In the second quarter of 2023, New Zealanders reported 1950 cyber incidents representing a direct financial loss of $4.2 million
A popular statistic used to demonstrate the growth of the economic relationship between ASEAN (Association of South East Asian Nations) and Aotearoa New Zealand is that there is now more trade in a week between the two partners than there was in a year when formal relations first began in 1975.
In August 2023, the ASEAN countries, Australia, and New Zealand (collectively AANZ) signed an upgrade to the existing AANZ Free Trade Agreement. But is the ambition for Aotearoa’s relationship with ASEAN restricted primarily to free trade? Or, could we cooperate more closely in other areas? For example, what is the status of the ASEAN-Australia-New Zealand relationship with respect to cybersecurity cooperation?
Over the past decade, New Zealand has announced bilateral cybersecurity cooperation with several countries including Singapore and Australia. Additionally, New Zealand has been part of various multilateral cybersecurity initiatives including through the Asia-Pacific Economic Cooperation (APEC) and the ASEAN Defence Ministers’ Meeting Plus’s executive working group on cybersecurity.
However, these initiatives appear to be limited to discussions and intelligence sharing. If that is the case, there is plenty of room for more cooperation on cybersecurity.
Why does cybersecurity matter?
Every region in Aotearoa is a regular victim to cyber attack. In the second quarter of 2023, New Zealanders reported 1950 cyber incidents representing a direct financial loss of $4.2 million (figures from CERT NZ). Q1 2023 saw similar reported numbers - 1968 cyber incidents and $5.8m in direct financial losses.
Behind these numbers are equally compelling narratives: a hospital that has had to postpone medical appointments because its systems were down; a business unable to trade because its data has been deleted; or an ill-informed capital protest inspired by disinformation operations.
Some sceptics to greater multilateral cybersecurity cooperation may point to the sensitive nature of intelligence sharing. But there are many initiatives that the AANZ countries could coordinate on without having to divulge classified information.
Some ideas include joint research (for example, on cyber attack trends), collaboration on designing global regulations, or co-development of technology tools to protect our information assets. By progressing cybersecurity initiatives together, ASEAN, Australia and New Zealand would have more opportunities to better understand each other’s perspectives and more opportunities to influence each other.
The Christchurch Call is one example of an initiative that could expand cooperation between ASEAN, Australia, and Aotearoa New Zealand.
While cybersecurity is not the Call’s explicit aim (rather, it is to eliminate terrorist and violent extremist content online), monitoring the illicit use of the internet is a common objective.
Presently, Indonesia is the sole ASEAN country that has signed up to the Call, alongside New Zealand, Australia, and over 50 other countries. Getting the other ASEAN countries onboard for this initiative would be a quick win for deepening the AANZ relationship.
Another multilateral initiative that ASEAN countries could consider joining is the Australia-led International Counter Ransomware Task Force.
Globally, some 30,000 websites are hacked every day
To date the Australian-led task force has 42 signatories including Australia, New Zealand and Singapore, the sole signatory from ASEAN. Could Australia, New Zealand, and Singapore shore up their efforts with the rest of ASEAN to get other ASEAN countries to sign on and tackle a global issue together?
Furthermore, the AANZ countries could consider a joint cybersecurity incident response training exercise together, practicing how they would respond to some form of regional cyber attack.
The benefit of this type of initiative is that it not only boosts cybersecurity capability throughout the region, but also enhances people-to-people links amongst the multitude of cyber agencies, critical infrastructure operators, and government communications representatives from participating countries.
Most recently, Auckland Transport’s HOP system was hit by a ransomware attack, resulting in commuters unable to top-up their HOP card balances. A few days later, a Philippine state insurer was hit by the same ransomware group, Medusa.
While it would be optimistic to assume greater cooperation could have prevented the attack, swapping notes from respective post incident reviews would be a valuable exercise for the New Zealand and Philippine national cyber security centres to better respond to future ransomware attacks.
Following on from the recent upgrade to the AANZ Free Trade Agreement, perhaps the governments of ASEAN, Australia, and New Zealand could agree to some quick wins by seeking to upgrade their cybersecurity cooperation as well.
About the author
Takuma Ohashi
Takuma Ohashi is currently pursuing a Master of Strategic Studies at Te Herenga Waka Victoria University of Wellington, supported by the Freyberg Scholarship. He was previously a Senior Manager of Cybersecurity Consulting at Ernst & Young (EY). He attended the 15th ASEAN-Australia-New Zealand Dialogue with the Asia New Zealand Foundation as part of its NextGen programme in October 2023.
The Foundation's Track II programme supports informal diplomacy with thinktanks in Asia on issues and challenges facing the region.
Our NextGen programme offers opportunities for tertiary students and young professionals to kick start their future in foreign, trade and security policy.