ASEAN is stepping up efforts to address cybersecurity issues as it is increasingly becoming important. Cybersecurity advocacy in Asean is largely fronted by Singapore through initiatives such as the inaugural Asean ministerial meeting on cybersecurity and Asean Cybersecurity Capacity Programme, which ultimately moved Asean to adopt the Asean Cybersecurity Cooperation Strategy last year.
This year, the Asean Leaders’ Statement, Asean Smart Cities Network and Asean Leaders’ Vision for a Resilient and Innovative Asean were released during the recent 32nd Asean Summit in Singapore.
The documents spelled out Asean’s commitment to cybersecurity and urged its members to adopt the digital world despite the economic, social, political and cultural differences.
Ultimately, policymakers have to explore how regional activities could increase safety in the cyberenvironment while promoting trust and building confidence rather than utilising cyberspace to chart strategic manoeuvres for influence.
Based on the statements made, several observations can be drawn.
FIRST, uneven spread of development in cybersecurity across the region will impact the mechanisms of Asean policymaking efforts. Admittedly, each member state is progressing at a different pace and posture, based on their capacity and priorities.
However, recent developments in Asean can address its disparate cyberscape. For instance, the Leaders’ Statement tasking the ministers with identifying voluntary and practical norms, with reference to the 2015 UN Group of Governmental Experts, will allow opportunities for member states to formulate or review their national cybersecurity strategies. This can serve as a platform for Asean to set norms and cyberbehaviour in the region, instead of allowing norms to be determined in a sphere outside of Asean.
Dialogues on cybersecurity strategies could provide a base for member states to formulate rules of engagement in the cyber-domain.
Furthermore, the Asean Cybersecurity Capacity Programme could be expanded to aid less-developed states within the region, ensuring they are adequately equipped to tackle challenges in cyberspace.
Current programmes include training modules and discussions, which can be amplified to building minor cyber-related infrastructure. Other developed states in Asean should also contribute to maturing cyberspace in the region.
SECOND, an inclusive approach that involves relevant stakeholders in the discussions and exchanges should be encouraged. It is imperative for technical skills to be applied in policymaking efforts. Seating the stakeholders around the same table will facilitate a common lexicon and policy directions.
The discussion and exchanges should include both governmental and non-governmental levels to approach complex challenges in cyberspace.
For developing Asean countries with an emerging cyber- landscape, incorporating nongovernmental sector perspectives into government policy would expedite harmonisation of governmental and non-governmental efforts.
Take the Asean Regional Forum (ARF). It has been identified as a platform for discussions on cybernorms and cooperation in cyberspace. The ARF Inter-sessional Meeting on ICT Security was established last year, chiefly to discuss the possibilities of further cooperation in the context of cyberspace.
Similarly, during the Council for Security Cooperation in the Asia-Pacific (CSCAP) 49th Steering Committee Meeting in Kuala Lumpur in May this year, the member committees considered revisiting discussions on cybersecurity.
The discussions served as a continuation of the CSCAP Workshop on Cybersecurity held in Semarang, Indonesia, a year ago which was attended by experts of various backgrounds.
Policy-relevant academic research that provides independent analysis on concrete questions could further the discussions, while potentially developing a framework. In addition, this could avoid any duplication of outcome and dissuade any practice that is conditioned and limited by silos.
However, the Leaders’ Statement does not address the role of the private sector in the cyber- domain. The sector has a burgeoning role in cyberspace and should be included in discussions.
The ever-evolving nature of cyberdomain requires continuous dialogues with multiple stakeholders in various levels to keep the discussions stimulating and refreshing.
FINALLY, a robust Asean would ensure that the regions’ perspectives and interests on cybersecurity are well represented. The maturing regional cyberlandscape will enhance the sophistication of dialogues, leading to a digitally robust Asean.
Therefore, Asean needs to seize opportunities and improve cooperation, either within or without, in its unceasing endeavor to reach cyber-stability in the region.
This article first appeared in The New Straits Times on 15 June 2018