Only US tops Australia in Asia-Pacific cyber maturity: ASPI

The region's preparedness to ward off cyber attacks and fight cybercrime is growing, but so are the threats, according to a new report from one of Australia's leading think tanks.
Written by Stilgherrian , Contributor

Like many countries in the Asia-Pacific region, Australia has been consolidating its legislative and organisational responses to cybersecurity challenges, most notably with the implementation of a national cybersecurity strategy.

The result is that its relative "cyber maturity" has risen two spots, putting it in equal second place with Japan. The United States remains the region's cyber leader.

The internet continues to be a "key enabler" of regional economic growth, currently at 5.5 percent a year and the strongest in the world. But with developed economies such as Australia, Japan, and the US already complaining about a cybersecurity skills shortage, "very significant increases" in education efforts will be needed to satisfy the demand for such skills in the developing economies.

These are just some of the findings in Cyber Maturity in the Asia Pacific Region 2017, released on Tuesday. It's the fourth edition of the flagship annual report from the International Cyber Policy Centre (ICPC) at the Australian Strategic Policy Institute (ASPI).

The ICPC noted the "worsening threat environment" faced by Australia and other regional players.

"With the rise of crime-as-a-service, becoming a cybercriminal is easier than ever, rewards are high, and chance of arrest low. As regional countries become increasingly connected to the internet the development opportunity threatens to be undermined by rising cybercrime," the report's lead author Tom Uren said.

"A parallel development to the worsening threat environment is more countries talking openly about military cyber capabilities."

The US plans to give its military cyber unit, Cyber Command, more independence and authority. Australia has established an Information Warfare Division and has declared that it has an offensive cyber capability that it's already used against Islamic State. Even Japan, normally pacifist, has proposed greatly expanding its military cyber investment.

"Cyber espionage has continued unabated," says the report.

"It's now evident that a number of Southeast Asian governments are conducting very competent cyber espionage operations. It isn't clear whether this news reflects a genuine proliferation of cyber espionage or an improvement in detection capabilities."

Overall, though, the report has a calm-before-the-storm vibe.

"The region again avoided a major incident, such as an attack on critical national infrastructure ... With notable exceptions, such as North Korean financial cybercrime and Russia's interference in the US election, countries were not engaged in flagrantly irresponsible actions during the reporting period," the report says.

"High-profile ransomware incidents such as WannaCry and NotPetya, while damaging, have had the positive effect of further elevating cybersecurity issues among policymakers, and this is gradually translating into improved preparedness and responses."

North Korea is increasingly seen as a threat, China perhaps less so.

"North Korea continues to build up its malicious cyber capability. It's already been accused of a litany of crimes, including launching an online heist on the Bangladesh Central Bank and the WannaCry ransomware incident that infected over 200,000 computers in more than 150 countries. As sanctions bite, or conflict breaks out, it will do its best to retaliate," the report says.

"On the positive side of the ledger, China's increasing development of indigenous intellectual property is likely to start to sway it from its past practice of sweeping commercial cyber espionage towards a more status quo power dynamic in which it wants to protect its intellectual property. China has continued to sign binding international agreements, including with Australia in 2017, prohibiting future thefts of intellectual property for commercial purposes."

There has also been more cooperation with China in cybercrime investigations. China and the US Federal Bureau of Investigation (FBI) collaborated on arrests, Chinese nationals in Cambodia and Fiji were deported to China, and Australian metadata was shared with Chinese authorities.

From a business perspective, the report says there's still "tremendous potential" for Asia-Pacific economies to leapfrog the developed economies by adopting new technologies and business models.

"For example, 85 percent of people in Papua New Guinea are unbanked, but the spread of 3G and other mobile technologies means there's potential for the adoption of mobile financial systems similar to the Kenyan M-Pesa mobile money system or even an app-based mobile payments system, such as that deployed by WeChat in China."

Previous Security Coverage

GCHQ's cybersecurity accelerator just opened its door to nine new startups

GCHQ has showcased the nine startups chosen to help protect the UK from the cyber-attacks of the future.

Bangladesh minister: We want to 'wipe out' Philippines bank after $80 million heist

The finance minister said he wants to "wipe out Rizal Bank from Earth" due to the cyberattack.

Keylogger uncovered on hundreds of HP PCs

For the second time this year, HP has been forced to issue an emergency fix for pre-installed keylogger software.

Symantec says biometrics isn't the answer for protecting against financial fraud

With Australians to soon transfer money in near real-time, banks will need to up their fraud detection capabilities, but Symantec's local CTO has said biometrics isn't the way to do that.

Intrusion detection policy (Tech Pro Research)

A clear and concise plan of action will help counteract any intrusion into an enterprise network and mitigate potential damage.

Why Wikipedia's cofounder wants to replace the online encyclopedia with the blockchain (TechRepublic)

Blockchain technology is breaking into many industries, including publication. Wikipedia cofounder Larry Sanger explains how tech can create transparency, and allow more content on the site.

Amazon launches cloud SSO service for managing multiple AWS accounts (TechRepublic)

The new AWS Single Sign-On service will make it easier for business users to centrally manage access to applications and accounts.

Editorial standards