X Welcome to International Affairs Forum

International Affairs Forum a platform to encourage a more complete understanding of the world's opinions on international relations and economics. It presents a cross-section of all-partisan mainstream content, from left to right and across the world.

By reading International Affairs Forum, not only explore pieces you agree with but pieces you don't agree with. Read the other side, challenge yourself, analyze, and share pieces with others. Most importantly, analyze the issues and discuss them civilly with others.

And, yes, send us your essay or editorial! Students are encouraged to participate.

Please enter and join the many International Affairs Forum participants who seek a better path toward addressing world issues.
Mon. December 05, 2022
Get Published   |   About Us   |   Support Us   | Login   | Join Mailing List
International Affairs Forum
IAF Editorials
Asia-Pacific moves to boost cyber security
Comments (0)

TOKYO -- Reports last week that Georgia was hit by a coordinated cyber attack that compromised government Web sites offered a reminder of the additional front governments must protect when diplomatic or military hostilities break out between nations. Last year, high-tech Estonia suffered a sustained cyber attack that one Pentagon official described at the time as a "watershed" in terms of society's awareness of its vulnerability. Over several weeks, numerous government Web sites and the country's two largest banks came under sustained attack from abroad, overwhelming some sites and forcing some to block access from abroad. It is with these kind of attacks in mind -- and the prospect that such attacks could be used to disrupt critical infrastructure in Asia or elsewhere -- that the Malaysian government backed the establishment of the International Multilateral Partnership Against Cyber-Terrorism, or IMPACT, in May. "We're focused on the upper end of cyber threats," said Mohd Noor Amin, chairman of IMPACT's management board. "We're looking at critical infrastructure such as air traffic control -- things that can cause real harm to life and limb." Amin said that although Asia has yet to experience an attack on the scale of the attack on Estonia, many governments are reluctant to properly discuss the cyber threats they face, which he says are especially likely to be financially motivated. "The biggest cyber threats come from two types of group -- those who are financially motivated, and pseudo or actual terrorists doing it for ideological reasons," he said. "Of these two groups, I'd say the financially motivated groups are better organized." Amin says the level of preparedness varies across Asia, with awareness of potential vulnerabilities generally better in more connected nations. But he says that regardless of how prepared governments think they are, the key to staying on top of the threat will be improving international cooperation. "It's almost futile for any government to try and deal with cyber threats alone," he said. Nicholas Thomas of the China-ASEAN Project at the University of Hong Kong's Centre of Asian Studies, agrees that cooperation is essential. "In the cyber world there has to be engagement internationally to ensure regional security," Thomas said. "This is truly a transnational problem." But he believes that although intergovernmental cooperation is important, discussions must reach out further than the state level. "We need to bring in not just states, but the private sector and individuals as well," he said. In central Tokyo sits an unassuming office from which Japan's efforts to do just this are spearheaded. Established in 2005, the National Information Security Center is aimed at coordinating Japan's information security measures, and also acts as a point of contact with relevant organizations overseas. "Focusing on cyber attacks is important, but it's also important to look at overall awareness," said Masayuki Ogata, deputy counselor of the National Information Security Center. "So Japanese industry is playing a strong role, and we're also promoting public-private partnerships." Japanese government agencies are no strangers to attacks, with a number of ministries and offices, including the Prime Minister's Office and the Cabinet Office, coming under pressure in 2004 and 2005 from denial of service attacks, which aim to bring servers to a halt by inundating them with useless data. Thomas says there is often a real world political stimulus to such attacks, which in Japan's case came at a time of heightened tensions between it and China. "Between China and Japan, China and Taiwan and between Korea and Japan, there is a pattern with nationalism issues. Whenever we see these issues come up there is always a flare up in cyber attacks," Thomas said. "The divisions we see in terms of economics and politics really do permeate down to cyberspace." Reports last year suggested the cyber threat posed by some Asian nations was not confined to the Asia-Pacific region. Britain's Times newspaper said it had obtained a Pentagon report claiming Chinese military hackers had a detailed cyber attack plan for disabling the U.S. aircraft carrier fleet. The plan is said to have been devised by two senior air force colonels of the Chinese People's Liberation Army. The two had previously been lauded by former Chinese President Jiang Zemin for their paper "Unrestricted Warfare," which predicted "anything goes" attacks that could include cyber attacks. Such stories build on fears stoked by various reports that a significant proportion of cyber attacks originate in China. For example, a South Korean study released in May said more than half of cyber attacks on South Korean government Web sites and computer systems originate from Chinese Internet sources. But Marcus Sachs, speaking to International Affairs Forum recently, said such information can be misleading, both because of the sheer size of what he says is an understandably curious population of Internet users in China, and the difficulty of establishing where an attack actually originated. "[A]ttribution becomes really hard, because even though an IP address may be in Beijing, that doesn't necessarily mean that it is a Chinese citizen or military or government official sitting behind that keyboard," says Sachs, who is director of the all-volunteer SANS Internet Storm Center. "They have the same problem we do here with bots and malware." Pauline Reich, founder and executive director of the Asia-Pacific Cyber Law, Cyber Crime and Internet Security Research Institute in Tokyo, believes improving education, at universities and after -- especially in Japan -- will be essential if nations are to stay safe. "In Japanese universities each school is its own fiefdom. This is a problem," she says, arguing for a cross-disciplinary approach at every university to teaching cyber security that encompasses not just the technical aspects, but also associated legal issues. Reich says she also believes legal professionals need to update their knowledge of the issue. "We need to continue education -- how many lawyers, prosecutors and judges understand this [subject]? We need to help the judges to understand these issues and maybe train legislators," she said. "Judges need definitions -- if someone is going to find someone guilty of a crime, you have to first have defined the crime." She says the challenge of reconciling -- and even just defining -- the technical and legal aspects of cyber security are not confined to Japan. "The International Telecommunications Union has been about the tech side, but recently has gotten into the law side," Reich said. "The problem is when they talk about their work [at meetings and conferences] they talk in acronyms that only they understand -- they're talking only to their circle. So there's a problem of communication across disciplines." "ITU also has a working group putting together a standard on what cyber security is. But I don't think they've done it. So the ITU is putting the cart before the horse by holding meetings on cyber security and not defining what they're talking about," she added. But Reich believes that some Asia-Pacific countries have actually been making good progress in this regard. "Australia is very, very advanced -- they have laws and they have the tech-side people," she said. "And Korea is one of the leaders in this part of the world and they want to take a lead internationally." Thomas also cites Singapore as a regional leader in tackling cyber security issues. "Singapore has been very active in terms of training people and raising awareness," he said, pointing to an agreement reached last year, under Singapore's chairmanship, for ASEAN to work with Interpol on law enforcement training and capacity building, including in the area of cyber security. "Asian nations have started developing common capacities and are not just building links within the region, but also looking outside the region," he said. But he also notes that for the region's biggest emerging power, tackling cyber issues, including security, is a complex problem. "The thing with China is that it has a dilemma. There are coastal provinces and some places inland that have developed, but to expand this requires information flows," he said. "But unless they liberalize [Web] access, there will be bottlenecks, which will also mean Chinese companies will be disadvantaged." Jason Miks is managing editor of International Affairs Forum

Comments in Chronological order (0 total comments)

Report Abuse
Contact Us | About Us | Support Us | Terms & Conditions Twitter Facebook Get Alerts Get Published

All Rights Reserved. Copyright 2002 - 2022