News Commentary

Why ASEAN should step up its cybersecurity efforts

March 16, 2018 | 8:15am

Why ASEAN should step up its cybersecurity efforts

In this August 2017 photo, Southeast Asian foreign ministers meet in Manila.

Pool photo

The Philippine government has adopted the National Cybersecurity Plan 2017-2022 (NCSP), which seeks to address the cyber threats and adopt measures that will lead to a secure and resilient Philippine Cyberspace.

The issuance of the NCSP signaled the government’s recognition that cybersecurity is a critical part of its national security agenda.

During the roundtable discussion on cybersecurity hosted by ADR Institute last March 12, cooperation among states in the cyberspace, specifically the ASEAN was touched on. Very timely, Singapore, being the ASEAN Chair for 2018 will focus on strengthening resilience and promoting innovation, premised on the existence of non-traditional security issues such as cybersecurity threats and risks.

What’s in it for the Philippines?

Taking into account ASEAN’s increasing geopolitical relevance, it has become a target and appears to be more vulnerable to cyber threats. Cybercrimes which include identity theft, online fraud, violation of intellectual property have become a business for many.

As cybersecurity plays a significant role in the booming digital economy of the ASEAN, which is considered a key growth area, it is imperative that countries embark on an ASEAN approach.

There is a need for an ASEAN approach so as to identify a framework that is suitable for Southeast Asian countries. While I believe most, if not all, ASEAN countries have established their own cybersecurity plan, there is a need for countries to synergize.

It must also be noted that within the ASEAN, there are differences in security agendas or priorities and capability. The region can only be as strong as its weakest member state. If that weak state fails to adopt an effective cybersecurity regime, it goes without saying that it allows itself, whether knowingly or unknowingly, to be a safe haven for cybercriminals.

The diverseness of ASEAN member countries cannot be discounted, however. One country maybe advanced in ICT, while another country’s ICT policies could be outpaced. Each country would have their own priority agendas and even level of economic development.
There is no argument that that could be a challenge.

However, to put things in perspective, despite the diversiveness, ASEAN was able to come up with measures relating to economic and political security. While it may be difficult, it is possible to have an ASEAN approach on a very complex issue such as cybersecurity.

What can ASEAN do to enhance confidence in cyberspace?

Perhaps the ASEAN can take a look at historic samples or case studies to determine what strategies worked and which initiatives fell short or remained futile.

Numerous confidence-building measures covering legal, technical, organizational issues are being advanced. As much as it is helpful to have a plethora of measures, it can sometimes be overwhelming.

As such, ASEAN, in coming up with confidence building measures can first lay the foundation for such framework by: building on existing ideas and concepts that has been discussed on cyberspace; continue to build awareness by providing an accurate picture of the cybersituation.

Through these efforts, challenges and threats to cyberspace, whether existing or potential could be more easily identified. Cyber awareness varies from country to country. Hence, any variation in approaches and even simple terminologies could raise conflict or disagreement.

It is imperative that while definitions should be set, ASEAN should not lose focus on the real issue whether from the technical, legal or political perspective. Further, ASEAN should be able to identify the best practices in attaining cybersecurity.

Lastly, ASEAN as a regional bloc should pursue global cooperation as a response to rising threat in the cyberspace. While ASEAN approach is necessary, it cannot be emphasized more that cybercrimes or threats are transnational crimes and is deemed a global issue, which consequently can only be solved through global collective efforts as well.

The member states’ collective effort in coming up with a framework on cyberspace would prove that ASEAN is indeed a valuable organization in maintaining regional security.

Moving forward

The use of technology in strategic affairs have vastly changed global interaction, characterized by a rapid spread of information, uncertainty, and anonymity. The developments in cyberspace have altered the dynamics in handling national security.

While numerous cyber-related programs are being developed and implemented by various state and non-state actors with the aim of promoting cybersecurity, these efforts can sometimes be the very reason for the uncertainty in cyberspace. These has resulted to several dilemmas that may impede state and non-state actors from being transparent when dealing with each other.

Notwithstanding such dilemmas, and while it may sound too idealistic, the timely exchange of true and accurate information, transparency, and good faith are key to an effective strategy to enhance cybersecurity in the region.

Atty. Katrina Clemente-Lua is an executive director of the Stratbase ADR Institute.