Responsible cyber behaviour in the Indo-Pacific

At a time when international discussions on security and collaboration in cyberspace are under pressure from deepening strategic competition, there’s a serious need to develop a deeper understanding of how other states understand what it means to be a responsible cyber actor. This report contributes to that conversation by presenting viewpoints from often under‑analysed state‑based perspectives across the Indo‑Pacific.

This analysis shows that domestic and operational cyber policies, practices and capabilities lack the agreed standards, principles or norms that allow a notion of ‘responsibility’ to be internalised. It’s unlikely that most Indo‑Pacific governments will exercise greater transparency and accountability in their own right, instead pointing to principles of state sovereignty (and non‑interference) and the need to first address capacity shortfalls. Nonetheless, the international community, Tracks 1 and 2, should advance the broadening of the notion of responsible cyber behaviour on the premise that it’s grounded in the existing UN framework. To better understand how states conceive of what it means to be a responsible actor in cyberspace, we must consider how governments and non‑government actors reconcile domestic interests and international commitments. From there, additional standards, principles and guidelines could be developed to address states’ internal and operational responsibilities.