On February 17, Japan’s NEC Corporation announced that it had secured a contract from Japan International Cooperation Agency (JICA) to help boost Southeast Asian cyber capabilities. The move is just the latest in a series that highlights Tokyo’s ongoing efforts to expand its security role in the subregion, including in the cyber domain.
According to a statement by the NEC Corporation, it has been charged with providing cyber-attack defense for officials from governmental institutions responsible for cyber security in six members of the Association of Southeast Asian Nations (ASEAN) – Indonesia, Vietnam, the Philippines, Myanmar, Laos, and Cambodia. The training will take place in Japan over a three year period, with the aim of improving incident response as well as the implementation of countermeasures. The first round is scheduled from February 20 to March 3.
The news comes as no surprise to seasoned observers of Asian security. As I have noted previously, since Prime Minister Shinzo Abe’s return to office in December 2012, Japan has invested more in the defense side of its relationships in Southeast Asia, making inroads with several individual countries but also with ASEAN as a bloc with the convening of the inaugural ASEAN-Japan Defense Ministers’ Informal Meeting back in December 2014. At the second iteration of that meeting in December in the Lao capital of Vientiane, Defense Minister Tomomi Inada unveiled what officials have said is Japan’s first comprehensive regionwide initiative for defense cooperation, called the Vientiane Vision (See: “Japan Reveals First ASEAN Defense Initiative with Vientiane Vision”).
More specifically, cybersecurity has been an area of focus for Japan and Southeast Asian states in their growing defense relationship. That makes sense for both sides. From a Southeast Asian perspective, the events of the last few years have exposed their cyber vulnerabilities, and addressing them is crucial in order to construct a secure information and communications network, to foster a stable business environment, and to secure the nation, including its critical infrastructure.
That is why we have seen ASEAN states focusing more on boosting their capabilities as well as working more with each other and extraregional partners as well such as Japan. Examples abound, whether it is Indonesia’s effort to create a new cyber agency, Singapore’s new ASEAN Cyber Capacity Program (ACCP) announced at the inaugural ASEAN Ministerial Conference on Cybersecurity last October, or the Philippines’ proposal to establish a cyber security working group within the ASEAN Defense Ministers Meeting Plus (ADMM-Plus) that was accepted last year (See: “Singapore Unveils New ASEAN Cyber Initiative”).
From Japan’s perspective, partnering with Southeast Asia is a logical move. At general level, there is a convergence in threat perceptions, especially as Japan’s vulnerability to cyber attacks has been exposed in a series of high-profile breaches over the past few years. At the same time, as Japan has begun investing more in cybersecurity efforts in recent years to address its glaring deficiencies – not just in technology, but broader capacity-building including exercises and expertise – its capabilities are of interest to less capable Southeast Asian states. More broadly, creating a stable, secure and prosperous subregion is not only in line with Japan’s role as a key player in regional economic and security challenges, but helps promote Japanese economic, security, and business interests as well.
Given all this, it is no surprise that Japan-ASEAN cooperation in the cyber realm has been expanding over the past few years. Cyber has been addressed as part of the ASEAN-Japan Information Security Policy Meeting, which has been held since 2009, but also various other mechanisms, dialogues, and initiatives with varying degrees of specificity like the ministerial policy meeting on cybersecurity cooperation. Much of this has been directed at addressing the expressed need from Southeast Asian states for more technical and financial assistance to carry out training and other exchanges and dialogues for various security services.
The training by the NEC announced last week is yet another example of Japan’s ongoing efforts in the cyber realm with Southeast Asian states. It features not just lectures on the latest threats and security measures, but also drills similar to the ones that have been conducted by the Japanese government for its own security and visits to select cyber security-related facilities in the country. This will no doubt be useful for Southeast Asian states as they formulate their own responses to one of the critical challenges of the 21st century. But it will also be an opportunity for Japan to better understand as well as shape the subregion within which its own security challenges play out.