ASEAN leaders issue statement on cybersecurity cooperation
On 27 April, on the occasion of the 32nd ASEAN Summit, leaders of the member states of the ASEAN issued a statement on cybersecurity cooperation, in recognition of the growing urgency and sophistication of transboundary cyber threats.
ASEAN’s shared vision for regional cyberspace
According to the statement, ASEAN leaders share the vision of a peaceful, secure and resilient regional cyberspace that serves as an enabler of economic progress, enhanced regional connectivity and betterment of living standards for all.
ASEAN leader are also cognisant of the pervasiveness of cyber threats that has long been considered an international problem, and of the urgency and increasing sophistication of the ever-evolving and transboundary cyber threats facing our region amidst widespread economic digitisation and the proliferation of Internet-connected devices across ASEAN.
While ASEAN recognises the cyber domain potentially represents an opportunity for significant regional economic and technological development and can also serve as a significant source of employment, it also recognises that cybersecurity is a cross-cutting issue that requires coordinated expertise from multiple stakeholders from across different domains to address effectively.
As such, this ASEAN leaders’ statement acknowledges that the promotion of international voluntary cyber norms of responsible state behaviour is important for cultivating trust and confidence and the eventual development of a rules-based cyberspace.
The 10 countries also reaffirmed that international law, and in particular the Charter of the United Nations, is applicable and essential to maintaining peace and stability and promoting an open, secure, stable, accessible and peaceful Information and Communications Technology (ICT) environment.
At the same time, they also affirmed the need for ASEAN to speak with a united voice at international discussions aimed at developing international policy and capacity building frameworks with regard to cyber security so as to more effectively advance regional interests at such discussions.
ASEAN’s effort in cybersecurity cooperation
Cybersecurity has been a key area of focus for ASEAN. The regional body has been fostering greater regional cybersecurity cooperation and capacity building, including law enforcement training on cybersecurity and cybercrimes through efforts such as the ASEAN Ministerial Meeting on Transnational Crime (AMMTC), ASEAN Telecommunications and Information Technology Ministers’ Meeting (TELMIN), ASEAN Ministerial Conference on Cybersecurity (AMCC), ASEAN Cyber Capacity Programme, ASEAN Regional Forum (ARF) Inter-Sessional Meeting on ICT Security and the ASEAN Defence Ministers’ Meeting (ADMM)-Plus Experts’ Working Group Meeting on Cyber Security.
The statement noted the outcomes of discussions in various ASEAN sectoral fora that have called for greater regional cooperation in cybersecurity policy development, diplomacy, cooperation and capacity building. However, it also emphasised the need to synergise relevant undertakings across ASEAN Sectoral Bodies and Pillars to avoid duplication of efforts, while ensuring that existing and future initiatives on cyber security are coordinated and streamlined.
Closer cooperation and coordination
Moving forward, ASEAN leaders agreed to reaffirm the need to build closer cooperation and coordination among ASEAN Member States on cybersecurity policy development and capacity building initiatives, including through the ASEAN Cyber Capacity Programme, the AMCC and the ASEAN-Japan Cybersecurity Capacity Building Centre, towards the promotion of voluntary and non-binding cyber norms, as well as the development of a peaceful, secure and resilient rules-based cyberspace that will contribute to continued economic progress, enhanced regional connectivity within and improved living standards across ASEAN.
ASEAN leaders are recognised the need for all member states to implement practical confidence-building measures and adopt a set of common, voluntary and nonbinding norms of responsible State behaviour in cyberspace so as to enhance trust and confidence in the use of cyberspace to its full potential to bring about greater regional economic prosperity and integration.
They also recognised the value of enhanced dialogue and cooperation on cybersecurity issues with Dialogue Partners and other External Parties, and in other ASEAN-led platforms, including the ARF and the ADMM-Plus.
The statement will see relevant ministers of the ASEAN to closely consider and submit recommendations on feasible options of coordinating cybersecurity policy, diplomacy, cooperation, technical and capacity building efforts among various platforms of the three pillars of ASEAN, so that ASEAN’s efforts are focused, effective, and coordinated holistically on this important cross-cutting issue.
The relevant ministers from ASEAN will also make progress on: (1) discussions by ASEAN ICT and Cybersecurity Ministers at the AMCC, TELMIN, as well as other relevant sectoral bodies such as the AMMTC, to identify a concrete list of voluntary, practical norms of state behaviour in cyberspace that ASEAN can work towards adopting and implementing, and (2) to facilitate cross-border cooperation in addressing critical infrastructure vulnerabilities, as well as (3) to encourage capacity-building and cooperative measures to address the criminal or terrorist use of cyberspace , taking reference from the voluntary norms recommended in the 2015 Report of the United Nations Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security (UNGGE).
As reported earlier, cybersecurity is a key area of focus for ASEAN. Last year, Singapore’s Foreign Minister Dr Vivian Balakrishnan has emphasised that ASEAN countries “need to step up, and to step up urgently, collaboration on cybersecurity, because you can’t have a smarter world, you can’t have e-commerce, you can’t have seamless digital transactions if you don’t have cybersecurity. It’s the flip side of the coin.”
At the 2nd ASEAN Ministerial Conference on Cybersecurity, it was revealed that Singapore will set aside S$1.5 million of the ASEAN Cyber Capacity Programme (ACCP) to build technical capability among incident responders and operators in the ASEAN region.
The S$10 million ACCP was announced at the Opening Ceremony of the inaugural ASEAN Ministerial Conference on Cybersecurity during the first Singapore International Cyber Week in 2016. Through a modular, multi-stakeholder and multi-disciplinary approach, the ACCP seeks to develop technical, policy and strategy-building capabilities within ASEAN Member States through workshops, seminars and conferences organised, in collaboration with partners such as Government agencies, industry players and Non-Governmental Organisations (NGOs), including the US Department of State, the MITRE Corporation, Cyber Law International and the ICT4Peace Foundation.
At the same conference, ASEAN Member States expressed their support for the development of basic, operational and voluntary norms of behaviour to guide the use of ICTs in a responsible manner, in line with the 2015 Report of the UN Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security.
The Sydney Declaration at the inaugural ASEAN-Australia Summit also includes a commitment to deepening cooperation on cyber security.