer and Internet access is very limited, contributing to a low level of social and economic engagement on cyber issues.

Before it's here, it's on the Bloomberg Terminal.