[G7 Special 3] Cyber Vulnerabilities in Developing Countries Are a Threat to All

Japan will chair the G7 Hiroshima Summit from May 19 to 21, 2023, and guide the discussion among the leaders of the Group of Seven nations on the biggest issues confronting the international community. The third and final installment of this series of articles on the G7 and JICA’s international cooperation focuses on cybersecurity. This is an issue requiring urgent action given society’s growing dependence on digital technology.

Much of the infrastructure that supports modern society relies on digital technology. It is used to make mobile payments, manage train and plane schedules, and control the power and water supply. Breakdowns in such critical social infrastructure would have an enormous impact on people’s lives and economic activity and could also threaten national security.

The rapid digitalization of society in recent years has given rise to concerns about cyberattacks that are intended to steal financial assets or attack critical national infrastructure. In 2021, the top oil pipeline operator in the United States became the target of a ransomware attack. This caused a shutdown that lasted for five days and severely affected people’s lives. Developing countries are also increasingly being targeted for cyberattacks. The electric power system was shut down in Ukraine in 2015 and other years and in South Africa in 2019. The personal data of almost all Ecuadorians was leaked in 2019. Health services were interrupted in Botswana in 2020. And Bangladesh’s central bank and Uganda’s mobile money network became targets of cyber heists in 2016 and 2020, respectively.

Cyberattacks have recently become more sophisticated, with hackers sometimes spending months or even years lurking undetected on targeted computer systems and causing massive system breakdowns. Cyberspace has no national boundaries and cannot be safeguarded by the efforts of any one country alone. Strengthening cooperation and partnerships with other countries are essential to protecting our way of life.

The G7 Cyber Expert Group was established by the financial supervisory authorities, finance ministries, and central banks of the G7 countries in 2015. The group is spearheading discussions on ways to promote cybersecurity in the financial sector and strengthen collaboration among the G7 members. And in 2016 at the previous G7 summit hosted by Japan in Ise-Shima, the G7 Principles and Actions on Cyber were announced. Leaders agreed to strengthen cooperation to promote security and stability in cyberspace, including through capacity building.

The Ministerial Declaration of the G7 Digital and Tech Ministers’ Meeting, held on April 29 and 30 ahead of the Hiroshima Summit, addressed six major themes. They include “facilitation of cross-border data flows and Data Free Flow with Trust,” “responsible AI and global AI governance,” and the extension of “secure and resilient digital infrastructure” to developing and emerging economies. References were made in many of these themes to the importance of promoting network security.

Given the rapid global advance of digitalization, emerging and developing countries with weak security measures are increasingly becoming targets or entry points for cyberattacks. This is because hackers often choose locations where defense levels are low. Japan can help reduce such concerns by providing its expertise in cybersecurity.

Japan enacted the Basic Act on Cybersecurity in January 2015 and established the National Center of Incident Readiness and Strategy for Cybersecurity in the Cabinet Secretariat to promote compliance with laws and regulations. It passed the Economic Security Promotion Act in May 2022 and is taking concrete steps to protect critical infrastructure from cyberattacks.

Japan was among the highest-ranked countries in the 2020 Global Cybersecurity Index published by the International Telecommunication Union, an agency of the United Nations. It ranked seventh overall—its score lower by only a slim margin than the top—and it was on par with number-one-ranked United States in terms of measures to strengthen national cybersecurity.

“Japan is regarded as a global cybersecurity leader not only for the measures we’ve enacted but also for the steady progress we’ve made in implementing them,” notes Furukawa Masayuki of the Office for STI and DX in JICA’s Governance and Peacebuilding Department. There is growing demand in developing countries for all kinds of cooperation from Japan, Furukawa asserts, from specific response measures in the event of a cyberattack to enhancing organizational readiness.

Cybersecurity cooperation may involve accessing sensitive national information, so it cannot be implemented without strong mutual trust. The development cooperation provided by JICA and others over the years no doubt serves as a foundation for such trust.

Japan has long provided development assistance for member states of the Association of Southeast Asian Nations, including in the development of cybersecurity human resources. It has organized Japan-ASEAN Cybersecurity Policy Meetings since 2009 to strengthen cooperation and undertake joint initiatives. Furthermore, Japan supported the establishment in 2018 of the ASEAN-Japan Cybersecurity Capacity Building Center in Bangkok, Thailand. To date, the AJCCBC has helped train some 500 government officials and critical infrastructure staff of ASEAN countries.

JICA’s cybersecurity assistance has been increasing over the past few years through local human resources development and capacity building projects that are tailored to each country’s needs. Group training opportunities are also offered in Japan, and efforts are made to strengthen ties and build regional networks, such as by working with Thailand and Indonesia on regional Technical Cooperation projects.

In Vietnam, JICA implemented a project to enhance the capacity of the Authority of Information Security (AIS) in the Ministry of Information Communication (MIC) to mitigate cyberattacks both proactively and reactively. At the same time, in response to the digitalization of society, JICA supported the drafting of policies to protect children from online threats and helped raise cybersecurity awareness among citizens through the production of videos and pamphlets. In conjunction with this project, JICA is conducting a training program in Japan to bolster the capacity of the Ministry of Public Security to combat cybercrime and strengthen ties between Japanese and Vietnamese security authorities.

In Indonesia, JICA is implementing a cybersecurity project at the University of Indonesia, one of the country’s leading universities, to strengthen the development of cybersecurity professionals. The project seeks to develop open-source cybersecurity tools required by local entities. The outcomes are already being applied to develop human resources in collaboration with universities in other regional countries, such as Mongolia.

JICA is accelerating the development of cybersecurity professionals throughout the ASEAN region. Training and young adult cybersecurity workforce development programs are being expanded in cooperation with the AJCCBC, and 500 people are starting to receive training under these programs.

“The increasing digitalization of society will lead to new types of cyberattacks,” says Furukawa of the Office for STI and DX. “That means countermeasures—including those implemented through JICA’s cooperation—will also have to be updated on an ongoing basis. The most important thing is to build a foundation of resilience by developing the capacity to respond flexibly to emergencies and take appropriate countermeasures.”

Some developing countries, he adds, lack even the human and financial resources to fully take advantage of the assistance offered by a variety of countries and organizations. “I believe that one important role for JICA is to gain a good understanding of local needs and conditions and coordinate the support being offered to ensure that people get the help they require.”

Cybersecurity requires a broad array of measures. They include the formulation of national strategies, establishment of organizations to advance such strategies, development of legal systems, improvements in both public- and private-sector capacity and technology, and close collaboration with domestic and foreign organizations. Educational efforts targeting people of all ages are also essential. How to protect our lifestyles in an increasingly digitalized future is a daunting challenge humanity is now facing.