HONG KONG – A series of online attacks over the past year have spurred Japan and South Korea to bolster their cyberdefenses, improving their ranking on an annual list of countries’ “cyber maturity,” in which Australia notably dropped.
South Korea last year sustained a barrage of attacks, many of which are thought to have originated in North Korea, while Japan passed legislation putting its National Information Security Center in charge of cybersecurity after hacks on targets including the nation’s space agency and its largest defense contractor.
“South Korea and Japan have a different threat environment to Australia’s,” said Tobias Feakin, director of the International Cyber Policy Center at the Australian Strategic Policy Institute, which compiled the ranking. “It has only taken them a year to write policies, implement them and smash down barriers in between departments.”
Japan climbed to second in the 2015 ranking from fifth last year, while South Korea rose to third from fourth. Australia fell to fifth from third as Japan, South Korea and Singapore improved at a faster rate. The U.S., which is included due to its Asia-Pacific exposure, ranked first.
The ranking takes into account governance structures, financial cybercrime enforcement, military applications, digital economy and business, and social engagement.
” ‘Maturity’ is demonstrated by the presence, implementation and operation of cyber-related policies, legislation and organizations,” Feakin said.
The following are summaries of the region’s main countries together with their overall “weighted” scores, which are the result of analysis in 10 different categories. The full report can be seen at jtim.es/TPoMg .
United States: 90.7
The U.S. delivers strong cyberpolicy through a sophisticated government structure and comprehensive legislative framework. The establishment of new laws has been relatively successful, and the Obama administration has enacted several executive orders in relation to the regulation of cyberspace.
The government has a comprehensive, cross-departmental approach to cyberpolicy. Increased authority for government cyberagencies and the introduction of new laws reflect a continued and concerted rise in cyber maturity.
South Korea: 82.8
South Korea demonstrates a strong understanding of the issues and efficient coordination of various agencies through an overarching policy. The persistent threat from North Korea has resulted in a clear prioritization of cybersecurity issues and offensive capabilities, both domestically and in South Korea’s foreign engagement.
Singapore has continued to implement a coherent policy, aided by the National Cyber Security Masterplan 2018. The government has comprehensive legislation, Internet regulation and a military network defense.
Australia continues to improve on cyber maturity, as evinced by the opening of the Australian Cyber Security Centre in 2014, but there remains a paucity of coherent national policy. This will improve if the government delivers and effectively implements its promised strategy.
Dedicated cyberagencies and a more structured legislative framework have boosted Malaysia’s cyber maturity. It has moved beyond a purely technical view of cyberspace and now engages with international partners on policy and broadens its social awareness through the activities of universities and think tanks.
China has improved its cyber maturity by clarifying and centralizing the coordination of government agencies and continuing to produce relevant legislation. Cybercrime is actively but inconsistently addressed. The country appears to have a deepened understanding of the cybermilitary threat but has failed to translate this into a tangible policy or program.
Vietnam has a modest government structure and legislative framework for addressing cyber-related issues. The government is involved in international efforts to combat cybercrime, but its ad hoc indications of interest in military applications suggest limited capabilities in that area.
While India has shown a strong awareness of cybersecurity issues, policy ambiguity and inaction have left it without a fully implemented government strategy.
Thailand has a maturing governance structure as regards cyberissues and is developing more legislation. It would benefit from taking part in a more comprehensive debate that goes beyond capacity building to cybersecurity and governance.
The Philippines has diversified legislation and dedicated cybercrime agencies but continues to suffer from weak enforcement. Awareness of cybermilitary issues has yet to be translated into policies or capabilities.
Indonesia has delivered on its promise of a National Cyber Agency — a notable improvement in organizational structure — and laws to address cybercrime are being developed. But low government-private sector interaction and insufficient telecommunications infrastructure means Indonesia is failing to capitalize on the potential of its digital economy.
North Korea: 16.4
North Korea takes a highly structured and regulated approach to cyberspace but suffers from a lack of policy and cybercrime agencies.
The focus is mainly military, and the government is suspected of having sophisticated offensive capabilities. The regime’s isolationism extends to its cyberpolicy: it has no apparent international engagement on the issue. Domestic computer and Internet access is very limited, contributing to a low level of social and economic engagement on cyberissues.