Kai Lin Tay
Source LinkSince 2016, ASEAN has made significant progress towards establishing a framework for unified declaratory approaches to cyber threats. Yet further work is needed before regional structures will be adequately robust to provide mutual assistance in a national cyber emergency. Such reform will become more urgent given the risks to regional critical information infrastructure posed by accelerating digitalisation, escalating cyber crime and deteriorating geopolitical circumstances. This report discusses how ASEAN might improve joint-response mechanisms through deeper political, technical and operational coordination, and suggests how it could adapt existing approaches to cyber-emergency response developed by the EU and the US.
Cyber threats in Southeast Asia have been increasing in quantity and sophistication for at least the last decade. This is driven by a number of factors, ranging from the rise in connectivity accelerated by the COVID-19 pandemic, greater adoption of advanced technologies such as artificial intelligence and cloud computing, and the growing status of the region as a cyber-espionage target due to its rising geopolitical significance.
This report seeks to provide an overview of the current state of cyber-security cooperation between countries of the Association of Southeast Asian Nations (ASEAN) and to address the issue of regional response to cyber emergencies in the Southeast Asian context. By examining cyber-emergency-response models in the European Union and the United States, the report identifies gaps in ASEAN’s current cyber-security-cooperation architecture and proposes key areas of development required in order to establish a cyber-emergency framework for the region. The report’s findings also support ASEAN’s long-term goal of implementing United Nations (UN)-recommended norms in the area of mutual assistance during a cyber attack.
There are high levels of cooperation among ASEAN member states on computer emergency response teams (CERTs) thanks to efforts made in the early 2000s to boost the region’s ICT sector. However, only in recent years has ASEAN moved towards formalising existing CERT cooperation. While cyber-security issues used to be treated under broader economic and political-security platforms, there are now dedicated platforms established to discuss cyber-security intra- and extra-regionally.
The report also focuses on the issue of critical information infrastructure (CII) protection during a cyber emergency. In the last five years, several initiatives involving dialogue partners, international organisations and the private sector have been established to enhance regional cyber-security capacities and strengthen mutual trust among ASEAN member states. Within the region, Singapore and Malaysia have played critical roles spearheading multi-stakeholder capacity-building initiatives and establishing information-sharing mechanisms in the financial and defence sectors.
While information-sharing and capacity-building measures have boosted the region’s preparedness for cyber attacks against CII, as long as ASEAN’s overall cyber-security architecture remains fragmented this will frustrate further progress. Not only are member states at varying levels of cyber-security maturity, but the region also lacks a common cyber lexicon and sufficient numbers of cyber-security professionals, and has not agreed on a strategic approach towards cyber security.
The report identifies key steps towards creating an ASEAN cyber-emergency-response framework. It recommends identifying priority CII sectors in each member state, as well as strengthening regional support for UN-recommended cyber norms.
In an increasingly connected world, building a cyber-emergency-response framework for ASEAN is a timely measure to boost cyber resilience across the region, while also ensuring that assistance is accorded to member states with less capacity for dealing with cyber crises.
No comments:
Post a Comment