We know very little about Kim Jong-un’s North Korea but we do know the hermit kingdom produces skilled hackers. Over the past few years, North Korea’s military has hacked Sony, launched the WannaCry malware and more recently pulled off a coup by penetrating an apparently “secure” South Korean military network, stealing sensitive data including wartime contingency plans drawn up with the US.
Stealing some of South Korea’s most valuable secrets is no mean feat, and it was its military’s sophisticated cyber capabilities that saved North Korea from ranking last in the Australian Strategic Policy Institute’s 2017 Cyber Maturity in the Asia-Pacific report. The annual report has expanded to cover 25 countries in our region and helps identify opportunities for how we can best engage with nations in the Asia-Pacific while highlighting the big emerging threats.
There’s plenty of good news. We’ve found our neighbourhood has introduced more cyber-related policies, legislation and regulations than ever before. While a UN-led process to govern cyber behaviour has broken down, bilateral and regional diplomacy has kicked in, led by Australia, Japan and the US.
More submarine cables and better cyber infrastructure are coming online. Our digital neighbourhood is expanding as more netizens in the Asia-Pacific experience the internet for the first time. This continued growth provides more opportunities for Australian business to reach potential customers and for our government to engage more creatively with our neighbouring region.
The US has topped our ranking once again but China is the one to watch. Cybersecurity and information control continue to be a hallmark of President Xi Jinping’s tenure and China has been incredibly active in promoting its own solution to global cyber governance. Focused on “cyber sovereignty” and strict censorship, China’s approach stands in stark contrast to the Australian government’s commitment to promote a free, open and secure internet. The tension between these contrasting approaches has only just begun.
Cyber-crime, censorship and espionage are on the rise. Cyber-espionage in our region has continued unabated and it’s now evident that several governments in Southeast Asia are conducting very sophisticated operations. Inequality is growing and the most cyber-advanced nations have moved further from the more cyber-vulnerable Pacific Islands.
While we’ve found countries in the Asia-Pacific are making important investments to improve their cyber capabilities, these are too often small and slow-moving. Most importantly, they are occurring at a time when the global threat landscape is worsening.
The Asia-Pacific must prepare itself for a painful transition over the next few years. Improvements in artificial intelligence and quantum computing will disrupt the existing defences our region has slowly built up against cyber-attacks and espionage, outpacing them in new and unexpected ways. The rapid uptake of Internet of Things devices is expanding the digital attack surface, and these will continue to provide a point of weakness that cyber-criminals can exploit.
So what will this new threat landscape mean for Australia in 2018? We will all need to invest more in protecting our systems and data, in deterring cyber-criminals and in better understanding the rapidly shifting geopolitics of cyberspace.
The government must invest more in public awareness campaigns so that Australians are better versed in the cyber threats they face now, and the ones just around the corner.
In light of Russia’s cyber interference in the US and European elections, Australia must prepare to potentially be on the receiving end of increasingly sophisticated and varied cyber-enabled influence operations. Robust cybersecurity won’t protect Australians from an online disinformation campaign. Planning for the likelihood of continuing information warfare — that could occur across media, social networks and chat apps — will require different investments, creative thinking and thought leadership.
And while Australia isn’t their No 1 target, it’s worth noting that North Korean hackers haven’t packed up and gone home. The country’s estimated 6000 hackers will soon enjoy a second internet connection to the outside world.
And who’s laying fibre-optic cables to provide Pyongyang with better access? The Russians, of course.