A case for elevating the cyber–maritime security nexus

Summary

• A safe and secure Indo-Pacific maritime domain is vital to the UK, Australia and Southeast Asian states for their national prosperity. While there are common objectives, the three parties have different priorities, capabilities and areas of expertis.
• There’s a long history of multilateral cooperation between Southeast Asia and Australia, among other key partners. In the post-Brexit context and in the light of the UK Government’s Indo-Pacific tilt, London would do well to harmonise its maritime engagements with allies such as Australia and align its activities with priorities of Southeast Asian partners.
• While maritime security cooperation at sea tends to be dominated by activities, programs and operations of navies, we recommend taking a comprehensive approach to maritime security cooperation that includes partnerships with non-military actors and considers civilian-related aspects of maritime security.
• In finding a value-added role in the crowded space of maritime security cooperation and capacity building, we suggest exploring UK–Australia–ASEAN cooperation on issues of technology, cybersecurity and maritime-based digital infrastructure. Those are transformational aspects that will define the future of maritime activities in the Indo-Pacific and affect Southeast Asia’s safety, security, livelihoods and regional economic competitiveness.
• This scoping report recommends UK–Australia–ASEAN cooperation to elevate and further explore the cyber–maritime security nexus.

Introduction: Understanding maritime security in the Indo-Pacific

The Indo-Pacific strategic concepts promulgated by Japan (reaffirmed in 2016)¹, the US (2017)², Australia (2017)³, India (2018)⁴, Germany (2020)⁵, the Netherlands (2020)⁶, the EU (2021)⁷, France (reaffirmed in 2021)⁸, the UK (2021)⁹ and others demonstrate the region’s geostrategic significance. While the various concepts differ significantly in scope, essence and strategy, they share one commonality: the idea of connected oceans in which Southeast Asian nations sit at the heart and form the epicentre of great-power competition that has come to define the Indo-Pacific. The region has become a ‘crowded space’ as the long-term and newer actors increase various engagement initiatives.

But Southeast Asia isn’t only an arena of competition: the region—collectively and as individual economies—has agency. ASEAN nations are able to steer competitors and partners towards meeting their own priorities.¹⁰ They’ve also been able to steer the global involvement towards political–military, economic, infrastructure and environmental agenda. While their overarching interests converge, the UK, Australia and their closest allies should acknowledge there may at times be divergences in approaches, activities and underlying values compared to those of ASEAN states.

In ASEAN’s 2019 Outlook on the Indo-Pacific, the 10 member states recognised the maritime domain as the foremost area for cooperation.¹¹ However, the exact meaning of ‘maritime security’ is far from neatly defined. Discussions on maritime security have mainly focused on law enforcement at sea, the protection of sea lines of communication (SLOCs), the adequate management of fisheries and offshore resources, and the maintenance of sovereign maritime borders. By and large, issues of maritime security tend to focus on areas of regional security, transnational crime activities, economic and resource management, the marine environment and marine safety.

The maritime agenda is shared by ASEAN and its partners in the most extensive (by membership) security-focused institution—the ASEAN Regional Forum (ARF), which includes Australia, Canada, China, the EU, India, Japan, New Zealand, the Republic of Korea, Russia and the US along with the ASEAN member states (Figure 1). Table 1 summarises the main forums for maritime security cooperation in the region.

Figure 1: The ASEAN Regional Forum members’ maritime security priorities

Data source: Annual security outlook 2021, ASEAN Regional Forum, 2021, online. Clustering and categorisation by the authors.

Table 1: Key forums for maritime security cooperation

a ‘15th ASEAN Regional Forum’, ASEAN, Singapore, 24 July 2008, online. Source: Authors’ compilation.

The UK’s Indo-Pacific tilt

The UK government’s Global Britain in a competitive age: the Integrated Review of Security, Defence, Development and Foreign Policy presents the Indo-Pacific as a region of increasing geopolitical and economic importance over the next decade and suggests that competition will play out in ‘regional militarisation, maritime tensions and contest over the rules and norms linked to trade and technology’.¹² Therefore, seeking closer engagement with states in Southeast Asia is an essential part of a strategy that seeks to position the UK as a global actor in the era of strategic competition.The UK government’s Global Britain in a competitive age: the Integrated Review of Security, Defence, Development and Foreign Policy presents the Indo-Pacific as a region of increasing geopolitical and economic importance over the next decade and suggests that competition will play out in ‘regional militarisation, maritime tensions and contest over the rules and norms linked to trade and technology’. Therefore, seeking closer engagement with states in Southeast Asia is an essential part of a strategy that seeks to position the UK as a global actor in the era of strategic competition.

Anchors for the UK’s renewed engagement with Southeast Asia in maritime security

The UK became ASEAN’s newest dialogue partner in 2021,¹³ in what was a first milestone after the announcement of the government’s ‘Indo-Pacific tilt’.¹⁴ In the context of the UK’s exit from the EU, London has been looking at the right justifications for its priorities and for ways to meaningfully distinguish itself from, as well as coordinate where possible with, the Indo-Pacific approaches that the EU, France, Germany and the Netherlands have initiated in parallel.

While the Indo-Pacific tilt is new, the UK’s presence in the region, particularly its maritime presence, is not. London maintained a limited presence in Southeast Asia after the UK’s withdrawal in the 1960s and 1970s in the form of small-scale deployments aimed at maintaining bilateral engagements with selected countries. In the past two decades, the UK has also participated in established multilateral exercises that involve ASEAN countries, such as Exercise Bersama Lima and SEACAT (Table 2 and Figure 2). Those exercises involve a large number of ASEAN states and external partners and focus on capacity building in various maritime domains. They aim to address many issues, including current concerns about regional stability and security and long-term efforts in humanitarian assistance and disaster relief (HADR). The recent deployment of HMS Tamar and Spey to the Indo-Pacific are examples of the UK’s engagement with the Pacific. It would be interesting to see if it could become a possibility for future expansion of the scope to the wider Indo-Pacific.

Table 2: Selected flagship and regular multilateral exercises involving Australia, the UK and ASEAN countries

a The exercise was established under the Five Power Defence Arrangements (FPDA). It’s been through many iterations since the first Exercise Bersatu Lima in 1972, including multiple expansions and renamings over the years. Exercise Bersama Lima was inaugurated in 2004 and was replaced by Exercise Bersama Gold in 2021 to celebrate the FPDA’s 50th jubilee. Source: Authors’ compilation based on official information.

Figure 2: Key multilateral exercises by Australia or UK with ASEAN countries in the Indo-Pacific

This map includes naval exercises by the UK, Australia with Southeast Asian partners in the Indo-Pacific conducted since 2013. The multilateral and enduring exercises are marked in orange. The data set can further be filtered for partners involved, key exercise themes and frequency.

The UK’s new maritime security effort to engage ASEAN states has revolved around Operation Fortis which involved the CSG 21 to conduct a variety of exercises in and around Southeast Asia between June and December 2021. This included bilateral passing exercises (PASSEX) with Thailand,¹⁵ Malaysia¹⁶ and Vietnam¹⁷ navigating through the South China Sea in 2021.¹⁸

A factor in this effort is the UK’s ability to maintain sustainability and a regular at-sea presence. London’s early diplomacy and activities under the Indo-Pacific tilt still needs to be calibrated. With the new initiatives, however, London also needs to be sensitive to perceptions and even reputational risks in the region. Part of the scepticism about the UK’s role in the Indo-Pacific arises from the fact that the ‘Global Britain’ aspiration has a predominantly Euro-Atlantic focus.¹⁹ The arguments also stress the UK’s stronger reliance on the US at the expense of its interconnectedness with Europe.

Australia’s Indo-Pacific policy

As a maritime nation at the juncture of the Indian and the Pacific oceans, Australia pursues comprehensive and proactive maritime security engagement in the region. Canberra’s most recent policy expressions—the 2017 Foreign Policy White Paper²⁰ and the 2020 Defence Strategic Update²¹—have emphasised the importance of the maritime rules-based order and the value of cooperation with regional partners. Australia perceives the maritime domain as one of the key battlegrounds for China’s coercive practices, particularly in the South China Sea.

The Royal Australian Navy has a history of participation in maritime security exercises in the region, including multilateral exercises. Unlike the UK, Australia served as host and initiator of exercises that engaged numerous ASEAN states and other Western allies, for example Indo-Pacific Endeavour and Exercise KAKADU (see Figure 2). The exercises also had sizable scale and scope, including antisubmarine warfare and live-firing training with the intent of sharpening proficiency and interoperability. These are signs of significant commitment.

Compared with the UK, Australia has the advantage of being a residential actor in the region. Combined with an enduring track record of working with a closely knit network of regional partners across different agendas, as well as the recently annualised Australia–ASEAN summit, the engagement from Australian partners has stretched beyond official channels through civil society, research, industry and think-tank communities.

In fact, stability in the maritime domain, particularly in the South China Sea, has been a common concern for Australia and the UK. Opposition to China’s militarisation of the artificial islands, the dangerous use of coast guard and maritime militia that undermined countries’ maritime rights and freedoms were reiterated in the most recent Australia-UK Ministerial Consultations (AUKMIN) in January 2022.²² Boris Johnson’s government recognises the value of Australia’s long standing connection to Southeast Asia. In the bilateral virtual meeting in February 2022, the UK committed £25 million to strengthen regional resilience in areas including cyberspace, state threats and maritime security.²³ This complements Australia’s ongoing efforts in supporting regional security and reaffirms mutual shared commitment to working with ASEAN.

Anchors for Australia to partner with the UK and Southeast Asia

Australia—ASEAN’s first dialogue partner—has had a history of engagement, including naval exercises and maritime capacity building, for decades, including invitations to Southeast Asian partners to join as observers to local and regional exercises.

In recognising the importance of regional engagement, Australia secured commitment from Southeast Asian partners to directly address threats against their territory. Australia’s engagement focus has also shifted from support to countering illegal activities at sea and providing HADR to strengthening regional maritime security and stability. This probably reflects the intensity and volatility of the Indo-Pacific waters.

Australia doesn’t have claims in the regional maritime disputes in the South China Sea, but it has vested interests in supporting the applicability of the UN Convention on the Law of the Sea (UNCLOS²⁴) and the safety of sea lines of communication (SLOCs) for trade and passage. As co-chair of the ARF inter-sessional meeting on maritime security 2018-21, Australia has overseen a variety of confidence-building, regional support, training and workshop activities on UNCLOS that were initiated by individual ARF member states.²⁵

In the past, Australia has lent a diplomatic voice to Southeast Asian partners, including by supporting and calling for the implementation of the 2016 Permanent Court of Arbitration ruling in the case between the Philippines and China.²⁶ Australia as a maritime nation is invested in securing the commercial interests of maritime trade,²⁷ and the security of the maritime domain has also come to the forefront of strategic competition. This is in sync with the UK’s diplomatic support for a legal approach to the management of disputes. The UK has also supported the PCA ruling, as well as Southeast Asian nations’ note verbale to the UN in objection to China’s excessive claims.²⁸

In Australia’s recent efforts to play a more influential role in Southeast Asia,²⁹ the government announced a range of financial ‘packages’ that constituted the largest Australian funding for the region since assistance after the 2004 Indian Ocean tsunami.³⁰ Measures announced by Prime Minister Scott Morrison in November 2020 included a A$65 million investment to further support regional maritime states to develop their marine resources sustainably and to address challenges, including through enhanced training, technical advice and cooperation.³¹

In Southeast Asia, where postcolonial sensitivities linger, it’s important for both London and Canberra to calibrate new initiatives with adequate diplomacy and make sure the engagements are sustained for mutual benefit. This is particularly pertinent when the concept of the ‘Anglosphere’ is invoked.³² The following section highlights the complexity of Southeast Asian positions towards UK–Australian ambitions to play a stronger role in the region. Their adequate understanding is critical for sustainable and effective engagement frameworks.

Southeast Asian views of the recent UK and Australian maritime security engagement

Southeast Asian nations’ attention to the UK’s role and interests in the region was heightened after the deployment of the UK’s Carrier Strike Group 21 (CSG-21) in 2021. Although the UK’s military role in Southeast Asia isn’t new, CSG- 21’s presence in Asian waters produced a wave of reactions. During its 28-week deployment, CSG-21 visited some 40 countries and took part in more than 70 defence diplomacy activities across Europe, Middle East and Asia, which included training exercises and port visits. It was the UK’s largest operational naval deployment to Asia since the 1997 handover of Hong Kong.³³

While the deployment was welcomed in some capitals, others expressed concern. Jakarta found the British naval presence worrying and perhaps contributing to further militarisation of the region. Indonesia was never fond of the Five Power Defence Arrangements (FPDA) established in 1971, which involved the UK, Australia, New Zealand and its neighbours Malaysia and Singapore, but excluded Indonesia. The renewed activeness and ambitions of the UK in this domain invoked postcolonial discomfort. Indonesian strategists are concerned about an increasing ‘strategic overcrowdedness’³⁴ caused by the renewed interest of ‘external powers’ in Southeast Asia. There is a feeling that too many naval ships exercising in the disputed waters may lead to incidents or accidents.

Hanoi, on the other hand, viewed the UK’s maritime activity positively. The Vietnamese government has applied a strategy of involving, rather than alienating, ‘external powers’. Due to power imbalances and China’s growing dominance in the South China Sea, its active militarisation activities and relentless challenge to other countries’ offshore resource rights, Vietnam has actively sought external partners’ involvement and engagement in the region. Moreover, for Hanoi, good relationships are also a function of improving trade relations. Vietnam and the UK have recently finalised a bilateral trade agreement, opening the post-Brexit British market to Vietnamese products and integrating the UK with the Asian economy.³⁵ Singapore was also among the more welcoming Southeast Asian nations, although it stresses the need for a UK presence to be ‘principled, persistent and purposeful’.³⁶

However, regional nations’ attention was most sharply focused by the announcement of the Australia–UK–US trilateral security partnership (AUKUS) in September 2021.

Predictably, individual countries reacted with varying degrees of concern. The dominating concern is that the new security arrangement could be a catalyst for a nuclear arms race in the region and might provoke some countries to act aggressively, especially in the South China Sea. Malaysian Prime Minister Ismail Sabri Yaakob expressed that view directly to Scott Morrison, while Indonesia’s Foreign Ministry stated that it was ‘deeply concerned’ about the ‘continuing arms race and power projection in the region’.³⁷ Both cited commitments engraved in ASEAN norms: the Zone of Peace, Freedom and Neutrality (ZOPFAN) in 1971 and the Treaty of Amity and Cooperation (TAC) in 1976, to the latter of which Australia acceded to when it joined the East Asia Summit (EAS) in 2005.³⁸ They called on Canberra to refrain from adding to regional tension. It was kept in the dark about AUKUS despite the fact that it had a ‘2 + 2’ dialogue (defence and foreign ministers’ meetings) with Australia just before the announcement.³⁹ However, in the following months, after some efforts towards direct communications from the Australian Government, Indonesian Defence Minister Prabowo Subianto has been reported as saying that he understands and respects AUKUS.⁴⁰ Cambodia was alarmed by AUKUS and the nuclear-powered submarine deal and invoked international commitments to non-proliferation.

The Philippines produced self-contradicting statements from the government. President Rodrigo Duterte labelled AUKUS as an ‘arms race’, while Secretary of Defence Delfin Lorenzana and Foreign Minister Teddy Locsin both said that Australia has every right, and capacity, to shore up its own defence.⁴¹ Thailand, a treaty ally of the US, maintained an enigmatic attitude, making no direct statements or comments on the AUKUS announcement. Singapore⁴² and Vietnam⁴³ were more measured. Both agreed that each country is responsible for its own security, as long as it doesn’t contribute to a regional arms race. Both are strategically astute and are aware of the growing security concerns in the region and the region’s limited capability to respond to those challenges. So, while they comprehend the AUKUS rationale, they both emphasise the need for keeping nonproliferation commitments, as well as the need for greater transparency in communicating new security partnerships that may affect the region as a whole.

Despite disparities in their assessments of the strategic value of AUKUS, the overall Australia–ASEAN relationship is wide-ranging and didn’t seem to suffer, and, just a month after the AUKUS announcement, the elevation of the relationship to a comprehensive strategic partnership was announced.⁴⁴

The fact that there was no joint ASEAN statement on the issue reflects divergence of views internally. This granularity of regional interests and views is to remind London and Canberra that receptiveness to their individual as well as collective initiatives will remain varied. Given those political sensitivities, and the concern that the UK’s Indo-Pacific involvement has been too defence-focused, it would be good for London to consider areas for maritime security cooperation and capacity building that would include more civilian elements of maritime security. It is also the reason why our report recommends practical areas of cooperation—ones that prioritise collective benefit.

It is important to note that, despite Southeast Asian diplomatic narratives, there are real concerns about the fragile regional stability. China’s active militarisation in the South China Sea and gradual control of the waters put increasing pressure on the littoral states. Recent reports suggest that Beijing has fully militarised three islands with anti-ship and anti-aircraft missile systems, laser and jamming equipment and fighter jets,⁴⁵ which undeniably adds to the already asymmetric balance of power in the region. In such a context, cooperation with external partners on all fronts, particularly when the resources are limited and especially in the post-Covid circumstances, should be welcomed.

And there’s no shortage of areas where Southeast Asians would be open to cooperative efforts and collaborative mechanisms. Many studies have defined the prospects and challenges around the application of international law, resolving territorial disputes, maritime deterrence, protecting offshore resources, combating unregulated fishing, piracy, transnational crime, strengthening law enforcement, and addressing the more pressing environmental crisis.⁴⁶

While we agree with the severity of these issues and the need for the involvement of multiple stakeholders involvement in this report, and through the specific prism of UK-Australian-ASEAN cooperation, we suggest a focus on the nexus of maritime security and cyber and emerging technologies. This is an under-studied area but which has the potential to drastically shape the nature of maritime security in the years ahead. It is related to the safety and security of deep-sea vessels at sea and maritime commercial on-shore infrastructure as well as the monitoring of human and natural activities at, below and above sea level; the security of sea lines of communication, maritime supply chains and increasingly critical submarine communications infrastructure.

Exploring UK-AU-ASEAN maritime security cooperation: a case for cyber and technology capacity building

Our main recommendation for UK–Australia–ASEAN collaboration is to explore the newer and rapidly developing, but far less chartered areas of cybersecurity and emerging technologies and their application in the maritime security domain.

In cyber and technology issues, the UK and Australia have a demonstrated track record and expertise, experience and approaches. It’s also an area in which the UK and Australia can reasonably expect to have resources, drawn from the public and private sectors, to sustain this effort. Most of all, it’s also an area of growing interest from partners in Southeast Asia which are putting digital transformation and Industry 4.0 at the forefront of their (post-Covid) development strategies.⁴⁷

At the nexus of cyber, technology and maritime security, limited qualitative data currently exists on cybersecurity in Southeast Asia or the take-up of emerging technologies in the maritime sector. Given the UK’s and Australia’s global credibility in this space, and the importance of cyber and tech for the future stability of the region, we explore four potential areas of cooperation: cybersecurity and digital transformation in the maritime industry; digital and emerging tech in the maritime domain; supply chains; and the security of submarine digital infrastructure.

Cybersecurity and the maritime industry’s digitisation transformation

The digitisation of shipping processes and the automation of oceangoing vessels, operators, insurers, certifiers, onshore facilities, and maritime safety and security agencies have surged in the past few years. IT and OT (operational technology⁴⁸) systems have become critical to the functioning of ships and the safety of their crews and cargoes, and also help shipping to navigate safely and securely through troubled Indo-Pacific waters. That said, given the lifespan of industrial assets (for ocean-going vessel about 25–30 years), much offshore and onshore infrastructure operate with legacy software, which is a known ICT security risk.⁴⁹

Various maritime-specific cybersecurity incidents have occurred that have resulted in the malfunctioning of critical control systems, in ships and onshore facilities; the exfiltration of sensitive data that’s monetised by criminals, including pirates; the manipulation of systems to allow for trafficking and smuggling activities to occur unnoticed; commercial and military espionage, for instance of ship designs, lading and trading routes; spoofing of navigation systems; and manipulation of identification transmissions.⁵⁰

The maritime sector is known to lag other comparable industries in its level of cybersecurity maturity. ‘C-suite’ boardrooms still don’t adequately acknowledge cybersecurity as a business continuity risk.⁵¹ That isn’t unique to the maritime industry and, in fact, is unfortunately common practice across Southeast Asian industries. However, the potential consequences of cybersecurity incidents for ships, logistics or port facilities are massive and long term.

An incident in 2021, in which the MS Ever Given obstructed traffic in the Suez Canal, immediately reverberated through global supply chains and demonstrated the dependence of the world economy’s on accurate forecasting capabilities.⁵² There’s little room for errors or delays. The maritime domain in and around Southeast Asia is becoming of greater geopolitical and geo-economic importance, and there’s an increased likelihood that non-state and state actors will try to disrupt, manipulate or coerce actors. With the automation of navigation and the vulnerability of navigation systems, for instance to spoofing, a crisis could be easily caused.

Other examples include some shippers being complicit in manipulating their own IT systems. In 2018, a Singapore-managed oil tanker spoofed its GPS data to conceal from authorities a mid-sea transfer of petroleum to a North Korean ship, thereby circumventing UN sanctions.⁵³ The same thing occurred with an Iranian ship in 2013 off the coast of Malaysia.⁵⁴ Those tactics are also being used to disguise illegal, unreported and unregulated fishing, which is an issue pertinent to maritime security for most Southeast Asian nations.

Initial efforts to boost cyber resilience by the Southeast Asian shipping industry are underway, but they’re far from concerted. In late 2021, Singapore’s Maritime and Port Authority organised a first cybersecurity exercise involving two port terminal operators and a shipping company.⁵⁵ In 2021, the International Maritime Organization issued recommendations for maritime cyber risk management, mirroring standing international good practices but with compliance and enforcement remaining voluntary.⁵⁶

A first stepping stone for cybersecurity capability is access to incident-response resources. In 2018, a private-sector initiative was announced by Wärtsilä Corporation and Templar Executives to establish an international maritime cyber centre of excellence, including a maritime-sector computer emergency response team, based on similar capabilities for the financial sector.⁵⁷ The UK Government has supported British cybersecurity company CyberOwl to establish a footprint in the region.⁵⁸ The Australian Government has been promoting business opportunities in Southeast Asia for the Australian local cybersecurity industry, too, although that effort is yet to have a specific maritime focus.⁵⁹ At DEFCON, one the world’s largest annual hacking and security conferences, a Hack the Sea competition is being organised to specifically test cybersecurity in a maritime environment.⁶⁰ For now, however, these efforts are just a drop in the ocean, given the magnitude of Southeast Asia’s maritime activity and the lack of an industry- and region-wide approach and apprehension of the risk.

Emerging digital technologies in the maritime domain

Digital and emerging technologies are starting to disrupt conventional business models and operations in the maritime industry. Gains in efficiency are achieved through the introduction of digital components in the shipping ecosystem, such as smart ships and e-ports.⁶¹ Next-level steps will include the introduction of partly autonomous surface ships, additional robotics and further automation of loading and offloading procedures.

Access to ‘maritime big data’, in combination with applications based on artificial intelligence and machine learning (AI/ML), will help to inform decisions on most efficient routing, precise and reliable forecasting of scheduled arrivals, subsequent docking, off-boarding, load forwarding and reloading decisions, and risks related to maintenance and accidents.⁶² These emerging technologies also play a fundamental role in gathering and analysing meteorological, oceanographic and hydrographic data. They are also being applied to efforts related to responsible fishing (and combating illegal, unreported and unregulated fishing), the tracking of maritime pollution and the monitoring of maritime economic resources and biodiversity. For instance, Verumar, a programme focused on increasing situational awareness and fisheries management and supported by the UK’s Space Agency, identified nine groups of technologies that are disrupting fishing and other marine economic activities. They include space-based observation technologies, such as low-Earth orbit (LEO) satellites; global navigation satellite systems, such as GPS, Galileo, Beidou and GLONASS; sensors and Internet of Things (IoT) devices; 5G connectivity; and data infrastructure and data processing (AI/ML, analytics.)⁶³

These opportunities for broader and deeper maritime domain awareness (MDA), both onshore and offshore, have been at the centre of ongoing ARF attention. MDA is currently perceived fairly narrowly and restricted to highly traversed routes and those maritime areas under the supervision of coastguards. Human activities, marine animal movements and climatic trends occurring farther out to sea and below the surface remain largely unknown. LEO satellites will provide greater connectivity and coverage, especially in less serviced and remote areas,⁶⁴ and better AI/ML is already helping to map and forecast movements in the ocean, such as sea-level change, currents⁶⁵ and pollution dispersion.⁶⁶ Unfortunately, Southeast Asia is also the world’s epicentre of marine pollution, especially plastics.⁶⁷

The application of those technologies can also extend to assisting maritime operators in complying with existing international and domestic security provisions, such as the UN sanctions list, and helping maritime security agencies with oversight and compliance.⁶⁸

Boosting the adoption of emerging technologies in parallel with improving cybersecurity in Southeast Asia’s maritime domain will contribute to strengthening overall awareness of civil and maritime security agencies, which not only supports security operations and law enforcement efforts but also offers new opportunities for more effective forms of marine protection and sustainable maritime socio-economic development. In global technology and standards-setting debates, the UK, Australia and Southeast Asia should consider how to reflect maritime requirements in those negotiations.

The Southeast Asian maritime sector will probably be best served by applications that rely on open, interoperable and secure digital infrastructure, given the sector’s global character, the many and diverse port infrastructures in Southeast Asia operated by many multinational service providers, and the traffic density in regional waters.

In the light of increasing risks of rising political, military and economic tensions in the Indo-Pacific, maritime nations in Southeast Asia should seek multinational and multi-stakeholder partnerships to adequately consider and address the potential risks of digitalising critical economic sectors. It appears Southeast Asian partners would benefit from access to expertise and opportunities to exchange experiences with peer communities in North and Northwestern Europe as well as in Oceania.

Digital technology and maritime supply chains

The maritime sector is a critical avenue for shipping resources and components for the world’s production and deployment of ICTs, tech hardware and batteries. For instance, supplies of critical, strategic or pivotal metals extracted in Australia that need to be transported to processing facilities in Southeast Asia and China. As acknowledged by the Australian Government, ‘technology supply chains are increasingly global, interdependent and complex’ and that there’s a need for transparency as ‘some states seek to leverage supply chain vulnerabilities for strategic advantage and as a possible vector for coercion.’⁶⁹

In January 2022, due to delays and disruptions in global shipping, Australia’s Lynas Rare Earths opted to charter its own vessel and secure continuity of supply to customers through a processing facility in Malaysia.⁷⁰ Overall, the industry is expected to need to meet demands for faster and more accurate and predictive shipping. As in particular Southeast Asia has been riding the wave of e-commerce⁷¹ , major manufacturers will require logistics partners that can ship more smaller loadings more instantly. That requires maritime transporters to be more flexible and agile. An ‘Uberisation’⁷² of maritime transport is already taking shape which may involve, in due course, a greater number of shippers operating with more small- and medium-sized transporters.⁷³

Onshore, attention is shifting to the digitisation of processes at ports. This includes the establishment of interoperable data hubs where shippers, ports, buyers and sellers can instantly exchange data and communicate across the different transport segments; effective track and trace systems; the digitisation of the paper trail that accompanies international shipping, such as customs clearances and bills of lading; and the use of blockchain technology to ensure the safety and integrity of official documents and compliance with regulations.⁷⁴

Altogether, these technological applications contribute to improvements in the transparency and security of financial transactions, including through government efforts to tackle trafficking, money laundering, tax evasion, organised crime and terrorism financing.

Security of marine-based digital infrastructure

A fourth component at the intersection of maritime security and cyber and tech is the security of submarine infrastructure. This mainly refers to the fibre-optic comms cables and relay stations that have been laid on the ocean floor and now transport 95% of the world’s data (Figure 3).⁷⁵

Southeast Asia is not only a choke-point for maritime trade but also for internet connectivity. With a high concentration of fibre-optic cables landing in and traversing through the region, Southeast Asia is gradually developing into a hub for hyperscale data providers in the region’s digital economy.⁷⁶ At the same time, Southeast Asian nations have been tightening ICT-related regulation and have imposed requirements on technology and connectivity providers that amount to establishing sovereign borders on the internet.⁷⁷

Figure 3: Submarine cable map of the Indo-Pacific

Source: ‘Submarine cable map 2021’, TeleGeography, online.

While deliberate disruptions to physical submarine communication systems won’t be difficult to cause, especially when exact locations are known, cables are more likely to get damaged as the result of natural disasters or accidental collisions.⁷⁸ The Indonesian government recognised that vulnerability when, in March 2021, the Ministry of Fisheries and Maritime Affairs tasked the Indonesian Navy’s Hydrography and Oceanography Centre to map and potentially rearrange its underwater geophysical landscape of cable and pipes to mitigate potential threats.⁷⁹ For unconfirmed reasons, Chinese survey vessels have been extensively surveying contested waters in the South China Sea.⁸⁰ The survey areas coincide with the locations of major internet cables that connect mainland China with the rest of the world, predominantly through Singapore.

Another important factor to consider is the increasing imbalance in demand and supply. While private and public investors are keen to expand the regional cable network, the market is dominated by only five companies that provide cable-laying and maintenance services: Nokia Alcatel (Finland, France, UK); TE-Subcom (Switzerland, US); NEC (Japan); Fujitsu (Japan); and Huawei Marine (China). Submarine communications infrastructure has become a matter of geo-economic importance, particularly in places that are contested or have a low density of connection points. Australia, Japan and the US have ramped up investments in new and redundancy cables in the Indo-Pacific in efforts to head off competing Chinese investments.

Given the inherent physical vulnerability of the cable system and its critical importance to economies across the Indo-Pacific, boosting its resilience is an important priority. This includes up-to-date domain awareness, regular and updated security and safety reviews, consideration of the expected global shortage of maintenance and repair resources and adequate redundancy. With Britain’s world-leading expertise in hydrography and as host to the International Cable Protection Committee, the UK government could facilitate and stimulate greater knowledge in the Indo-Pacific of the maritime security dimensions of (dense networks of) submarine cables and shape effective regional risk mitigation responses.

Recommended next steps for cooperation

Integrating cyber and tech considerations into maritime security engagements offers the UK, Australia and Southeast Asia ample opportunities to construct a holistic agenda that will help to underpin regional security, and ward off threats to it. Moreover, given the nature of the agenda, it doesn’t require either a permanent, or even a physical, presence in the region.

The cyber and tech area enables the three partners to start collaborating in practical efforts that are shareable and scalable, are inherently civil in nature, and don’t require full political alignments from the outset. It’s a suitable area not only for regional but also for interagency cooperation.

Three recommended areas for next steps are:

1. Investigate the needs and interests for a Southeast Asia-focused maritime sector-focused information sharing and analysis centre (ISAC). ISACs are non-profit organisations formed by critical infrastructure owners and operators to share information between government and industry.⁸¹ The ISAC should look at potential financial, staffing and infrastructure requirements. Given the current level of cybersecurity awareness and apprehension of the industry, a maritime-sector ISAC may initially require public funding before it can operate on a not-for-profit commercially viable basis. Such a service could be explored as part of a review of the mandate of ReCAAP.
2. Explore developing a program of work on standards and norms related to emerging technologies and their impact on the maritime sector and maritime security, for instance through the Global Partnership on AI of which the UK, Australia and Singapore are members, and with a focus on maritime domain awareness.
3. Facilitate the establishment of (informal) maritime and tech security communities of practice on issues such as cybersecurity trends and responses, and the security of submarine cable infrastructure and risk mitigation; and between individual governments’ hydrographic offices.

A further and deeper exploration of operational objectives for these areas is required, alongside a review of potential partners and delivery mechanisms. It will be crucial to work with existing and emerging local capabilities that can be supplemented by targeted UK and Australian expertise and enablers.

Since most cyber and tech dialogues take place outside of Southeast Asia’s conventional governance forums, it’s important for the UK to ascertain its ambitions, roles and representation, ideally in close coordination with Australia.

Conclusion

In this report, we’ve considered the landscape for maritime security cooperation, with a focus on exploring opportunities for new, practical and critical areas for cooperation that equally leverage the strengths of the UK, Australia and Southeast Asian partners. We’ve looked at potential areas of common interest in the military and civilian domains and reviewed the UK’s and Australia’s own national strategies in the Indo-Pacific and their respective national assets, as perceived by Southeast Asia. We’ve also noted that maritime security capacity building is seen as a crowded domain in which many international actors are already seeking to win the hearts and minds of partners in Southeast Asia.

There is a plethora of areas where the UK, in partnership with Australia, could contribute to maritime security in Southeast Asia. We suggest a reinvigorated plurilateral cooperation among the UK, Australia and Southeast Asian countries to focus on newly emerging areas that are yet underserved with attention, resources and policies. This isn’t a one-way engagement in which Southeast Asia is merely the beneficiary or recipient of engagements or technical assistance.

We’re making the case for elevating cybersecurity and emerging tech dimensions of maritime security. Managing the advent of new technologies in Southeast Asia’s maritime operations—military, civil and commercial—and securing the confidentiality, integrity and availability of systems and networks will increasingly underpin the safety and security of the maritime domain, including the legal aspects of maritime borders. Securing the digital components of the maritime domain is of common interest to all stakeholders, which is exemplified by our joint political and economic dependence on the region’s undersea fibre-optic cable systems.

For future steps, we recommend further in-depth studies to explore key priority areas for cooperation and to grasp the diverging and converging perceptions of urgency among Southeast Asian, Australian and British maritime security community groups. Such a survey should look with granularity at capacities, interests and priorities of and among ASEAN member states. A follow-up quantitative survey would be able to demonstrate the views of larger groups of stakeholders—governments, security services and the maritime industry—across the region. This would involve a systematic study that extends beyond security dialogues, discussions and roundtables of known experts and policymakers.

An in-depth study would be able to recognise individual countries’ preferences, measure capacity gaps among them and thus precisely identify the most effective modalities of cooperation. By having an understanding of converging priorities, the UK and Australia will be able to design an engagement and capacity-building framework that’s as sustainable as possible. That way, the UK and Australia could better position themselves as preferred partners of choice in maritime security in the Indo-Pacific.

Above all, we emphasise that, regardless of the issue-specific area of maritime security cooperation, engagements by the UK and Australia and jointly with Southeast Asia need to be enduring and continuous, based on mutual understanding and built on existing practices. Those are the key foundations for a lasting and effective cooperation with mutual benefit at the core.

Acknowledgements

The authors thank Dr Collin Koh Swee Lean (RSIS), Dr Anthony Bergin (ASPI), Charles Brown (Booz Allen Hamilton) and Jocelinn Kang (ASPI) for their helpful comments on an earlier draft of the report. We also acknowledge the contributions from consultations with colleagues from Australia’s Department of Foreign Affairs and Trade, the Royal Australian Navy’s Sea Power Centre, King’s College London, and various Southeast Asian think tanks and Southeast Asian maritime and cybersecurity industry.

Other ASPI research staff have also contributed to this report.

The conclusions are the authors’ own, and represent neither the views of any government nor a consensus of the experts consulted.

About ASPI

The Australian Strategic Policy Institute was formed in 2001 as an independent, non‑partisan think tank. Its core aim is to provide the Australian Government with fresh ideas on Australia’s defence, security and strategic policy choices. ASPI is responsible for informing the public on a range of strategic issues, generating new thinking for government and harnessing strategic thinking internationally. ASPI’s sources of funding are identified in our Annual Report, online at www.aspi.org.au and in the acknowledgements section of individual publications. ASPI remains independent in the content of the research and in all editorial judgements. It is incorporated as a company, and is governed by a Council with broad membership. ASPI’s core values are collegiality, originality & innovation, quality & excellence and independence.

ASPI’s publications—including this paper—are not intended in any way to express or reflect the views of the Australian Government. The opinions and recommendations in this paper are published by ASPI to promote public debate and understanding of strategic and defence issues. They reflect the personal views of the author(s) and should not be seen as representing the formal position of ASPI on any particular issue.

Important Disclaimer

This publication is designed to provide accurate and authoritative information in relation to the subject matter covered. It is provided with the understanding that the publisher is not engaged in rendering any form of professional or other advice or services. No person should rely on the contents of this publication without first obtaining advice from a qualified professional.

© The Australian Strategic Policy Institute Limited 2022

This publication is subject to copyright. Except as permitted under the Copyright Act 1968, no part of it may in any form or by any means (electronic, mechanical, microcopying, photocopying, recording or otherwise) be reproduced, stored in a retrieval system or transmitted without prior written permission. Enquiries should be addressed to the publishers. Notwithstanding the above, educational institutions (including schools, independent colleges, universities and TAFEs) are granted permission to make copies of copyrighted works strictly for educational purposes without explicit permission from ASPI and free of charge.

First published March 2022. Cover image: Abstract low poly 3d cargo ship/vectorstock.com

Funding

Funding support for this report was provided via a grant from the UK Foreign, Commonwealth and Development Office through the UK High Commission in Canberra through a competitive grant proposal bidding process.

1. Ministry of Foreign Affairs, ‘Foreign policy: Free and open Indo-Pacific’, Japanese Government, 2022, online. ↩︎
2. The White House, National Security Strategy of the United States of America, December 2017, online. ↩︎
3. Department of Foreign Affairs and Trade (DFAT), 2017 Foreign Policy White Paper, Australian Government, 2017, online. ↩︎
4. Ministry of External Affairs, ‘Prime Minister’s keynote address at Shangri-La Dialogue’, Indian Government, 1 June 2018, online. ↩︎
5. Federal Foreign Office, Policy guidelines for the Indo-Pacific region, German Government, September 2020, online. ↩︎
6. 
   Indo-Pacific: Guidelines for strengthening Dutch and EU cooperation with partners in Asia, Netherlands Government, 2020, online. ↩︎
7. EU Strategy for cooperation in the Indo-Pacific, European Union, 2021, online. ↩︎
8. ‘France’s Indo-Pacific Strategy’, French Embassy, Canberra, 2021, online. ↩︎
9. Louisa Brooke-Holland, Integrated review 2021: The defence tilt to the Indo-Pacific, UK Parliament, October, 2021, online. ↩︎
10. Huong Le Thu, ‘Southeast Asia: Between asserting agency and muddling through’, in Ashley J Tellis, Alison Szalwinski, Michael Wills (eds), Strategic Asia 2021–2022: Navigating tumultuous times in the Indo-Pacific, National Bureau of Asian Research, 11 January 2022, online. ↩︎
11. ASEAN Outlook on the Indo-Pacific 2019, ASEAN, 23 June 2019, online. ↩︎