Some markets in Asia-Pacific are hindered by local testing requirements, while others have no cybersecurity strategies in place or are still in the midst of rolling out these infrastructures.
The region is slow in establishing comprehensive national cybersecurity plans as well as implementing the necessary legal frameworks to ensure critical infrastructures are adequately protected, according to BSA's inaugural APAC Cybersecurity Dashboard released Tuesday.
Developed with security market researcher Galexia, the study evaluates 10 markets in the region on five areas related to cybersecurity: legal foundations, operational capabilities, public-private partnerships, industry-specific plans, and education. It also assesses based on several cyberlaw indicators, such as whether the nation's legal system discriminates against, or instills undue restrictions on, global cybersecurity vendors.
China, Indonesia, and South Korea, for instance, were found to be hindered by local standards and testing requirements that were not in line with global best practices. The study further noted that Indonesia has yet to implement a national cybersecurity plan, while other nations such as China, Korea, Malaysia, and Vietnam have some measures in place but are still in the midst of developing their cybersecurity infrastructures.
Across the region, most governments were failing to tap the knowledge and best practices of the private sector, despite numerous calls to combat security threats with public-private partnerships. Australia, for example, does not have a formal public-private cybersecurity partnership, although CERT Australia does work with the private sector on awareness programs and critical infrastructure protection. The BSA study also noted that Australia's private sector would be consulted as part of the country's cybersecurity strategy review process.
Singapore shows up positive indicators
While the dashboard does not rank the 10 Asia-Pacific markets, Singapore appears to have an overall positive report. The study pointed to the city-state's five-year national cybersecurity masterplan launched in 2013 and establishment of a new Cyber Security Agency, which began operations in April 2015. The agency comes under the purview of the Prime Minister's Office and has centralized oversight of national cybersecurity functions.
The Singapore government also had a formal commitment to develop public-private partnerships, BSA noted, and pointed to efforts to drive cybersecurity education. In addition, the country "avoids undue legal and regulatory restrictions" on cybersecurity service providers, the study determined.
In a recent ZDNet report, Acronis Founder and CEO Serguei Beloussov said Singapore was among only a handful of countries, including Switzerland and Austria, that did not impose restrictions on the kind of encryption companies export. The U.S. government, for instance, requires security companies to submit an encryption registration before they can export such products.
"We want to be in places where we are completely independent and can do business with whoever we want. We are a technology company, and we don't want to be involved in politics," Beloussov said, explaining his decision to open a research and development (R&D) center in Singapore.
BSA's Asia-Pacific director of policy Boon Poh Mok said the study underscored the need for policymakers in the region to develop the right policies, legal and operational frameworks, as well as better collaborate with relevant industry stakeholders.
Other markets included in the study were India, Japan, and Taiwan.