ASEAN to Focus on Cybersecurity Capacity- and Confidence-Building in 2017

The inaugural ASEAN Ministerial Conference on Cybersecurity took place on 11 October 2016 during the Singapore International Cyber Week, bringing together ministers and senior officials of all 10 ASEAN member states. No official declaration was issued at the conference; however, in his opening speech, Dr. Yaacob Ibrahim, the Singaporean Minister for Communications and Information and Minister-in-Charge of Cybersecurity, emphasised the importance of ASEAN cyber capacity-building, securing a safer common cyberspace, and facilitating exchanges on cyber norms.

Cyber capacity-building

The Minister highlighted the role of the ASEAN Regional Forum as a ‘useful dialogue platform on confidence-building measures’. He noted the US-Singapore cybersecurity capacity-building workshop for ASEAN countries held in August 2016. The 11th annual ASEAN CERT Incident Drill, pitting the Asia Pacific Computer Emergency Response Team and ASEAN national CERT teams against each other, was also mentioned.

Looking ahead, the ASEAN Cyber Capacity Programme is to be launched by Singapore in April 2017, and will be funded by a total of 10 million SGD (approximately 7.2 million USD) over the course of five years. The programme seeks to develop a wide range of technical, policy and strategy-building capabilities within ASEAN member states, and it will include workshops, seminars, and conferences organised in collaboration with Singapore’s other regional initiatives.

Safer common cyberspace

On the front of securing cyberspace, INTERPOL Global Complex for Innovation (IGCI), INTERPOL’s global headquarters to combat cybercrime, was inaugurated in Singapore in April 2015. It provides not only operational and investigative support, but also forensic research and training. Its establishment enhances the presence of INTERPOL in the region of Southeast Asia.

The CyberGreen project is a global initiative on cyber threat awareness, sponsored by Singapore, which should contribute to improving the level of cyber hygiene. It aims to provide statistics comparing countries according to the level of cyber threats originating there, based on criteria such as number of open recursive DNS, NTP, and SSDP devices, and the number of spam messages originating from that country.

Cyber norms

ASEAN member states have participated in the UN Group of Governmental Experts (Malaysia 2014-2015, Indonesia in the current group, 2016-2017). According to the Minister, developing regional cyber norms for cyberspace is an important project, and Singapore is ‘supportive of having basic rules for behaviour in cyberspace’, while noting that the ‘unique ASEAN context and cultures’ and ‘own regional understanding of cyber norms’ are important in the process. In combination with the Minister’s reference to ASEAN Dialogue Partners (which include China and Russia) and the ASEAN member states’ prevailing approach to state control of cyberspace, this is a clear indication that ASEAN has its own distinct opinion on the matter.

An earlier development: Experts’ Working Group on Cybersecurity

Earlier this year, the defence chiefs of ASEAN convened in Vientiane, Laos, for the 10th ASEAN Defence Ministers’ Meeting (ADMM). According to the ADMM Joint Declaration of 25 May 2016, they adopted a concept paper based on a proposal by the Philippines to establish an experts’ working group (EWG) on cybersecurity within the ASEAN Defence Ministers’ Meeting Plus (ADMM-Plus). The ADMM-Plus consists of the 10 ASEAN countries, plus Australia, China, India, Japan, New Zealand, Russia, South Korea, and the United States. The new experts’ working group will be co-chaired by New Zealand and the Philippines.

A way ahead

These developments show that ASEAN is well aware of the importance of cybersecurity from both the economic and national security perspectives, and it is focusing on capacity-building, incident response and information exchange among its member states. ASEAN is to make cybersecurity one of its focus areas and, in particular, Singapore is trying to take the lead and profile itself as the cybersecurity hub in Southeast Asia. These efforts may seem ambitious, but they are in fact very rational, considering the strategic and economic significance of ASEAN, which is moving towards further integration as an economic community and thus becoming the third largest economy in Asia.

At the same time, ASEAN is trying to act as a platform for confidence-building and norms development, especially in the extended format of ADMM-Plus. Even though the interests of such a diverse group necessarily collide, as can be seen in the tensions in the South China Sea, it is an effort comparable to the activities of the UN Group of Governmental Experts or the OSCE Confidence Building Measures process, but with a regional twist. All participating ASEAN member states, except the Philippines, signed the International Telecommunication Regulations at WCIT 2012. This indicates that their views on state control over cyberspace differ from those of most Western democracies; it remains to be seen in which direction these views will develop in the future.

Tomáš Minárik

This publication does not necessarily reflect the policy or the opinion of the NATO Cooperative Cyber Defence Centre of Excellence (the Centre) or NATO. The Centre may not be held responsible for any loss or harm arising from the use of information contained in this publication and is not responsible for the content of the external sources, including external websites referenced in this publication.