I

n recent years, countries are no longer defensive when it comes to facing a growing number of cyberattacks. The buildup of offensive cyberwar capabilities has become a cybersecurity policy trend among countries.

The Geneva Internet Platform, an initiative supported by Swiss authorities, estimates that 29 countries are currently capable of launching cyberattacks.

One of the most often cited cyberattacks of hacking groups is the concerted cyberattack that hit Estonia in 2007. Estonia was crippled for a couple of weeks when hackers attacked the government, parliament, banking and media websites. Estonia’s government then accused Russia of sponsoring the attack.

Another example was the Wannacry ransomware that attacked 150 countries, including Indonesia, last year. The United States believed that this global cyberattack was sponsored by North Korea.

The United Nations has taken steps to anticipate the negative impacts of the use of information and communications technology (ICT) by states.

In 2004, the UN established a group of governmental experts on information and telecommunications in the context of international security.

From 2004 to 2017, the group produced three reports on the implications of the use of ICT for international security and stability.

In its 2015 report, the UN expert group made a vital breakthrough when its government representatives agreed to add voluntary norms of responsible behavior of countries. Within those norms, countries should not conduct or support or allow their territory to be used for malicious acts using ICT. Countries must not use proxies to commit internationally wrongful acts using ICT.

Countries should help other countries where critical infrastructure is subject to malicious acts.

Nevertheless, the trend of states seeking to own cyber weapons will grow stronger. Many policymakers will view offensive cyber capabilities as an integral part of their defense systems. Cyber weapons are also easier and cheaper than conventional ones, yet capable of administering devastating impacts.

The last thing Indonesia needs is an escalation of this trend into a global cyberwar. Indonesia could suffer unintended consequences, given that Indonesian territory is often used by anonymous actors as a launch pad for cyberattacks. In 2013, Indonesia even superseded China as the world’s top source of cyberattack traffic, according to internet monitoring company Akamai.

According to the Communications and Information Ministry, Indonesia was the target of more than 205 million attacks in 2017.

In a cyberwar, Indonesia could face more concerted attacks that could cripple critical infrastructure, public services and businesses. A cyberwar thus poses a serious threat to Indonesia’s vision to become Southeast Asia’s largest digital economy by 2020.

To anticipate the global buildup of cyberwar capabilities, Indonesia must first officially publish a white paper on its international strategy in cyberspace. Such a document could explain Indonesia’s position on offensive cyber capability and its impact to international security and stability.

Indonesia can also state its peaceful intentions to harness the ongoing ICT revolution and its position against its exploitation for malicious actions. In this scenario, Indonesia could outline its own norms of responsible behavior of states in using ICT.   Indonesia could further publicly claim that its government was not the sponsor of any cyberattack emanating from Indonesia.

Second, Indonesia must initiate bilateral cooperation beyond technical cooperation and capacity-building with countries that have more advanced offensive cyber capabilities.

Such bilateral cooperation should cover many cybersecurity areas, starting from eradicating ICT abuse by criminal and terrorist groups and setting up points of contact for consultation in serious cyber incidents to agreement to refrain from using cyber weapons against each other.

Such cooperation would improve trust and anticipate the involvement of those states in cyber operations against Indonesia.

Lastly, Indonesia must lead the creation of cybersecurity norms in ASEAN. At the 32nd ASEAN Summit held in Singapore in April, the regional leaders committed to creating voluntary norms of state behavior in cyberspace.

ASEAN cyber norms would be crucial in maintaining peace and stability in the Asia Pacific, as it would set standards of behavior for states in using ICT.

 ____________________________

The writer heads the humanitarian issues section at the Center for Policy Analysis and Development on Multilateral Affairs of the Foreign Ministry. The views are personal.