Across Asia, the same digital networks that support military command systems also run ports, power grids, stock exchanges, hospitals and telecom platforms. This convergence has erased the traditional boundary between civilian and military domains. National infrastructure is no longer adjacent to conflict. It is embedded within it.
Cyber operations rarely remain confined to military targets. An intrusion aimed at disrupting defence logistics may transit private telecom networks or cloud systems. Poorly segmented networks can allow limited actions to cascade into civilian outages.
Even defensive monitoring raises legal and political concerns when civilian data is involved. In highly connected Asian societies, disruption can spread quickly and visibly, amplifying economic and social consequences.
The regional context sharpens these risks. Asia hosts major manufacturing hubs, financial centres, maritime chokepoints and energy corridors. It is also marked by unresolved territorial disputes and persistent grey-zone competition.
Cyber operations provide a means of applying pressure without crossing conventional military thresholds. However, because civilian and military systems are intertwined, the margin for miscalculation is narrow.
Escalation may occur through infrastructure disruption rather than battlefield engagement.
Ownership structures complicate crisis response. Much of Asia’s critical digital infrastructure is operated by private firms or state-owned enterprises, not defence ministries. Militaries depend on networks they do not control. During incidents, ambiguity over authority can delay decisions. Questions of liability and accountability further weaken deterrence and resilience.
Legal and doctrinal clarity varies across the region. Some states have established dedicated cyber commands with defined mandates. Others retain fragmented structures.
Rules governing operations that may affect civilian systems are often underdeveloped or classified. This uncertainty benefits adversaries who probe incrementally below the threshold of open conflict.
Civil-military coordination is therefore a strategic necessity. Effective defence requires institutionalised information sharing among armed forces, regulators and private operators.
Trust barriers persist, as companies fear regulatory penalties and reputational harm, while militaries guard sensitive capabilities. Without structured mechanisms, responses remain fragmented.
Resilience offers a pragmatic approach. Segmentation, redundancy and rapid recovery capabilities reduce cascading effects. Clear chains of responsibility during cyber incidents enable faster decisions and limit political fallout.
For Asian states, strengthening internal governance and infrastructure design may prove more decisive than relying solely on external norms, which remain weakly enforced.
This guest post was written by Kiran S Pillai, Founder of Vastuta Think Tank based in India.
