June 24, 2025
Cyber Crossroads in the Indo-Pacific
Navigating Digital Potential and Cyber Peril
Executive Summary
The Indo-Pacific faces a cyber crossroads. Down one path lies deeper military, intelligence, and economic ties between Washington and its key allies and partners in this strategically vital region. Down another, rising cyber threats from the People’s Republic of China (PRC), North Korea, Russia, and a growing shadow industry of cybercriminals and hacktivists derail these ambitions by compromising critical infrastructure, weakening data security, and undermining democratic institutions. The outcome will depend on the choices Washington and its Indo-Pacific partners make—or fail to make—in the coming years.
The U.S.-China rivalry has long extended to the cyber domain, but in recent years, Beijing has increasingly exploited the gray zone of cyberspace to test, probe, and push other nations as part of a broader campaign to gain influence and shape regional norms and power structures.1 In recent years, the PRC has sharply escalated its cyber aggression in a dangerous new game that combines traditional operations focused on espionage, intellectual property theft, and data exfiltration with newly assertive disinformation, influence operations, and pre-positioning in critical infrastructure. Adding to the uncertainty, rapid advances in artificial intelligence (AI) could further tilt the balance toward offense in cyberspace in unpredictable and potentially dangerous ways.
Against this backdrop, Indo-Pacific governments have taken historic steps to strengthen their resilience in a cyber landscape that has grown more varied, volatile, and dangerous than ever.
To assess how Washington and its Indo-Pacific partners are navigating this cyber crossroads, the Center for a New American Security’s Technology and National Security Program and Indo-Pacific Security Program led a year-long research project that combined extensive desk research with in-person field research and expert workshops in Japan, South Korea, Taiwan, and the Philippines. This report draws on this research to offer in-depth assessments of the cyber landscapes in all four countries to identify key trends, challenges, and opportunities to strengthen cybersecurity and resilience in partnership with the United States.
The findings offer cause for both optimism and concern. On the one hand, Japan, South Korea, Taiwan, and the Philippines have all undergone notable shifts in elevating cybersecurity as foundational to national security. Japan’s 2022 National Security Strategy made cybersecurity a pillar for the first time, and the government has passed reforms to facilitate information sharing with the United States and shift toward active cyber defense.2 South Korea updated its National Cybersecurity Strategy to adopt a Defend Forward cyber posture, mirroring the U.S. shift in 2018.3 Taiwan established a National Institute of Cybersecurity within its Ministry of Digital Affairs, and the Executive Yuan approved a four-year plan to boost digital resilience.4 The Philippines finalized a five-year National Cybersecurity Plan.5
For its part, the United States has elevated cybersecurity in its foreign policy with expanded information sharing, capacity building, and diplomacy anchored in a new Bureau of Cyberspace and Digital Policy within the U.S. Department of State. Recent years have seen Washington both strengthen its proactive cyber capacities and embrace a “name and shame” approach to call out malign cyber operations from foreign adversaries like Russia and the PRC.
Still, these laudable efforts to bolster cyber policies, personnel, and partnerships have failed to keep pace with rising threats. Washington’s finger-wagging statements and targeted sanctions in the wake of cyber incidents have failed to stem rising threats. To confront growing cyber dangers across the Indo-Pacific, the United States and its partners need a more assertive and coordinated approach that intensifies efforts on two fronts: (1) building capacity within each country to strengthen cybersecurity and resilience, and (2) strengthening cooperation to enable more integrated, proactive cyber defense, collective signaling, and cost inflicting on malign cyber actors.
To that end, this report offers recommendations to government leaders in the United States, along with both country-specific and cross-cutting recommendations for government leaders in Japan, South Korea, Taiwan, and the Philippines. Although many of the recommendations directed toward the four countries could fairly apply to the United States, strengthening domestic cybersecurity and resilience is beyond the scope of this report.
Summary of Recommendations
For the United States:
- Launch a “Cyber Shield” for Indo-Pacific treaty allies to strengthen joint resolve, response, and resources to defend against malign state cyber actors.
- Significantly expand military cyber engagement and capacity building by the five component commands in the Indo-Pacific area of responsibility with priority regional allies and partners, for instance, through regular joint tabletop cyber exercises.
- Clarify legal and policy frameworks to facilitate expanded Hunt Forward and Defend Forward operations in the Indo-Pacific. In the four countries examined in this report, the legal basis for expanding proactive cyber defense operations remains ambiguous at best.
- Preserve and strengthen the State Department’s Bureau of Cyberspace and Digital Policy (CDP). CDP has been highly effective at elevating cybersecurity and digital issues in U.S. foreign policy, both with foreign partners and within the department itself. The Trump administration should strengthen the CDP by expanding the Cyber Capacity Building Fund, ensuring sufficient staff, designating CDP as the principal coordinator for all civilian cyber engagement and capacity building with allies and partners, and rationalizing cyber dialogues.
- Develop a unified strategy for promoting secure and resilient information and communications technology (ICT) infrastructure in the Indo-Pacific drawing on the full range of U.S. government tools.
- Pursue agreements to expand the Cyber Trust Mark with Indo-Pacific partners, mirroring the January 2024 agreement with the European Union.
- Encourage Japan’s participation in AUKUS Pillar II, which creates a framework for improved intelligence sharing and cyber cooperation.
- Scale joint military cybersecurity cooperation with Taiwan, including Hunt Forward operations, consistent with new authorities in the FY 2024 National Defense Authorization Act.
- Prioritize the provision of defense cybersecurity capabilities through the new Taiwan Security Cooperation Initiative, which authorizes the U.S. Department of Defense to provide up to $300 million in total assistance.
For Japan, South Korea, Taiwan, and the Philippines:
- Mandate adoption of cybersecurity best practices across government, such as multifactor authentication and prohibitions on the use of personal devices for official business.
- Prioritize cybersecurity in increased defense spending with investments to modernize legacy IT infrastructure, boost threat detection and offensive capabilities, and acquire cutting-edge AI and cloud-based cyber defenses.
- Deepen partnerships with local and foreign technology companies to benefit from broader threat data and best-in-class capabilities.
- Clarify legal and policy frameworks to allow forward-deployed teams from U.S. Cyber Command, enabling more Hunt Forward and Defend Forward operations.
- Designate a single point of entry to route intergovernmental cyber coordination.
- Develop an integrated strategy to counter malign foreign influence that combines intelligence, cyber, diplomatic, and economic tools to better identify, deter, disrupt, and respond to adversary influence operations.
- Establish clear and uniform skills and competencies for cybersecurity roles in government, aligning wherever possible with private sector certifications.
- Leverage AI tools to boost productivity of limited cybersecurity professionals.
- Develop a strategy to transition from compromised ICT hardware, software, and infrastructure from vendors linked to foreign adversaries.
- Encourage businesses to adopt Secure by Design and Secure by Default principles.
- Boost public awareness about the ties between escalating cyberattacks and national security.
Strengthening cybersecurity across the Indo-Pacific is a generational effort that will require sustained investment, prioritization, and partnership from leaders across both government and industry. None of this will be easy, but it is essential to realizing a future for the Indo-Pacific defined not by fears of digital vulnerability, but common aspirations for greater connectivity, collaboration, and partnership. That future remains up for grabs.
Download the Full Report
- Indo-Pacific Strategy of the United States (The White House, February 2022), https://bidenwhitehouse.archives.gov/wp-content/uploads/2022/02/U.S.-Indo-Pacific-Strategy.pdf. ↩
- National Security Strategy of Japan (Cabinet Secretariat, December 2022), https://www.cas.go.jp/jp/siryou/221216anzenhoshou/nss-e.pdf. ↩
- Republic of Korea National Cybersecurity Strategy (Republic of Korea Office of the President, Office of National Security, February 1, 2024), https://drive.google.com/file/d/1tFMCjggC2Q9_Du-ze-GoiAYBcu5Jw-Lo/view?usp=sharing. ↩
- Chung Li-hua and Jake Chung, “Digital Resilience Plan Advances,” Taipei Times, November 17, 2023, https://www.taipeitimes.com/News/front/archives/2023/11/17/2003809291. ↩
- National Cybersecurity Plan 2023-2028 (Republic of the Philippines Department of Information and Communications Technology, February 2024), https://cms-cdn.e.gov.ph/DICT/pdf/NCSP-2023-2028-FINAL-DICT.pdf. ↩
Authors
-
Vivek Chilukuri
Senior Fellow and Director, Technology and National Security Program
Vivek Chilukuri is the senior fellow and program director of the Technology and National Security Program at the Center for a New American Security (CNAS). His areas of focus ...
-
Lisa Curtis
Senior Fellow and Director, Indo-Pacific Security Program
Lisa Curtis is a senior fellow and director of the Indo-Pacific Security Program at the Center for a New American Security (CNAS). She is a foreign policy and national securit...
-
Janet Egan
Senior Fellow, Technology and National Security Program
Janet Egan is a senior fellow with the Technology and National Security Program at the Center for a New American Security (CNAS). Her research focuses on the national security...
-
Morgan Peirce
Research Assistant, Technology and National Security Program
Morgan Peirce is a research assistant for the Technology and National Security Program at the Center for a New American Security (CNAS), supporting the Center’s research on qu...
-
Elizabeth Whatcott
Former Research Assistant, Technology and National Security Program
Elizabeth Whatcott is a public policy coordinator at Meta and a former research assistant with the Technology and National Security Program at CNAS. Her work at CNAS included ...
-
Nathaniel Schochet
Former Program Administrator, Indo-Pacific Security Program
Nathaniel Schochet is a former Program Administrator for the Indo-Pacific Security Program at the Center for a New American Security (CNAS). He graduated in May 2020 from Hob...
More from CNAS
-
Securing America’s AI Future: Federal Research and Development Priorities
Commentary
On April 29, 2025, the White House Office of Science and Technology Policy (OSTP) issued a Request for Information on the Development of a 2025 National Artificial Intelligenc...
By Caleb Withers & Spencer Michaels
-
How China is Beating India in Its Own Backyard
Video
India and China are locked in a high-stakes struggle for influence in the Indian Ocean. Control over tiny islands could choke global trade and reshape regional power. Lisa Cur...
By Lisa Curtis
-
The U.S. and India–Pakistan Tensions with Lisa Curtis | The Ballpark Podcast
Podcast
To discuss the US’ part in brokering a ceasefire, and the US’ responses to disputes between India and Pakistan over the past three decades, in June 2025 the Phelan US Centre s...
By Lisa Curtis
-
Quad: The Next Phase
Reports
Executive Summary The Quadrilateral Security Dialogue (Quad) among the United States, Australia, India, and Japan is becoming the focal point for economic and technological co...
By Lisa Curtis, Kareen Hart, Ryan Claffey, Keerthi Martyn & Thomas Corel
