Please enable javascript to access the full functionality of this site

Responsible cyber behaviour in the Indo-Pacific

Submitted by markopetreski@… on Tue, 01/28/2025 - 12:28
Responsible cyber behaviour in the Indo-Pacific banner
Light
@ASPI_CTS

Responsible cyber behaviour in the Indo-Pacific: Views from Cambodia, Fiji, India, Indonesia, Japan, Pakistan and Taiwan

What’s the problem?

In July 2025, the mandate of the United Nations Open-Ended Working Group on the security and use of information and communications technologies (hereafter OEWG) ends. This marks the latest chapter of international discussions on responsible behaviour in cyberspace. Throughout a 20-year period, a corpus of reports has been delivered that outline standards of behaviour.1 Taken together, this is referred to as the ‘UN framework of responsible state behaviour’ and includes an acceptance that international law applies to state conduct in cyberspace and a commitment to observe a set of norms (see Figure 1).2

Figure 1: UN Norms of Responsible State Behaviour in Cyberspace

Responsible cyber behaviour in the Indo-Pacific: Views from Cambodia, Fiji, India, Indonesia, Japan, Pakistan and Taiwan

These international norms are generally considered the benchmark for the notion of ‘responsibility’ in cyberspace, and one of the components of this ‘framework’. However, the UN framework is fraught for several reasons:

  • It suffers from a narrow application. The UN framework relates principally to cyber issues that affect international peace and security. This sets a high-security threshold for what should be considered part of the responsible cyber agenda.
  • The UN framework focuses—almost exclusively—on the obligations of states under international law.
  • It largely applies to externalities as it directs how states ought to behave towards each other, and not to how states should act domestically.
  • The UN framework amplifies a perspective on responsible behaviour that’s been spearheaded by the earliest and most mature cyber nations, in particular the P5 members of the UN Security Council.

This has resulted in a lopsided but dominant perspective on responsible cyber behaviour—one that overlooks states’ domestic responsibilities in terms of the use of cyberspace for domestic and internal security purposes; practices of good governance for cyber capabilities and operational controls; and one that has overlooked perspectives from developing and emerging economies.

What’s the solution?

As cyberspace has become a ubiquitous dimension of social, economic, political and military activities, there’s a need to expand the notion of responsibility in cyberspace. While this has become common language in national and international cybersecurity strategies and practices in Australia, Europe, the UK and the US, it’s less evidently articulated in most other parts of the world, including in most of the Indo-Pacific.3

This report introduces a more comprehensive framework to explore the concept of responsible cyber behaviour and additionally offers perspectives from seven Indo-Pacific countries on what constitutes ‘responsible’ cyber behaviour. The selected countries are less represented and examined in global and regional cyber policy conversations, in both Track 1 and Track 2 settings. These countries vary in size, economic development, systems of government and strategic outlook—and so provide much-needed validation and challenge to established thinking and norms.

The insights presented in this report should provide policymakers, negotiators, civil society and researchers in the fields of cyber policy, cyber diplomacy and the non-proliferation of dual-use technologies with a better understanding of various national perspectives. In doing so, it will help to inform the scope of work for the next chapter of international cyber negotiations.

Full Report

For the full report, please download here.

29 Jan 2025

Responsible cyber behaviour in the Indo-Pacific
Tue, 01/28/2025 - 14:25
byronillyes@as…
Attachment
Download
3.57 MB
References
1
For a more detailed understanding of the UN Group of Government Experts (GGE) and OEWG time lines, see Dennis Broeders, Francois Delerue, Arun
Sukumar, Responsible behaviour in cyberspace: global narratives and practice, Publications Office of the European Union, Luxembourg, 2023.
2
nationalcybersurvey.cyberpolicyportal.org
‘Background to UN discussions on responsible state behaviour’, UN Institute for Disarmament Research, online.
3
www.state.gov
For examples, see Department of Home Affairs, 2023–2030 Australian Cyber Security Strategy, Australian Government, 2023, online; ‘EU statement—UN
Open-Ended Working Group on ICT: rules, norms and principles of responsible behaviour of states’, Delegation of the EU to the UN in New York, 30 March
2022, online; National Cyber Force, ‘Responsible cyber power in practice’, UK Government, 4 April 2023, online; State Department, ‘United States
International Cyberspace & Digital Policy Strategy’, US Government, 6 May 2024, online.

Author

GatraPriyandita_bio22

Dr. Gatra Priyandita

Senior Analyst

Full bio
Thumbnail

Louise Marie Hurel

Research Fellow

Full bio

Contributors

Ilaitia B Tuisawau, Cybersecurity Advisor, Fijian Government.

Anushka Saxena, Research Analyst, The Takshashila Institution.

Dr Wilhelm Vosse, Professor of Political Science and International Relations, International Christian University.

Dr Rabia Akhtar, Director for Centre for Security, Strategy, and Policy Research, University of Lahore.

Dr Yisuo Tzeng, A/Director, Institute for National Defense and Security Research (Taiwan).

Acknowledgements

ASPI and RUSI would like to thank the authors of this compendium for their contributions, and also thank Arindrajit Basu, Bart Hogeveen, Eugene EG Tan, Nori Katagiri, Rogier Creemers, Bart Voogt, James Boorman, Raoul Heinrichs, Chris Taylor, Siriwat Chhem and many others for their feedback, comments, and contributions throughout the development of this publication—all of which were of great value in ensuring the proper balance between detail and nuance when approaching responsible cyber behaviour through a national lens.

RUSI

About the report

This publication is produced by ASPI. It’s part of the Responsible Cyber Behaviour project, an initiative led by the Royal United Services Institute in partnership with ASPI, to map understandings of responsible cyber behaviour through national and regional case studies and to connect experts from different sectors and regions through the Global Partnership for Responsible Cyber Behaviour.

Global Partnership

About ASPI

The Australian Strategic Policy Institute was formed in 2001 as an independent, non‑partisan think tank. Its core aim is to provide the Australian Government with fresh ideas on Australia’s defence, security and strategic policy choices. ASPI is responsible for informing the public on a range of strategic issues, generating new thinking for government and harnessing strategic thinking internationally. ASPI’s sources of funding are identified in our annual report, online at www.aspi.org.au and in the acknowledgements section of individual publications. ASPI remains independent in the content of the research and in all editorial judgements. It is incorporated as a company, and is governed by a Council with broad membership. ASPI’s core values are collegiality, originality and innovation, quality and excellence, and independence.

ASPI’s publications—including this paper—are not intended in any way to express or reflect the views of the Australian Government. The opinions and recommendations in this paper are published by ASPI to promote public debate and understanding of strategic and defence issues. They reflect the personal views of the authors and should not be seen as representing the formal position of ASPI on any particular issue.

ASPI Cyber, Technology and Security

ASPI’s Cyber, Technology and Security (CTS) analysts inform policy debates in the Indo-Pacific through original, rigorous and data-driven research. CTS is a leading voice in global debates on cyber, emerging and critical technologies, foreign interference and issues related to information operations and disinformation. CTS has a growing mixture of expertise and skills with teams of researchers who concentrate on policy, technical analysis, information operations and disinformation, critical and emerging technologies, cyber capacity building and internet safety, satellite analysis, surveillance and China-related issues. To develop capability in Australia and across the Indo-Pacific region, CTS has a capacity-building team that conducts workshops, training programs and large-scale exercises for the public, private and civil-society sectors. CTS enriches regional debate by collaborating with civil-society groups from around the world and by bringing leading global experts to Australia through our international fellowship program. We thank all of those who support and contribute to CTS with their time, intellect and passion for the topics we work on. If you would like to support the work of the CTS, contact: ctspartnerships@aspi.org.au.

Funding

This publication is funded with support from the UK Foreign, Commonwealth and Development Office.

Important disclaimer

This publication is designed to provide accurate and authoritative information in relation to the subject matter covered. It is provided with the understanding that the publisher is not engaged in rendering any form of professional or other advice or services.

© The Australian Strategic Policy Institute Limited 2025

This publication is subject to copyright. Except as permitted under the Copyright Act 1968, no part of it may in any form or by any means (electronic, mechanical, microcopying, photocopying, recording or otherwise) be reproduced, stored in a retrieval system or transmitted without prior written permission. Enquiries should be addressed to the publishers. Notwithstanding the above, educational institutions (including schools, independent colleges, universities and TAFEs) are granted permission to make copies of copyrighted works strictly for educational purposes without explicit permission from ASPI and free of charge.

First published January 2025

Published in Australia by the Australian Strategic Policy Institute

Cyber, Technology & Security
ADF

Australian Defence Force

ACSC

Australian Cyber Security Centre

IEC

the International Electrotechnical Commission

IEEE

Institute of Electrical and Electronics Engineers

IoT

Internet of Things

IoTAA

Internet of Things Alliance Australia

ISO

International Organisation for Standardization

USB

universal serial bus

IIOT

Industrial Internet of Things

ASD

Australian Signals Directorate

CCP

Chinese Communist Party

MERICS

Mercator Institute for China Studies

PRC

Peoples Republic of China

VPN

virtual private network

AI

Artificial Intelligence

SCS

Social Credit System

BRI

One Belt, One Road initiative

CETC

China Electronics Technology Group Corporation

NGO

nongovernment organisation

RFID

radio-frequency identification

CFIUS

Committee on Foreign Investment in the US

SVAIL

Silicon Valley Artificial Intelligence Laboratory

UTS

University of Technology Sydney

ATO

Australian Taxation Office

COAG

Council of Australian Governments

DHS

Department of Human Services

DTA

Digital Transformation Agency

FIS

Face Identification Service

FVS

Face Verification Service

TDIF

Trusted Digital Identity Framework

NUDT

National University of Defense Technology

PLAIEU

PLA Information Engineering University

RFEU

Rocket Force Engineering University

STEM

science, technology, engineering and mathematics

UNSW

University of New South Wales

ZISTI

Zhengzhou Information Science and Technology Institute

AFP

Australian Federal Police

ACIC

Australian Criminal Intelligence Commission

A4P

Action for Peacekeeping

ASEAN

Association of Southeast Asian Nations

C-34

Special Committee on Peacekeeping Operations

CTOAP

Peacekeeping Training Centre (Timor-Leste)

F-FDTL

Timor-Leste Defence Force

MFO

Multinational Force and Observers

MINUSCA

UN Multidimensional Integrated Stabilization Mission in the Central African Republic

MINUSMA

UN Multidimensional Integrated Stabilization Mission in Mali

MONUSCO

UN Stabilization Mission in the Democratic Republic of the Congo

PNGDF

Papua New Guinea Defence Force

PNTL

National Police of Timor-Leste

RAMSI

Regional Assistance Mission to Solomon Islands

RFMF

Republic of Fiji Military Forces

RPNGC

Royal Papua New Guinea Constabulary

RSIPF

Royal Solomon Islands Police Force

UNAMI

UN Assistance Mission for Iraq

UNAMID

UN–African Union Mission in Darfur

UNAMIR

UN Assistance Mission for Rwanda

UNAVEM

UN Angola Verification Mission

UNDOF

UN Disengagement Observer Force

UNIFIL

UN Interim Force in Lebanon

UNIKOM

UN Iraq–Kuwait Observation Mission

UNIOGBIS

UN Integrated Peacebuilding Office for Guinea-Bissau

UNISFA

UN Interim Security Force for Abyei

UNOSOM

UN Operation in Somalia

UNMHA

UN Mission to Support the Hodeidah Agreement

UNMIBH

UN Mission in Bosnia and Herzegovina

UNMIK

UN Interim Administration Mission in Kosovo

UNMIL

UN Mission in Liberia

UNMIS

UN Mission in Sudan

UNMISET

UN Mission of Support to East Timor

UNMISS

UN Mission in South Sudan

UNMIT

UN Integrated Mission in East Timor

UNOTIL

UN Office in East Timor

UNSMIS

UN Supervision Mission in Syria

UNTAC

UN Transitional Authority in Cambodia

UNTAES

UN Transitional Administration for Eastern Slavonia, Baranja and Western Sirmium

UNTAET

UN Transitional Administration in East Timor

UNTSO

UN Truce Supervision Organization