Regional Cybersecurity: Moving Toward a Resilient ASEAN Cybersecurity Regime

EXECUTIVE SUMMARY

This article describes the predominant cybersecurity issues confronting the Association of Southeast Asian Nations (ASEAN) and outlines policy options to create a more resilient cybersecurity regime across this region.

Main argument

Although the importance of the ASEAN region for global cybersecurity is growing, few analyses have examined the extent of regional-level efforts to counter cross-border cyber-related incidents or addressed whether more might be done to complement national measures and facilitate international cooperation. To date, national and regional efforts to adopt comprehensive cybersecurity strategies have been slow and fragmented, reducing the security of the ASEAN region and undermining the proper functioning of markets. This article envisages greater collaboration on cyber-related challenges among ASEAN members through the adoption of new structures and novel ways of thinking that complement national initiatives and international efforts, especially in light of the creation of the ASEAN Community in 2015.

Policy implications

• • The digital divide is narrowing, and the absolute number of Internet users in developing countries is now largely greater than that in developed countries. Less digitally developed countries can apply lessons from other states’ experiences. Varying levels of development and adoption of information and communications technology across ASEAN should not deter cooperation.

• • Because of regional sensitivities concerning national security, cybersecurity measures supporting the aims of the ASEAN Economic and Socio-Cultural Communities are more likely to be achieved in the shorter term. Comprehensive measures would be in the shared interest of ASEAN members, benefit wider Asia-Pacific initiatives, and complement future international cooperation. Specifically, they would support the establishment of a single market and production base, bolster connectivity, and strategically enhance ASEAN’s position in the regional architecture.

• • ASEAN members should develop a flexible framework to coordinate regional cooperation and further strengthen relations with dialogue partners, the international community, and the private sector on cybersecurity. Measures for consideration include a permanent coordinating mechanism, improved computer emergency response team cooperation among ASEAN members, additional training and capacity building, efforts to secure the supply chain, and deeper defense cooperation.

A number of international and regional organizations, bodies, and forums are working on cybersecurity issues.¹ Given that international cooperation is to some extent required to deal effectively with the cross-border nature of cyber-related threats, this article examines efforts in the Association of Southeast Asian Nations (ASEAN) region to counter these challenges. To date, national and regional efforts to adopt comprehensive cybersecurity strategies have been slow and fragmented. Similarly, the efforts of the ten ASEAN member states to adopt both national and comprehensive regional frameworks for cybersecurity have so far been piecemeal.² Because governments and institutions will be required to foresee emerging trends and adapt quickly to new realities in order to preempt cyber incidents, this article envisages greater cooperation on cybersecurity among ASEAN and its members through the adoption of new structures and novel ways of thinking that complement national initiatives and international efforts. Further, regional cooperation efforts could encourage both collective security and the greater development of national cybersecurity measures.

Cyber-related threats are creating increasingly serious risks for the global economy as well as for national and international security. The European Union (EU), for example, considers cyber threats as having the potential to reduce stability and competitiveness,³ while the U.S. intelligence community’s worldwide threat assessment for 2013 ranks cyber threats first, ahead of terrorism, transnational organized crime, and the proliferation of WMDs.⁴ This marks the first time since September 11 that international terrorism does not rank first in the U.S. intelligence community’s assessment of global threats to national security.⁵

This article finds that the current lack of cohesiveness in ASEAN’s approach to cybersecurity detracts from regional security and undermines the proper functioning of a single market. Given the body’s goal to establish the ASEAN Community by 2015, cohesive efforts to comprehensively tackle cybersecurity issues are crucial and in the shared interests of ASEAN members. The article concludes that the digital divide between developed...