Written by Miguel Alberto Gomez.

Since the Russian cyber operation against Estonia in 2007, the notion of using cyberspace to render states defenceless has proven to be less consequential than initially thought. While one cannot deny its increasing role as a complement to existing foreign policy instruments, the implications of its use requires further scrutiny. Although the study of cyber security has become closely enmeshed with western actors (i.e. Europe, the Americas, and Russia), Asia is an equally relevant proponent. This is particularly true as interstate cyber exchanges within the region are coloured by persistent and salient disputes between rivals. Consequently, this analysis provides a brief background of key actors within Asia and what to expect with respect to cyber operations and their consequences in the foreseeable future.

A new development, however, is the growing use of politically driven espionage. While China has long since been associated with this activity, other actors like Vietnam have recently deployed this strategy.

What Will Not Happen

Despite the presence of several cyber powers, degradative cyber operations (those meant to damage or destroy critical infrastructure for the purpose of coercion) are unlikely to occur. While advances in capabilities have been significant, the limitations of cyber operations, increasing organisational capabilities, and restraint make such operations unlikely.

Though commonly portrayed as a low-cost means to circumvent material imbalances, effective operations require substantial intellectual, technological, and material investments. Although the option of using ready-made tools circumvent the above, these prove ineffective against all but the least prepared targets. Moreover, the tools used for cyber operations have an attenuated lifespan once employed. On the side of defence, organisational capabilities have grown due to individual governmental initiatives and private cooperation. The appearance of national level cyber organisations have placed states in a posture of improved readiness. In addition, private organisations such as the Asia Pacific Computer Emergency Response Team (APCERT) have improved intra-regional cooperation among private actors. Taken together, these advance the overall defensive posture of actors and bolsters the resilience of cyberspace. Even if the above is overcome, it is worth noting that aggressive actors (despite latent capabilities) appear to be exercising restraint. This is not particularly surprising given the saliency of issues involved. Working under the assumption that states are rational actors, there is a need to avoid potential escalation between rival states.

Despite its limited efficacy, the strategic significance of cyber operations ought not be dismissed. The adjunctive use of cyber operations could translate into significant strategic gains. Within Asia, this appears to be the case and, as such, merits further scrutiny.

What May Happen

Rather than assume the exercise of independent degradative cyber operations, the region is more likely to witness the use of disruptive and/or espionage type events. Disruptive operations are typified by low-level actions such as website defacement or Distributed Denial-of-Service (DDoS) meant to draw attention or maintain an interest towards an issue. Cyber espionage is the use of cyberspace to meet the objectives of conventional espionage operations via cyber means.  These operations complement existing foreign policy initiatives such as military posturing. Given the context of on-going or emergent disputes between rivals, it is unlikely that such states would invest in actions that run the risk of escalating the situation into unmanageable levels.

Northeast Asia: A Powder Keg

Arguably the most contentious sub-region, the tempo of cyber operations is most likely to increase while avoiding escalation. Specifically, the nuclear crisis involving North Korea would justify the use of cyber espionage operations aimed at its rivals. Although it could be argued that North Korea may well be the target of cyber espionage, additional intelligence would be of great importance to North Korea as it would allow it to better gauge the limits of its policy of brinkmanship without provoking a military response.

While espionage-type operations can serve as the foundation for degradative manoeuvres, North Korea is unlikely to take this course for two reasons. First, assuming an existing capability to develop advanced tools capable of substantial damage, this could lead to an unwanted escalation that may inflame an already tense situation. Second, its potential targets have mature organisational capabilities that could blunt or limit the damage. As such, the North Korean strategy may likely focus on using cyber means to gather additional information for shaping foreign policy.

Relatedly, one can expect China to continue with its infiltration of key organisations to further its own technological and economic initiatives. This would not, however, immediately translate to an advancement in capabilities. Moreover, China’s continued focus on foreign espionage and domestic content control leaves its own defensive posture weakened as key portions of cyberspace remain vulnerable to exploitation.

Southeast Asia: Skirting the Rules

While not faced with the threat of an impending military confrontation, territorial disputes over the South China Sea remain a pervasive feature of interactions in cyberspace. The volatility of the region has moderated the level of actions both within and outside the domain. Yet unlike Northeast Asia, the cyber operations often take the form of disruptive events such as defacements and Distributed Denial-of-Service. Moreover, these incidents are attributed to nationalistic non-state actors that take advantage of the inconsistent cyber security legislation across these states.

This reliance on non-state actors is useful given the strength of certain regional norms. Specifically, the activities of such actors allow governments to maintain their disputes and interests without visibly violating regional norms of sovereignty and non-interference.

A new development, however, is the growing use of politically driven espionage. While China has long since been associated with this activity, other actors like Vietnam have recently deployed this strategy. This is not surprising given the increasing importance placed on cyberspace by states and the informational advantage offered by compromising these systems.

South Asia: Maintaining the Status Quo

The persistent rivalry between India and Pakistan will continue to generate large numbers of disruptive cyber operations between the two states. The absence of an escalation have resulted in such exchanges becoming the norm between the two parties. The occasionally defaced or disrupted web site does not generate a significant amount of concern for authorities and has become routine.

It is likely that these operations are the work of non-state actors and highlights the potential for stabilisation of interstate interactions in cyberspace. Without an end to the existing rivalry, cyber operations – disruptive ones in particular – serve as a sounding board that ensures that the saliency of an existing dispute is not reduced. But these actions do not threaten to disrupt the status quo and increase the potential for escalation.

Grounding Cyber Threats

Interstate cyber interactions should be taken in the context of existing strategic and/or political relationships, as well as being framed by current technological realities. Of great significance is the use of cyber operations by actors involved in a rivalry relationship over salient issues. While initial proponents argued for its revolutionary potential, empirical evidence has shown a much more limited and grounded outcome. That is, cyber operations are used primarily and sparingly as a compliment to other foreign policy instruments. In so doing, actors in this domain are increasingly acknowledging the value of cyberspace while still recognising its unique limitations.

With respect to Asia, there will most likely be an uptick in the number, if not severity, of politically relevant cyber operations. More importantly, these will be oriented towards reducing the amount of uncertainty within the international system (i.e. espionage), or to provide a platform to air grievances against a third-party (i.e. disruption).

Miguel Gomez is a Senior Researcher at the Center for Security Studies at the ETH in Zurich and a fellow with the Centre for Internet and Global Politics at Cardiff University. His research focuses on strategy, norms, and risk in cyberspace. Image Credit: CC by U.S. Pacific Air Forces/Flickr.