Up from below: tackling cyber threats

Publication Type: 
Other Writing
Publication Date: 
March 8, 2016

More nations in the Asia-Pacific are adopting a bottom-up approach to cybersecurity regulation. That’s a good thing, Scott Shackelford writes.

Cybersecurity is a major concern in the global community, and not least in the Asia Pacific. Take Japan, for example, which in 2014 suffered an estimated 12.8 billion cyber attacks, up from 7.8 billion in 2012 and substantially greater than the estimated 300 million when monitoring began in 2005. And they are not alone.

Governments around the world are considering how best to regulate an array of cybersecurity issues. From encryption to protecting critical infrastructure from misuse, overuse, and attack, a global experiment is now underway that could reveal what sets of governance best practices are yielding results.

But problems are manifold. Even defining winners and losers is difficult, given the challenge of tracking and attributing cyber attacks. Still, this is not stopping nations from acting as cybersecurity laboratories, which, in the process, is yielding some surprises and forging new alliances across the Asia-Pacific to better manage the multi-faceted cyber threat.

Among the lessons learned so far is a growing preference for a largely bottom-up approach to cybersecurity policymaking. Indeed, although there is a spectrum of cybersecurity regulatory frameworks ranging from more state-centric approaches (think Russia and China) to voluntary initiatives, more and more nations—including the United States—seem to be settling on a bottom-up approach to enhancing private-sector cybersecurity.

Emblematic of this movement in the United States context is the 2014 National Institute for Standards and Technology (NIST) Cybersecurity Framework. This framework, comprised partly of industry-driven and regularly updated cybersecurity best practices, has been influential in shaping cybersecurity due diligence, not only in the United States, but across an array of nations, including those in the Asia-Pacific.

In fact, NIST is now collaborating with several dozen nations around the world. Our recent study delved into the experiences of five such nations—including Japan, South Korea, and Australia—to compare the cyber threats they’re facing, see what’s being done about them, and how well these policies are working to date.

Read the full post at Asia & The Pacific Policy Society