Asia Pacific,Cyber Vulnerabilities,Disruption,Global Economy,Internet,Technological Change

Asian cybersecurity futures

Two major geopolitical forces rose in the last generation to change our world. With over 3.7 billion people online as this study goes to print, the internet has melded into our way of life. It reshapes how we do business, how we imagine the world and ourselves, and how we conduct statecraft and warfare. Concurrent with this technological change came another shift in world affairs: the economic rise of the East, led by China and India.

Over the next decade, China and India alone will likely add a billion new internet users. Unlike in the West, however, internet users in Asia are coming online in the uncertain era of cybersecurity and cyberoperations. If ever there was a time when real-world politics and military operations seemed absent from online life, that time has long since past. The forces of internet expansion and rising Asian economic power now converge in a moment of change for which the international system is not prepared.

Given the interconnectedness of the global economy and cybervulnerabilities present in Asia today, the cybersecurity choices that Asian countries and companies make over the next five years will impact millions of lives for a generation. The expansion of the internet in Asia will likely mirror that of the West in some respects, but it will also respond to new risks and opportunities, and evolve within the distinctive Asian political milieu. At this moment of approaching internet expansion, Asians have a unique opportunity to build a more secure and resilient approach to cybersecurity before millions come online.

This study presents strategic choices for Asia’s cybersecurity future. It does so by examining scenarios at the intersection of technological disruption and traditional geopolitics. It identifies key premises for cybersecurity in Asia, as well as drivers of change that are likely to shape any cybersecurity future that may unfold. These scenarios explore how diverse forces may interact over time — and point toward options for investment to mitigate risk. The intended audience includes executives, policymakers, researchers, and anyone concerned with the stability and prosperity of the Asia Pacific.

This study identifies three cybersecurity premises that will inform any Asian cybersecurity future. These premises stirred the authors to think about Asia’s cybersecurity future and how it may evolve.

1. Asia is largely unprepared for cyberrisks and vulnerable to disruptions, particularly for populations unaccustomed to advanced internet technologies.

2. China’s rise will be a dominant force in Asia’s future, and the choices that China makes will shape stability and cybersecurity across the region.

3. The novel use of cyberspace operations creates uncertainty in Asia and across the globe, and threatens to exacerbate pre-existing tensions among states and groups.

A range of socio-political drivers of change will impact Asia’s cybersecurity future. Key driving questions include:

1. How will income inequality and Asia’s rural-urban divide affect cybersecurity, particularly given governmental limitations outside Asia’s megacities?

2. In what ways might geography and territorial disputes impact cybersecurity investments and operations?

3. How will nationalism and identity politics evolve as internet access expands? How might nationalist expressions impact cybersecurity?

4. In what ways will Asian cultures shape what was once a largely western technology, and how will they influence the future of cybersecurity?

Asia’s cybersecurity story will evolve through the interplay of these forces and others. The question is how. Our scenarios offer a prospective look, not to predict the future but to imagine potential storylines and then to highlight gaps and opportunities for change.

1. In Hack the Farm, a multinational corporation introduces a new technology into the Indian agricultural sector. A cyberincident disrupts agricultural equipment and draws out tensions among regional capitals, New Delhi, and organised farmers across India’s cotton belt. The scenario leads to changes in how diverse Indian and global communities plan for cyberrisks.

2. In Escalation in the Pacific, tensions between China, Vietnam, and the United States come to a head in a cyberconflict that results in surprising lethal consequences and unexpected diplomatic commitments between China and the United States. The story unfolds amidst a backdrop of rising middle-class resistance to the Chinese Communist Party’s (CCP) economic policies and online social controls. The events in this scenario alter China’s domestic future and the nature of cyberspace operations within the international system.

3. In The Beijing Cyberconsensus, China intentionally makes technological investments in four Central and Southeast Asian nations that over time increase Beijing’s regional power and shape the region’s cybersecurity policies and practices. Absent alternative options, weaker states opt into Beijing’s investments and influence, while stronger states, like Australia, India, Japan, and South Korea, opt out.

On the basis of history and an analysis of key trends and drivers of change, these scenarios draw out a number of findings for policymakers and corporate planners, as well as specialists of Asian affairs and cybersecurity. These findings are explored throughout the scenarios and the study.

  • Unlike internet expansion in the West, where access and speed were the first priorities and security was largely an afterthought, Asia can shape its cybersecurity at an earlier stage in its internet growth. System developers can incorporate cybersecurity technologies into projects now. Public- and private-sector leaders can shape policies and standards and advocate for change. Major markets can influence global companies to improve their cybersecurity practices.
  • At this stage in Asia’s internet expansion and economic growth, strategic planning and analysis can have a profound impact on Asia’s cybersecurity and economic future. Rather than adopt a piecemeal approach, strategic planners can look across opportunities and risks to shape the future. Effective strategies can help strengthen relationships across sectors, prepare for cyberattacks of significant consequence, and identify gaps in developing cybersecurity capabilities.
  • The scope of the problem demands that Asian organisations plan to perform missions and functions without assured access to secure data. In rising digital Asia, it is not a question of if but when cyberattacks and disruptions will occur. As the internet expands and populations become increasingly dependent upon it, societies must focus on resilience to withstand data disruptions and manipulations of critical infrastructure (i.e., of the finance, energy, and national security sectors), and also to withstand cyberinfluence operations of online media that could alter political perceptions. The scenarios outlined in this report suggest pathways for achieving resilience in society at the technological and political levels.

Much is at stake as Asia rises economically and militarily and as millions of internet users come online. The internet has shaped Asia over the last decade, but it is about to spike in its influence as access expands dramatically in the world’s most important economic region. The study provides a framework and invites readers to think further about the region’s technological, political, and cybersecurity future.


Jonathan Reiber

Arun Mohan Sukumar