THE term “sovereignty” is used to describe an independent state, whereby a government’s legitimacy rests on its ability to keep the national interests above others. But in the digital age, with cyberspace operating as a borderless concept, the notion of “territory” is facing multiple challenges.
For example, while fibre optic cables and telco towers are legal entities, it’s harder for states to stake a claim on submarine cables buried in deep waters that are not in a particular jurisdiction, data in transmission or content managed by overseas platforms.
The sovereignty, national interests and digital clash is best exemplified in the European Union, which has taken the fight against the American and Chinese tech giants with legislation forcing them to tackle issues like cybersecurity, data abuse, artificial intelligence, 5G development and intellectual property.
In Malaysia, the jurisdiction and sovereignty nexus lie in the National Cybersecurity Policy launched in 2006. The policy was superseded by the National Cyber Security Strategy (NCSS), which
identified 11 critical national information infrastructures (CNII) covering, among others, defence and security, water, health services, emergency services, trade, industry and economy.
The strategy aims to deepen cybersecurity practices and broaden links between the wide array of agencies, ministries and operators involved in the protection of Malaysia’s CNII sectors.
Despite the policy being in place for almost 15 years, there are still “unfolding” sagas, like the recent repairs of submarine cables. The issue centred on granting exemptions to foreign vessels covered under the cabotage policy to undertake repairs. This laid bare the fact that legacy issues can impact on attempts to protect systems and users from cyber threats.
The strategic environment shaping a nation’s digital sovereignty can determine spaces for engagements. Issues, such as mitigating transnational threats, data governance, overdependence on foreign technology in critical areas and social media platforms domiciled overseas, require international engagements and collaborations. Geopolitics and major power rivalry can also impact on the strategic options and economic development.
To confront these challenges, the nation must produce a long-term foreign policy on cybersecurity.
The NCSS does outline a cyber security international engagement plan, taking into account economic development, principles of an open, stable and trusted cyberspace as well as promoting responsible state behaviour.
Foreign policy strategies and a flexible diplomatic toolbox should be part and parcel of preserving digital sovereignty. One can build a robust domestic system but there are still external threats. Without diplomatic approaches, there would not be a safe, secure and stable cyberspace.
One example we can emulate is the United Kingdom’s integrated review on security, defence, development and foreign policy. It charts a cross-governmental approach with the goals of sustaining strategic advantage through science and tech, shaping the international order of the future (open societies and economies), strengthening security and defence at home and overseas as well as building resilience at home and overseas. These would be anchored on engagements aimed at increasing capacities of global cyber practices and diplomats capable of tackling emerging tech issues.
The foreign policy approach requires Malaysia to prepare responses to cyberattacks. The EU, for instance, employs strategies like sanctions, diplomatic engagements, holding joint investigations, conducting political and cyber dialogues to extremes, such as recalling diplomats, enacting sanctions or pursuing countermeasures.
However, the first approach as identified in the NCSS is to strengthen practices, processes and legislature on the domestic front. With plans in the future to improve data protection mechanisms, introduce a new Cybersecurity Act and execute programmes to fulfil the NCSS’ 2020-2024 goals, Malaysia’s approach to digital sovereignty must now confront a fast-evolving threat landscape in cyberspace.
This article also appeared in New Straits Times on 29 April 2021.