While there were a whole range of security issues discussed at the 32nd ASEAN Summit held in Singapore over the weekend, one area that got significant emphasis was the cyber domain. The focus on cybersecurity reflects both the growing regional and international attention to the issue as well as the city-state’s ongoing efforts to boost bilateral and regional collaboration on this front, especially as the holder of the annually rotating ASEAN chairmanship this year.
As I have noted before, Southeast Asian states as well as ASEAN as a grouping have been grappling with a growing cyber threat. ASEAN’s cyber challenge is immense as states try to balance the opportunities afforded by the digital economy – which is a significant driver of economic and technological progress – with the challenges due to the increased sophistication of cyber threats in an increasingly networked world and their links to other challenges such as terrorism and fake news (See: “Winning Asia’s War on Fake News”).
There already are a variety of national, bilateral, and regional arrangements, mechanisms, and forums that Southeast Asian states have put in place over the past few years to manage challenges in the cyber realm focused on areas like incident response, confidence-building, and cyber capacity-building. Several countries have set up new cyber agencies at home, new regional initiatives have been introduced – from the the ASEAN Cyber Capacity Program (ACCP) advanced in 2016 to the new ASEAN Cybersecurity Cooperation Strategy adopted in 2017 – and other regional partners and international organizations such as Interpol and the United Nations have also been working with Southeast Asian states on cyber issues as well (See: “Singapore Unveils New ASEAN Cyber Initiative”).
Yet, at the same time, much more remains to be done given the sheer scale of the threat as well as the significant challenges that Southeast Asian states continue to face due to a range of issues including capacity constraints and ideological differences over how to advance the agenda.
As Singapore took over the ASEAN chairmanship this year, officials had made clear that cyber issues would be a priority given the importance of the issue for Singapore and the region. That came as no surprise. As a developed, highly-networked country which relies on its reputation for security and stability to serve as a hub for businesses and attract talent, as well as a recognized regional leade within ASEAN, Singapore has been undertaking a series of measures on its own and with regional states and outside partners in the cyber domain.
During Singapore’s chairmanship, the city-state has continued advancing the agenda around several areas, from increasing capacity-building and coordination to shaping basic norms in cyberspace. Singapore officials had indicated at the outset that its tagline of “resilience and innovation” would include a focus on cyber issues as well as related areas such as e-commerce and the digital economy. The key, Singapore’s Foreign Minister Vivian Balakrishnan had said in a lecture outlining Singapore’s ASEAN priorities last December at the ISEAS-Yusof Ishak Institute, was to boost cyber security as “the flip side” of achieving greater prosperity in the digital economy.
Cybersecurity was once again the spotlight during the 32nd ASEAN Summit over the weekend. Though there was also attention to a range of other security issues within the ASEAN political-security community pillar, from transnational crimes to counterterrorism to maritime security, as was expected, regional states paid particular attention to cyber issues. Singapore’s Prime Minister Lee Hsien Loong emphasized the importance of cyber issues in both his remarks at the summit dinner as well as opening remarks at a press conference customarily given by the ASEAN chair, noting that deeper regional cooperation and coordination needed to “keep up” with the rapid pace of digitalization.
Substantively, the main deliverable in this respect was the ASEAN Leaders’ Statement on Cybersecurity Cooperation. Not unlike other ASEAN statements of this ilk, the Leaders’ Statement mostly reiterated steps already being taken by Southeast Asian states on their own, regionally, and with external partners. But it called for a series of further steps, including the identification of a concrete list of voluntary, practical norms of state behavior in cyberspace and the need to synergize undertakings across ASEAN to avoid duplication (a common problem across issue areas).
To be sure, realizing all of this will not be easy given a whole host of reasons including the scale of the challenge, the constraints Southeast Asian states face, and the differences within ASEAN as a grouping. This will continue to play out through the rest of the year as we see routine meetings take place at the regional level as well as more headlines around select cyber-related developments, such as progress on the new ASEAN-Japan Cyber Center (See: “What’s Behind the New ASEAN-Japan Cyber Center?”). Yet there is little doubt that Southeast Asian states are becoming more aware about the urgency needed to tackle cyber issues, and Singapore’s chairmanship this year provides still more evidence of that.