WE live in an age of digital interdependence where technologies are rapidly transforming societies and economies of nation states with unprecedented challenges to human security.
Up to January, according to one source, "there were 4.66 billion active Internet users worldwide — 59.5 per cent of the global population. Of this total, 92.6 per cent (4.32 billion) accessed the Internet via mobile devices".
This dependency keeps increasing by the second! So does our vulnerability to cyber intrusions. Our digital dependence has increased our vulnerabilities in almost every segment of the society — corporations, military establishments, health, education, communication, shipping and associated supply-chain organisations, plus other sectors too. According to the World Economic Forum's Global Risks Report 2021, cyber risk is among the top global threats that need to be prevented and countered with urgency.
Last year, a staggering 31 per cent of global companies were attacked by cyber criminals at least once per day. Over 1,000 had sensitive data stolen and publicly leaked by ransomware gangs. Given the present trajectory, it seems clear that digital operations, including cybersecurity threats, will remain far more prevalent in future than in previous years.
The number of cyberattacks, according to an American source, has risen by 180 per cent between 2018 and 2019.
The frequency of cyber attacks is estimated to rise to 11 seconds in this year, up from 14 seconds in 2019, and 39 seconds two years before.
Although lately the motivation (by ransomware, for example) is mainly for financial gain, when used together, cyber and artificial intelligence-enabled weapons can inflict immense collateral damage to property and innocent lives.
Due to low cyber resilience among member states, Asean has become a prime target for cyber attacks, according to one source. In addition to low security in preventing cyber intrusions, the region has plenty of money to steal from.
It is estimated that the digital economy of Asean member states could add another US$1 trillion to the region's gross domestic product over the next decade.
Besides strengthening national resilience and better coordination and sharing of intelligence, the challenge to many member states in Asean is how to respond to accidental attacks — unintended or unplanned intrusions when reprisals against state actors or their proxies for such malicious activities may lead to rash counter responses, including a declaration of war.
In a crisis, it is easy to find scapegoats to start a conflict in the absence of an agreed regional mechanism to deal with accidental intrusions.
A cyber conflict between Asean neighbours under any pretext must be avoided at all costs.
Understanding the complex cyber threat landscape is key to staying safe and secure on online platforms for the region.
Asean probably needs a "Code of Responsible Conduct for the Cyberspace" that will give teeth to Asean leaders' statements in recent past for "voluntary and non-binding cyber norms, as well as the development of a peaceful, secure and resilient rules-based cyberspace that will contribute to continued economic progress, enhanced regional connectivity within, and improved living standards across Asean".
The shock from cyber incidents in Estonia (2007), Lithuania (2008) and Georgia (2008) and Kyrgyzstan (2009) has led to a significant strengthening of cyber defence capabilities among the 27 members of the European Union and in the North Atlantic Treaty Organisation (Nato).
Following the attack on Estonia, the European Union and Nato commissioned a group of experts in public international law to prepare for a set of non-binding rules applicable to cyberwarfare. Known as the Tallinn Manual (after Tallinn, the capital of Estonia), the international law applicable to cyberspace was prepared.
Tallin Manual 2.0 was published in 2017, 10 years after the Estonian incident. The manual has filled a gap to establish norms and rules on cyber activities in Europe.
However, efforts in the United Nations to build rules to govern cyberspace since 1998 have not borne fruit.
The UN Group of Government Experts (comprising 25 member states) with a mandate to focus on advancing responsible behaviour in cyberspace (2013) and the UN Open-Ended Working Group (2020), with their own geopolitical agendas, have tended to work at cross purposes.
What the world needs for cyberspace is an international treaty like the 1982 United Nations Conventions on the Law of the Sea (UNCLOS) and the four 1949 Conventions dealing with armed conflicts, which form the basis for today's international humanitarian law.
The writer is a keen student of geopolitics