Cyber security governance in the Indo-Pacific: Policy futures in Australia, Indonesia and the Pacific

Abstract

The ‘Cyber Security Governance in the Indo-Pacific: Policy Futures in Australia, Indonesia and the Pacific’ Policy Engagement Program (PEP) highlights the strengths and weaknesses in regional cyber security governance. Importantly, it identifies key policy priorities from an Australian, Indonesian and Pacific Island Countries’ (PIC) perspective and, through its recommendations, identifies new paths for cooperative engagement between Australia and its regional partners.Notwithstanding the fact that Indonesia and the PICs have unique socio-political and economic contexts, the PEP online Roundtable Discussion, which formed the foundation of this think piece, highlights many areas of commonality around threats and challenges in the cyber domain. Through an online exchange of ideas between experts from The University of Queensland (UQ), the Department of Home Affairs, Indonesia’s National Cyber and Crypto Agency (BSSN), the Democracy and Integrity for Peace (DIP) Institute, Indonesia and the Indonesian Defence University (Unhan), one can see there are models and initiatives that can be replicated by countries pursuing their own paths to cyber security resilience in the face of rapid technological change.In practical terms, the PEP Roundtable Discussion highlights how Australia has defined its own regulatory and policy approach to defend governments, businesses, and communities from malicious cyber activity. Such an approach has lessons for countries like Indonesia, which is contending with legislative and policy gaps, weak wholeof-government coordination, and a relatively low knowledge base among legislators and policy makers. This is a problem not unique to Indonesia and, indeed, represents a challenge common also to many of the PICs. Ideas and expertise flow both ways, however, and our Indonesian experts have made innovative policy recommendations and identified areas for further engagement.Based on the contributions of our panellists and contributors, there is clearly scope to further tailor regional capacity building programs through increased coordination, knowledge exchange and workshopping of national cyber security legislation and strategic guidance. Inherent in Australia’s Cyber Security Strategy 2020 also are solutions to Indonesia and the PICs outreach and engagement objectives, particularly in the expansion of Joint Cyber Security Centres (JCSCs), which link federal government agencies to their subnational counterparts and also to Micro, Small and Medium Enterprises (MSMEs). Finally, production of popular cyber security media programs, which could be subtitled and streamed across the region, hold promise for raising vital public awareness. Moreover, the think piece highlights the importance of universities as a source of innovation, interdisciplinary research and as a testbed for cyber security competitions, exercises, and ideas. We commend the recommendations to you.