Introduction
The Quadrilateral Security Initiative (Quad) was established in 2007 following a senior official-level meeting between Australia, India, Japan, and the United States (US). However, the grouping soon unravelled due to the flux in the regional security environment and each country’s relationship with China. The grouping re-emerged a decade later, in 2017, after officials from the four countries met in Manila on the sidelines of the APEC summit.[1] The minilateral has since focused on issues like infrastructure development, counterterrorism, and security in the areas of maritime and cyberspace towards promoting peace, stability, and prosperity in the Indo-Pacific.
The collaboration has been undergirded by various initiatives in the technology sector. However, the Quad nations continue to face their biggest challenges in cyberspace. The four democracies have seen an unprecedented escalation in cyber threats and malicious cyber activities, such as distributed denial-of-service attacks (DDoS), ransomware attacks, supply chain breaches, zero-day attacks, and cyber-enabled espionage campaigns. These converging threats are fuelled by geopolitical tensions and polarisation in cyberspace, risking the security and stability of not just the four democracies but also the larger Indo-Pacific region.
The four democracies have implemented a number of domestic measures to strengthen cybersecurity. In the US, the Biden administration issued Executive Order 14028 on Improving the Nation’s Cybersecurity in May 2021, which emphasised the importance of public-private collaboration, information-sharing, and the adoption of best practices to mitigate cyber risks.[2] Likewise, India is establishing acts, advisories, and technical frameworks that focus on data protection, critical infrastructure protection, and information-sharing.[3] Japan and Australia, too, are sharpening their focus on cyber resilience. At the Quad level, they have collectively taken steps to address cyber threats. In May 2022, the Quad leaders pledged to strengthen their respective abilities to defend their government networks and critical infrastructure from cyber disruptions.[4]
The four democracies are thus aligned on the need for polities and societies that are resilient to cyber threats. Despite being a shared threat, however, the nature, sources, and contexts of cyber threats differ for all four countries, and these differences have shaped their unique policy approaches. For instance, each country has different regulations vis-à-vis two specific aspects of cybersecurity: regulations governing critical infrastructure protection and cyber-incident reporting norms. Unharmonised regulations can lead to compliance being prioritised over and security imperatives.[5] Businesses may spend resources to comply with various breach regulations rather than protecting against breaches or innovating.[6] These regulations are necessary, but without harmonisation and reciprocity agreements, they can counter their objective of strengthening cybersecurity. Therefore, there is a need for regulatory alignment to boost the Quad’s cyber resilience and enhance collective security in the Indo-Pacific.
Regulatory harmonisation refers to a spectrum of practices that can facilitate alignment across national regulatory frameworks. In the current context, harmonisation would mean minimising or eliminating differences[7] in critical infrastructure protection and cyber-incident reporting norms and developing reciprocity agreements. These approaches can improve cybersecurity outcomes while lowering costs for different stakeholders.[8]
Harmonising cybersecurity regulations among the Quad countries, especially those governing critical infrastructure protection and cyber-incident reporting, can enhance collective defence against cyber threats, streamline compliance efforts, improve incident response, and increase resilience. By aligning regulations and adopting common standards, the Quad countries can ensure a more cohesive and effective response to cyber incidents, reduce administrative burdens, and achieve better security outcomes at lower costs. This regulatory alignment can foster international cooperation, creating a more resilient and secure digital environment that protects critical infrastructure and ensures a swift and coordinated response to cyber incidents. Standards play a crucial role in this process by providing a consistent and recognised baseline for cybersecurity practices, facilitating interoperability and enabling better collaboration among nations.
This report evaluates the potential of regulatory alignment among the Quad democracies on critical infrastructure protection and cyber-incident reporting norms. It outlines recommendations for strengthening the Quad’s cyber cooperation.
Read the report here.
Endnotes
Endnotes
[1] Ministry of External Affairs, Government of India, https://www.mea.gov.in/press-releases.htm?dtl/29110/IndiaAustraliaJapanUS_Consultations_on_IndoPacific_November_12_2017.
[2] U.S. General Services Administration, Improving the Nation’s Cybersecurity, Federal Register, 2021. https://www.gsa.gov/technology/it-contract-vehicles-and-purchasing-programs/information-technology-category/it-security/executive-order-14028.
[3] Sameer Patil, "India's Cyber Security Landscape: Vulnerabilities and Responses," in Securing India in the Cyber Era, 1st ed. (Routledge India, 2021).https://www.taylorfrancis.com/chapters/mono/10.4324/9781003152910-2/india-cyber-security-landscape-sameer-patil.
[4] The White House, https://www.whitehouse.gov/briefing-room/statements-releases/2022/05/24/quad-joint-leaders-statement/
[5] Aspen Digital Report, “Harmonizing Cybersecurity Regulation: A Security Symphony, 2023.”
[6] Aspen Digital Report, “Harmonizing Cybersecurity Regulation: A Security Symphony, 2023.”
[7] Tatiana Nascimento Heim, “Global Governance and Regulation of Cybersecurity: Towards Coherence or Fragmentation?” (PhD diss., University of Twente, 2023), https://ris.utwente.nl/ws/portalfiles/portal/306180289/vers_o_pure.pdf
[8] Henry Young, "Harmonizing Cybersecurity Regulations Is a Win-Win," BSA TechPost, July 10, 2024, https://techpost.bsa.org/2024/07/10/harmonizing-cybersecurity-regulations-is-a-win-win/ .
The views expressed above belong to the author(s). ORF research and analyses now available on Telegram! Click here to access our curated content — blogs, longforms and interviews.
PDF Download
PREV
