The Indo-Pacific is no longer just a maritime chessboard for great powers—it has evolved into a digital battlefield where invisible threats define the new balance of power. In Southeast Asia, countries find themselves at the crossroads of a new “Cold War” between China and the United States, not through traditional military posturing, but via relentless cyber espionage campaigns. From hacking critical infrastructure to manipulating information flows and public opinion, cyber intelligence has quietly become the most decisive, yet least visible, weapon shaping regional security. As digital dependence deepens, Southeast Asia must navigate this silent war carefully, balancing national sovereignty, regional diplomacy, and technological resilience.
In recent years, cyberattacks in Southeast Asia have grown not only in frequency but also in sophistication. The 2018 SingHealth breach, which exposed personal data of 1.5 million Singaporeans, including the Prime Minister, marked a turning point for the region’s perception of cyber vulnerability. Similar threats targeted election commissions, defense ministries, and critical energy infrastructure across ASEAN, often leaving governments scrambling to respond. While many of these operations remain unattributed in the public domain, security analysts widely believe that both state-sponsored and proxy actors are testing the region’s digital defenses as part of a larger geopolitical contest.
The Rise of Cyber Espionage
Southeast Asia’s rapid digitalization—from smart cities to fintech and e-governance—has made it an attractive playground for cyber espionage. Rather than relying on conventional intelligence-gathering, external actors now exploit digital backdoors, manipulate supply chains, and deploy misinformation to undermine rivals quietly. For countries in the region, this is more than just a technological threat; it challenges national sovereignty, erodes public trust, and creates new vulnerabilities in an already complex security environment.
China, as one of the largest countries in the region, in recent years has initiated the Belt and Road Initiative (BRI) program, the main purpose of which is to restore the Silk Road program connecting China with Africa and Europe. Not only that, China is also developing the Digital Silk Road (DSR), which is part of the BRI, with the aim of expanding digital infrastructure in partner countries. DSR includes the construction of 5G networks, data centers, submarine cables, cloud computing, smart cities, digital payment systems, and surveillance technologies such as facial recognition and CCTV. Chinese firms like Huawei and Alibaba, which supply hardware, software, and digital services to nations in Asia, Africa, Europe, and Latin America, are undoubtedly involved in these schemes.
China emphasizes the importance of data sovereignty as part of its national strategy and technology exports. Among the most crucial is Data Localization where DSR partner countries are encouraged to store critical data domestically, often in data centers built and operated by Chinese companies. This makes it easier for the Chinese government to control and access data if needed. Not to mention access to data obtained from companies even abroad. The digital infrastructure built by China is often equipped with sophisticated surveillance systems, allowing for monitoring of communications, internet activity, and even facial recognition in public spaces. This strengthens the cyber intelligence capabilities of both partner countries and China itself. On the other hand, the benefits for China are enormous; if it succeeds in controlling the data path in partner countries, it will certainly affect China’s political leverage, both regionally and globally. It doesn’t stop there, this intelligence data collection can be used for China’s political interests in the region. Data control can also encourage China’s interests in data censorship matters that affect government control in partner countries.
On the other side of the political spectrum, the United States has different interests. For the US and its allies in the NATO and Five Eyes alliances, building mechanisms for sharing intelligence information, coordinating incident responses, and strengthening joint cyber defenses. This collaboration also includes early detection of threats, countering attacks, and developing security standards for critical infrastructure, such as energy, telecommunications, and transportation. The increase in cyber espionage incidents, even among allies, encourages the implementation of zero-trust policies and strengthening internal defense systems. The hope is that the alliances can monitor each other’s cyber activities that could threaten the country’s cybersecurity. The US is actively pushing for a security policy that is in line, including the prohibition of certain technologies that are considered to threaten national security or the alliance.
The US also has problems with several Chinese companies in the technology sector, such as Huawei and TikTok. The problems with Huawei include concerns that the 5G infrastructure being built will increase the Chinese government’s espionage of sensitive data. Meanwhile, with TikTok, there is the potential for the Chinese government to access and collect information on user data and the possibility of using it for intelligence operations related to psychological operations. The impact of the ban on the US is to strengthen allied control over telecommunications networks, reduce the risk of strategic data leaks, and limit opportunities for intelligence collection by China. Protecting allied infrastructure and banning technologies such as Huawei and TikTok are part of the US and allied cyber intelligence strategy to reduce the risk of espionage, strengthen cyber defenses, and maintain data sovereignty and national security. These steps also reflect new geopolitical dynamics where technology is a key instrument in competition and protection of strategic interests.
At the same time, the United States emphasizes cyber defense cooperation with allies and regional partners, pushing for stricter controls on Chinese technology companies and promoting alternative secure networks. Other actors, such as Russia and North Korea, have also shown
interest in Southeast Asia, often exploiting the region’s diverse cybersecurity standards to conduct financially motivated or politically disruptive operations. Meanwhile, ASEAN member states frequently find themselves caught in the middle—forced to navigate competing offers of cybersecurity support while preserving strategic autonomy and regional stability.
Implications for National Security
For Southeast Asian nations, cyber intelligence is not merely a technical issue but a matter of national resilience. Cyber intrusions can compromise critical infrastructure, disrupt financial systems, and undermine democratic institutions. The use of information operations to shape public perception or influence elections has also become increasingly prevalent, threatening the social fabric and political legitimacy of many countries in the region.
Indonesia, for example, as a digital giant in the region, faces mounting challenges balancing its open internet ecosystem with the need to protect sensitive national data. Malaysia and the Philippines, with their geopolitical exposure in the South China Sea, are equally vulnerable to sophisticated cyber surveillance campaigns aimed at influencing maritime and defense policies. The blurred lines between cyber espionage and cyber warfare complicate how governments define and respond to threats. Unlike traditional attacks, which are visible and often attributable, cyber operations are deniable and can unfold over months or even years before detection. This ambiguity makes it harder to invoke collective defense mechanisms or build international consensus for countermeasures.
Furthermore, cyber threats can exacerbate existing social tensions by spreading disinformation or inflaming identity-based conflicts. In multiethnic, multi-religious societies common in Southeast Asia, these tactics pose grave risks to societal cohesion. States must therefore approach cybersecurity not only as a technical challenge but also as an integrated component of national security policy, encompassing social stability, economic resilience, and public trust.
Indonesia’s Perspective
As the largest economy and most populous country in Southeast Asia, Indonesia occupies a pivotal position in this new cyber landscape. Indonesia’s growing digital economy—from e-commerce to e-government—increases its exposure to cyber risks, while its political importance makes it a prime target for espionage.
Indonesia has taken steps to strengthen its cyber defenses through the establishment of the National Cyber and Crypto Agency (BSSN) and by introducing various data protection regulations. However, challenges remain. The country’s vast geography, uneven digital literacy, and fragmented infrastructure make comprehensive cybersecurity enforcement difficult. Indonesia also needs to further strengthen public and institutional awareness around data security; several recent data breach incidents have revealed not only technical vulnerabilities but also the need for a stronger, more consistent governmental commitment to comprehensive data protection. The fragility of data security also indirectly affects social stability, which is increasingly shaped by various technologies and platforms such as TikTok, X (formerly Twitter), and Instagram.
Beyond domestic policy, Indonesia has the potential to serve as a regional leader in shaping ASEAN’s collective cyber resilience. By championing multilateral frameworks and confidence-building measures, Indonesia can help prevent Southeast Asia from becoming merely a digital proxy battleground for great power rivalries.
Way Forward
To navigate this silent war, Southeast Asian countries need to prioritize a multi-layered approach: strengthening domestic cybersecurity capabilities, investing in public education to build digital resilience, and enhancing regional cooperation.
ASEAN already has frameworks like the ASEAN Cybersecurity Cooperation Strategy and regular CERT-to-CERT collaborations. However, these initiatives often lack binding commitments and sufficient funding. Transforming them into more actionable, enforceable mechanisms is critical for real regional security. At the same time, trust-building with major external actors—including China, the United States, and other dialogue partners—remains essential. Transparent dialogue, clear red lines, and cooperative incident response protocols can reduce miscalculations and unintended escalation.
Ultimately, cybersecurity has become the new front line in Southeast Asia’s security landscape. Countries that fail to adapt risk losing not only strategic autonomy but also public confidence and economic stability. The region’s ability to protect its digital sovereignty will shape its place in the emerging global order. In an era where digital dominance increasingly defines geopolitical strength, Southeast Asia’s capacity to secure its cyber domain may ultimately determine its sovereignty and strategic relevance on the global stage.
