Building resilience, trust and confidence in cyberspace remains a key priority among nations that share the vision of a Free and Open Indo-Pacific, according to the Quadrilateral Security Dialogue, or Quad, consisting of Australia, India, Japan and the U.S. The continuing threats posed through ransomware and other illegal cyberattacks by North Korea and other nefarious actors continue to create opportunities for nations that support the inclusive and rules-based vision. These threats are yielding new and expanding partnerships, particularly among Quad nations.
The latest example of these growing relationships is the Japanese Ministry of Defense announcement in November 2022 that it formally joined the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE), which fosters collaboration among experts in cyber defense research, training, and exercises covering technology, strategy, operations and law.
“More resilient Japanese cyber defense will enhance the country’s self-defense and concurrently enable closer collective defense with its allies,” Yoichiro Sato, an Asia-Pacific studies professor at Ritsumeikan Asia Pacific University in Japan, told the South China Morning Post newspaper in November 2022.
Japan included cybersecurity in its plans to strengthen defense capability during the next five years and intends to increase cyber defense personnel at its cybersecurity command from 890 to about 5,000 by 2027, according to the South China Morning Post. Japan’s NATO announcement is part of a “mutual effort to strengthen ties among like-minded allies and partners in deterring malicious state activities in cyberspace and protecting a rules-based order, also in the digital domain,” Bart Hogeveen, head of cyber capacity building at the Australian Strategic Policy Institute’s International Cyber Policy Centre, told the newspaper.
In 2023, nations can expect to see more intrusions by nonorganized and nonstate attackers, according to Mandiant, a United States-based cybersecurity firm. Mandiant also predicts that Iran, North Korea, the People’s Republic of China and Russia will be “highly active” in 2023, using destructive attacks, information operations and financial threats.
The Quad created the Cybersecurity Partnership to address such threats, particularly from North Korea.
“In an increasingly digital world with sophisticated cyber threats, we recognize an urgent need to take a collective approach to enhancing cybersecurity,” Quad leaders said in a joint statement following a Tokyo summit in early 2022.
The White House estimates that Pyongyang has funded 30% of its weapons of mass destruction programs though illegal cyber activities.
“North Korean malicious cyber activity is of significant concern,” Anne Neuberger, U.S. President Joe Biden’s deputy national security advisor for cyber and emerging technologies, said in November 2022. “You saw we attributed a number of North Korean cyberattacks against cryptocurrency infrastructure that we believe netted North Korea vast sums of money.”
Neuberger said the U.S. and its allies are using multiple tools to find illicit North Korean cyber activity and sanction those responsible. “Our work in countering the DPRK’s [Democratic People’s Republic of Korea’s] malicious cyber activity is both done with close allies and partners, including intelligence cooperation regarding the threat, regarding the actors themselves, as well as work to make it harder to move illicit funds through cryptocurrency infrastructure,” she said, using North Korea’s official name.
Quad leaders have committed to improving critical cyber infrastructure by sharing threat information, identifying and evaluating potential supply chain risks for digitally enabled products and services, aligning baseline software security standards for government procurement, and leveraging collective purchasing power to improve the software development ecosystem. Australia will take the lead on critical infrastructure protection, India will focus on supply-chain resilience and security, Japan on workforce development and talent, and the U.S. on software security standards. Collectively, they aim to prevent cyber incidents, prepare national and international capabilities for potential incidents, and respond quickly and effectively to incidents if necessary.
“We share serious concerns over ever more complex and destructive threats stemming from malicious cyber actors and the risks they pose to national security and affirm our commitment to enhance the coordination of respective efforts to strengthen capacity building of the Quad members and their partners across the Indo-Pacific region,” according to the Cybersecurity Partnership’s principles. “We reaffirm the importance of enhancing collective efforts to increase our cybersecurity workforce, based on the shared recognition that cyberattacks are increasing and becoming more complex, and we also share the challenge of generating adequate expertise. In addition to capacity building, Quad members will work together to enhance our collective cybersecurity workforce and pool of talented cyber professionals.”
IMAGE CREDIT: ISTOCK