Association of Southeast Asian Nations
Founded in 1967, the ASEAN is composed of 10 Member States: Brunei, Cambodia, Indonesia, Laos, Malaysia, Myanmar, Philippines, Singapore, Thailand and Vietnam. Around the end of the 1990s, the ASEAN began dealing with cyber issues, namely in the field of transnational crimes. For example, in the field of non-conventional cyber threats it strengthened the CERT-to-CERT collaboration during the 19th and 20th ASEAN Regional Forum (ARF) respectively in 2012 and 2013. This collaboration strengthened national capacities on how to respond to cyber incidents through trainings and exercises while creating a web of contacts to facilitate communications in times of crisis.
ASEAN ICT Masterplan 2020
https://www.asean.org/storage/images/2015/November/ICT/15b%20--%20AIM%202020_Publication_Final.pdf
https://cil.nus.edu.sg/databasecil/2016-2020-asean-ict-masterplan/
This document contains initiatives, measures and actions for the development of the ICT from 2015 to 2020. It focuses on 8 specific areas: 1) economic development and transformation, 2) integration and empowerment through ICT, 3) innovation, 4) ICT infrastructure development, 5) human capital development, 6) ICT in the ASEAN single market, 7) new media and content, and 8) information security.
2015 ASEAN Regional Forum Work Plan on Security of and in the Use of Information and Communications Technologies
https://cil.nus.edu.sg/wp-content/uploads/2019/02/2015-ARF-WP-on-ICT-Security.pdf
The forum’s aim is to strengthen the cooperation between ARF countries in the ICT field. Four are the objectives proposed: 1) to promote the transparency and the development of CBM between participating Countries as to reduce the risks of tension and potential conflicts, 2) to raise awareness on threats to ICT security, 3) to enhance practical cooperation between Member States in the protection of ICT-enabled critical infrastructures, 4) to improve coordination between Member States’ response to malicious ICT activities. In order to reach these objectives, a Study Group on Confidence Building Measures is established so to conduct seminars and workshops for ARF participating Countries.
ASEAN Framework on Digital Data Governance
https://asean.org/storage/2012/05/6B-ASEAN-Framework-on-Digital-Data-Governance_Endorsedv1.pdf
https://asean.org/storage/2018/12/TELMIN-18-JMS_adopted.pdf
This document contains the ASEAN legal framework for the process of digital data. It sets 4 priorities in this regard: 1) Data Life Cycle and Ecosystem, 2) Cross Border Data Flows, 3) Digitalization and Emerging Technologies, and 4) legal and regulatory perspectives. This document also contains 4 initiatives for the accomplishment of these 4 priorities: 1) ASEAN Data Classification Framework, 2) ASEAN Cross Border Data Flows Mechanism, 3) ASEAN Digital Innovation Forum, and 4) ASEAN Data Protection and Privacy Forum.
Japan-ASEAN Cybersecurity Policy Handbook
https://www.meti.go.jp/english/press/2017/1016_002.html
This handbook is a summary created for the tenth anniversary of the inauguration of the ASEAN-Japan Information Security Policy Meeting.
ASEAN Framework on Personal Data Protection
https://asean.org/wp-content/uploads/2012/05/10-ASEAN-Framework-on-PDP.pdf
https://asean.org/storage/2012/05/TELMIN-16-JMS-Final-cleared.pdf
This framework aims to strengthen protection and cooperation of personal data in ASEAN Countries, as a contribute to the promotion of the flow of information’s growth at a regional and global level. To this end, 4 core principles of data protection are created. Participating Countries will join seminars, and joint research and activities about information sharing.
CIIP Guidelines, 9th ASEAN-Japan Information Security Policy Meeting
https://asean.org/storage/2012/05/01-CIIP-Guidelines-Ver3.0.pdf
https://www.meti.go.jp/english/press/2016/1024_03.html
This document is an acknowledgment of the new guidelines for the protection of critical information infrastructure, as a revision of the 2015 guidelines.
ASEAN Leaders’ Statement on Cybersecurity Cooperation
https://asean.org/storage/2018/04/ASEAN-Leaders-Statement-on-Cybersecurity-Cooperation.pdf
https://asean.org/asean-leaders-statement-on-cybersecurity-cooperation/
Through this document, ASEAN Countries declared their continued efforts in cybersecurity cooperation.
ASEAN Declaration to Prevent and Combat Cybercrime
https://asean.org/wp-content/uploads/2017/11/ASEAN-Declaration-to-Combat-Cybercrime.pdf
This Declaration regards the cooperation against the cybercrime in accordance to 10 specific measures.
ARF Statement by the Ministers of Foreign Affairs on Cooperation in Ensuring Cyber Security
This Declaration concerns the need of a strong cooperation at the regional level while suggesting 5 measures that ARF participating countries should implement.
ASEAN Regional Forum Inter-Sessional Meetings on Security of and in the Use of Information and Communication Technologies (ARF ISMs On ICTs Security)
http://aseanregionalforum.asean.org/wp-content/uploads/2019/01/ANNEX-12.pdf
https://www.mofa.go.jp/press/release/press4e_002400.html
This meeting is a fruit of precedent sessions regarding CBM’s growth in initiatives while proposing 5 measures: 1) Establishment of ARF Points of Contact (POC) Directory on Security of and in the Use of ICTs, 2) Sharing of Information on National Laws, Policies and Best Practices, 3) Protection of Critical Infrastructures and Consultations Mechanism, 4) Awareness-Raising and Information Sharing on Emergency Responses to Security Incidents in the Use of ICTs, and 5) ARF Workshops on Principles of Building Security of and in the Use of ICTs.
ASEAN-Japan Cybercrime Dialogue (series of meetings)
https://www.mofa.go.jp/fp/is_sc/page23e_000458.html
https://www.asean2019.go.th/en/meeting/3rd-asean-japan-cybercrime-dialogue/
These were 3 meetings held between 2014 and 2019 regarding cooperation in the ASEAN-Japan area against cybercrime. Measures like information sharing and best practices are suggested as tools to enhance cooperation effectiveness
ASEAN Cyber Norms Workshop
It is a workshop regarding the importance of the norms for State’s responsible behavior in cyberspace.
ASEAN Ministerial Conference on Cybersecurity, Third Edition
https://www.csa.gov.sg/news/press-releases/amcc-2018
This Conference was held in September 2018 during the Singapore International Cyber Week with the participation of all minister and officials of the 10 ASEAN states
ASEAN Cyber Risk Reduction Workshop
https://www.csa.gov.sg/news/speeches/asean-ministerial-conference-on-cybersecurity-2017
This is a speech given by Dr. Yaacob Ibrahim, Minister of Communications and Information as well as Minister of Cybersecurity of Singapore during the opening ceremony of the ASEAN Ministerial Conference on cybersecurity in September 17th 2017.
ASEAN-Japan Information Security Policy Meetings (10th edition), to be renamed to the Japan-ASEAN Cybersecurity Policy Meeting
https://www.meti.go.jp/english/press/2017/1016_002.html
This is the Tenth edition of the ASEAN-Japan Information Security Policy Meetings confirming the efforts previously made by participating Countries in 1) the protection of critical information infrastructure, 2) the creation of an emergency system to cyber incidents and attack’s response, and 3) the development of human resources in cybersecurity. Participating Countries also agreed on future efforts in the cooperation between Japan and ASEAN region.
ASEAN Telecommunications and Information Technology Ministers Meeting (TELMIN), 16th edition (Bandar Seri Begawan, Brunei Darussalam)
https://asean.org/storage/2012/05/TELMIN-16-JMS-Final-cleared.pdf
It is a revision of the progresses made in the creation of a connected community, through measures like the implementation of the AIM2020 (ASEAN ICT Masterplan 2020) and of the ASEAN Framework on Personal Data Protection. It expresses the commitment to strengthen the cooperation and the dialogue with partners in the private sector to further develop the ICT environment.
Symposium: ASEAN Cyber Security and Cyber Crime Center: Possibility and Way Forward (Bangkok)
After the presentation of GLACY and GLACY+ initiatives, ASEAN member States are considering the creation of a similar initiative for their region. Japan and Philippines underlined the importance of the Budapest Convention in the global fight to cybercrime.
Seminar on Confidence Building Measures in Cyberspace (Seoul)
http://www.mofa.go.jp/files/000016406.pdf (collegamento rotto)
It is a seminar held between 4 sessions that revisits the principal problems of the use of the ICT, like the identification of threats in cyberspace, the creation of CBM and capacity building, and the norms for the responsible behavior of States in cyberspace.
Cyber Incident Response Workshop (Singapore)
This workshop deals with 4 principal areas: the understanding of domestic ICT organizations of every participating country (procedures, law enforcement powers and equivalency of offences), the creation of mechanisms to communicate and share information in the event of a cyber-incident, the identification of the best models in the region, and to strengthen the capacity building of States with less mature frameworks.
Workshop on Proxy Actors in Cyberspace (Hoi An City, Quang Nam Province, Viet Nam)
http://aseanregionalforum.asean.org/library/arf-chairmans-statements-and-reports.html
It is a workshop on proxy actors in cyberspace.
ASEAN-Singapore Cybersecurity Centre of Excellence
https://www.tnp.sg/news/world/singapore-open-cyber-security-centre-boost-aseans-security
It is an extension of the ACCP (ASEAN Cyber Capacity Programme) that aims to strengthen the cyber capacity of ASEAN Member States and to train the national CERTs in information sharing.
ASEAN-Japan Cybersecurity Capacity Building Centre
https://www.etda.or.th/content/mdes-to-launch-ajccbc-this-june-in-preparation-for-cyber-attacks.html
This Cybersecurity center will assist member States in 3 key areas: cyber incident management, cybersecurity forensics and malware analysis. The center will prepare 700 experts in cybersecurity by 2022.
ASEAN-Japan Information Security Drill
http://en.qdnd.vn/social-affairs/news/vietnam-hosts-2018-asean-japan-cyber-security-drill-493191
It was an exercise held in Vietnam to build a better coordination between national and international agencies.
ASEAN CERT Incident Drill (ACID), 12th edition (Hanoi)
http://hanoitimes.vn/asean-cert-incident-drill-held-in-hanoi-42905.html
It was an exercise with the participation of 15 national CERTS from South East Asia.
ASEAN Cyber Capacity Programme (ACCP)
https://www.csa.gov.sg/-/media/csa/documents/sicw2016/amcc/factsheet_accp_final.pdf
This project aims to strengthen the cyber capacity of ASEAN member States. It was provided with 10 million SGD.
ASEAN Cyber University Project
http://www.aseanoer.net/about/acu-project.acu
This Global Cyber University aims to form cybersecurity experts in the ASEAN region, while strengthening the relationship between ROK and ASEAN.
ASEAN-United States Leaders’ Statement on Cybersecurity Cooperation
https://asean.org/storage/2018/11/ASEAN-US-Leaders-Statement-on-Cybersecurity-Cooperation-Final.pdf
https://asean.usmission.gov/asean-united-states-leaders-statement-on-cybersecurity-cooperation/
This Statement reaffirms the efforts and cooperation between ASEAN and United States in cyberspace. In detail, 13 points are set to reach the objective of a more open and safer cyberspace.
INTERPOL-led cybercrime operation across ASEAN
https://www.computerweekly.com/news/450417440/Interpol-uncovers-nearly-9000-C2-servers-in-ASEAN
It sets out the cooperation between ASEAN, INTERPOL and the private sector. It identified 9000 server of command and control that allowed numerous kinds of attacks (malware, ransomware, DDOS) against 8 different nations.
Japan's International Campaign for Information Security
https://www.nisc.go.jp/security-site/eng/campaign/index.html
It is a promotional activity on the importance of cybersecurity, with the collaboration of ASEAN member States.
Creation of National Security Operations Centres (SOC)
Under the “ACCC” (ASEAN Cyber Collaboration Centre), this initiative forms a SOC (Security Operations Center) with the participation of all 10 ASEAN member States. This platform permits a horizontal information sharing and surveillance against possible threats. It also acts as a platform for regional research on cybersecurity.