Anastasius Gavras
Eurescom GmbH

Digital Partnership on Cybersecurity in Indo-Pacific region

The Indo-Pacific region stands at the forefront of global digital transformation, where rapid technological progress intersects with increasing cybersecurity challenges. As nations expand their digital economies, ensuring secure, resilient, and trusted digital infrastructures becomes a shared strategic priority. In this context, the INPACE project (Indo-Pacific Cooperation for Digital Partnership)—in which Eurescom actively participates—plays a crucial role in fostering cooperation, dialogue, and knowledge exchange between the European Union and Indo-Pacific partner countries. The project aims to strengthen mutual understanding of cybersecurity policies, governance models, and capacity-building initiatives, thereby supporting the broader goals of the EU’s Digital Partnership strategy.

This article contributes to the objectives of the INPACE project by examining the emerging cybersecurity architectures of key Digital Partnership countries in the Indo-Pacific region—namely India, Japan, South Korea, and Singapore. These countries have developed comprehensive frameworks to safeguard critical information infrastructure, promote public–private collaboration, and enhance cyber resilience through policy, regulation, and innovation.

Emerging Cybersecurity Architecture in India

India’s cybersecurity architecture is designed to address the growing cyber threats and ensure the security of its digital infrastructure. India’s cybersecurity architecture is continuously evolving to address emerging threats and enhance the resilience of its digital infrastructure. The main components of India’s cybersecurity architecture are:

National Cyber Security Policy (NCSP): Launched in 2013, the NCSP protects information and infrastructure, build capabilities to prevent and respond to cyber threats, and reduce vulnerabilities. NCSP is a building block of the Cybersecurity group of the Ministry of Electronics and Information Technology (MeitY) of the government of India.

Indian Computer Emergency Response Team (CERT-In): The national agency responsible for responding to cybersecurity incidents, providing alerts and advisories, and coordinating efforts to mitigate cyber threats.

National Critical Information Infrastructure Protection Centre (NCIIPC): Focuses on protecting critical information infrastructure in sectors like energy, banking, telecom, and transportation.

Cyber Swachta Kendra: A botnet cleaning and malware analysis centre that provides tools and resources to detect and remove malicious software. It is part of the Government of India’s Digital India initiative under MeitY. It was set-up and operates in accordance with the objectives of NCSP.

Data Protection Framework: The Digital Personal Data Protection (DPDP) Act 2023 for Citizens and Businesses aims to regulate the processing of personal data and ensure the privacy of individuals. The DPDP Act proposes to grant individuals certain rights, such as the right to have their personal data processed only with their consent, and includes provisions for measures to safeguard their data.

Cybersecurity Awareness Programs: Initiatives like Cyber Surakshit Bharat aim to raise awareness and build capacity in cybersecurity across various sectors.

India’s cybersecurity architecture derives from the Digital India program, a campaign launched by the government of India to make its services available to citizens electronically via improved online infrastructure and by increasing Internet connectivity. The initiative includes plans to connect rural areas with high-speed internet networks. It consists of three core components: the development of secure and stable digital infrastructure, delivering government services digitally, and universal digital literacy. Further notable initiatives are:

Smart Cities Mission, which integrates cybersecurity measures into the development of smart cities to ensure the safety and security of digital infrastructure.

National Cyber Coordination Centre (NCCC), which monitors cyber threats and coordinates responses to protect national security. It serves as an e-surveillance and cybersecurity agency, monitoring communication metadata and coordinating intelligence gathering to fend off cyber threats.

Indian Cyber Crime Coordination Centre (I4C), which is a government initiative to deal with cybercrime in India, in a coordinated and effective manner. It provides a framework and ecosystem for law enforcement agencies. The I4C has several components, including the National Cyber Crime Threat Analytics Unit, National Cyber Crime Reporting Portal, and National Cyber Crime Training Centre.

India has several publicly funded research, development, and innovation programs focused on cybersecurity. The main programmes are:

National Cyber Security Programme: This programme aims to enhance the cybersecurity capabilities of the country by funding research and development projects in various areas of cybersecurity.

Cyber Security Research and Development (R&D) Scheme: Managed by MeitY, this scheme supports R&D projects in cybersecurity to develop indigenous solutions and technologies.

The Information Security Education and Awareness (ISEA) programme focuses on creating awareness about cybersecurity and developing skilled professionals through education and training programs.

NextGen Cyber Security Research Group: Hosted by the Indian Institute of Information Technology, this group focuses on advancing cybersecurity through research, innovation, and development.

Chevening India Cyber Security Fellowship: Funded by the UK Foreign, Commonwealth, and Development Office, this fellowship aims to develop leadership potential in cybersecurity among mid-career professionals in India.

Emerging Cybersecurity Architecture in Japan

Japan has a robust cybersecurity architecture designed to protect its digital infrastructure and enhance its cyber resilience.

Cybersecurity Strategy: Japan’s Cybersecurity Strategy outlines the country’s basic position on cybersecurity policy, its objectives, and implementation plans for three years. The current strategy was issued in September 2021. The main components of Japan’s cybersecurity architecture are:

National centre of Incident readiness and Strategy for Cybersecurity (NISC): Established in 2015, NISC coordinates cybersecurity policy and strategy across government entities and promotes partnerships between industry, academia, and the public sector. NISC coordinates cybersecurity policy by formulating:

• Cybersecurity Strategy

• Cybersecurity Policy for Critical Infrastructure Protection

• Common Standard on Information Security Measures of Government Entities

• Cybersecurity Human Resource Development Plan

• Cybersecurity Research and Development Strategy etc.

NISC takes a role of a governmental CERT. NISC and JPCERT/CC, as a CERT covering private entities, work together as a national CERT.

The Japan Computer Emergency Response Team Coordination Centre (JPCERT/CC) is Japan’s Computer Security Incident Response Team, established in 1996. It acts as a coordination centre for cybersecurity incidents, working with network service providers, security vendors, government agencies, and industry associations. JPCERT/CC is a member of the Forum of Incident Response and Security Teams (FIRST) and helped form the Asia Pacific Computer Emergency Response Team (APCERT), providing a secretariat function for APCERT.

Cybersecurity Strategic Headquarter is a body formed under the Cabinet in 2014, and oversees the implementation of cybersecurity policies and strategies. It is headed by the Chief Cabinet Secretary and includes relevant ministers and experts.

A notable publicly funded research, development, and innovation initiative is the Cybersecurity Research Institute (CSRI), which is part of the National Institute of Information and Communications Technology (NICT). CSRI promotes R&D in cybersecurity technologies to protect society from sophisticated cyber-attacks. It includes the Cybersecurity Laboratory, Security Fundamentals Laboratory, and National Cyber Training Centre.

Emerging Cybersecurity Architecture in South Korea

The cybersecurity architecture of South Korea is designed to protect its digital infrastructure and enhance its cyber resilience. The main components of its cybersecurity architecture are:

National Cyber Security Strategy: South Korea’s National Cyber Security Strategy outlines the country’s vision, goals, and strategic tasks for cybersecurity. The latest strategy was updated in 2024.

National Cybersecurity Basic Plan: This plan includes specific implementation measures to achieve the objectives of the National Cyber Security Strategy. It involves multiple government ministries and organizations jointly developed by the National Intelligence Service, Ministry of Foreign Affairs, Ministry of Defence, Ministry of Science and ICT, Supreme Prosecutors’ Office, and Police.

Korea Internet & Security Agency (KISA): KISA is responsible for promoting internet security and managing cybersecurity incidents. It provides support to both public and private sectors. KISA is responsible for the allocation and maintenance of South Korea’s IPv4/IPv6 address space, Autonomous System Numbers, and the .kr country code top-level domain (ccTLD). It operates the Korea Computer Emergency Response Team Coordination Center (KrCERT/CC) and facilitates international cooperation on cybersecurity. Recently KISA identified generative AI as a key cybersecurity issue and is working on establishing security standards and guidelines to address related threats. Finally, KISA has implemented an IoT security certification system.

National Intelligence Service (NIS) is South Korea’s chief intelligence agency, responsible for both domestic and international intelligence activities: The NIS functions include national cybersecurity related responsibilities focusing on protecting critical infrastructure and responding to cyber threats.

Cyber Command: Established under the Ministry of National Defence, Cyber Command is responsible for defending military networks and responding to cyber threats targeting national security. Among others it can launch offensive cyber operations to neutralise threats.

Finally, South Korea has launched initiatives to raise public awareness and educate citizens about cybersecurity best practices, programs to develop skilled cybersecurity professionals through education and training and invests heavily in R&D to advance cybersecurity technologies and solutions.

South Korea has several publicly funded research, development, and innovation programmes focused on cybersecurity, such as:

Cyber Security Research Centre (CSEC): Established by Soongsil University, CSEC conducts innovative research projects in cyberspace security and defence. It is funded by the Global Research Laboratory (GRL) programme and the ICT Basic Research Laboratory (BRL) programme, both supervised by the National Research Foundation of Korea (NRF).

National Cyber Security R&D Program: Managed by the Ministry of Science and ICT, this programme supports research and development in various areas of cybersecurity to enhance national security and technological capabilities.

Emerging Cybersecurity Architecture in Singapore

Singapore has a well-structured cybersecurity architecture designed to protect its digital infrastructure and enhance its cyber resilience. The key components of Singapore’s cybersecurity architecture are:

Singapore Cybersecurity Strategy: Launched in 2016 and updated in 2021, this strategy outlines the country’s approach to building a resilient and trusted cyber environment. It focuses on strengthening the resilience of critical information infrastructure, mobilizing businesses and the community, developing a vibrant cybersecurity ecosystem, and enhancing international partnerships.

Cyber Security Agency of Singapore (CSA): Established in 2015, the CSA is the national agency overseeing cybersecurity strategy, operations, education, outreach, and ecosystem development.

The Government Cybersecurity Operations Centre (GCSOC) is an integrated initiative that aims to upgrade the government’s monitoring and detection technologies, automate and augment cyber threat detection and response as well as develop capabilities to proactively hunt for sophisticated threats.

Government Zero Trust Architecture (GovZTA): This framework provides a comprehensive approach to implementing Zero Trust principles across government agencies, ensuring that no user, application, or device is trusted by default.

Singapore has several publicly funded research, development, and innovation programmes focused on cybersecurity, such as:

Singapore Cybersecurity Consortium (SGCSC): Anchored at the National University of Singapore (NUS)and supported by the National Research Foundation (NRF), this consortium promotes use-inspired research, technology translation, manpower training, and technology awareness in cybersecurity.

CyberSG R&D Programme Office: Established by the Cyber Security Agency of Singapore (CSA) at Nanyang Technological University (NTU), this office aims to position Singapore as a global leader in cybersecurity R&D. It receives funding under the RIE2025 NCRP Funding Initiative.

Conclusion

Overall, in all the above countries, the implementation of the strategy relies on collaboration between the public and private sectors to enhance cybersecurity capabilities, tackle cybersecurity challenges, including workforce shortages, information sharing, and incident response.

Furthermore, they actively participate in international cybersecurity efforts, collaborating with other countries and organizations to address global cyber threats.

Further information
• INPACE website: https://inpacehub.eu/