Governments in Asia confront an increasingly complex array of cybersecurity threats, which have the potential to drain millions of dollars from their economies, disrupt infrastructures critical to essential services and even put lives at risk. The ability of governments to effectively confront these threats depends on smart policies, strong institutions and robust collaboration across the international community.

With Vietnam, Thailand, Indonesia and others in the region currently drafting new cybersecurity laws, this ability is now being put to the test.

As governments seek to craft cybersecurity policies, there is a growing risk of fragmentation. Encouraging policies that are effective, coherent and internationally aligned demands focused international dialogue and consensus in support of a robust global system. While industry can contribute best practices and advocate for international collaboration, it is up to governments to lead in pressing for regional and global cybersecurity policies that are strong, effective, and internationally operable.

In recent years, some governments have tended to adopt cybersecurity policies that move them out of alignment with the international community, in some cases in the misguided belief that they can improve cybersecurity by segregating their nations from the broader digital ecosystem.

Implementing their own practices

First, we see a retreat from internationally recognised technical standards. Countries that adopt indigenous standards force product developers to alter products or product configurations to comply with the country’s guidance.

Such alterations can generate additional risk because they cannot be vetted as broadly as products built for global use. These products may not benefit from the insights of the global security research community, which may ignore products focused on niche markets. Indigenous standards can also stifle innovation and drive developers out of these distorted markets altogether.

China has become a leading generator of indigenous standards, propagating dozens of new cybersecurity standards that overlap or conflict with existing internationally recognised standards and often refusing to comply with the latter. Vietnam and Indonesia have also turned to such standards at times. The European Union is considering legislation that could favour the development of indigenous standards.

As cybersecurity threats grow more sophisticated, the risks of insufficient, poorly calibrated or inappropriately nationalistic cyber policy approaches are growing. A global effort built upon common policy approaches and a shared commitment to security can enable governments and citizens to take full advantage of the opportunities the digital ecosystem creates.

Source: SCMP News