Last week, Thai officials disclosed more details about the future direction of a new Japan-ASEAN cyber center. Though this is just one of a series of efforts being undertaken to address cyber challenges by Southeast Asian states and their partners and many of these specifics had already been announced late last year, it is nonetheless testament to the inroads being made as well as the increased regional emphasis on this important realm.
As I have noted before, as Japan has sought to boost its security ties with Southeast Asian states over the past few years, one of the areas of emphasis has been cybersecurity. That makes sense for both sides: not only have their vulnerability to cyber attacks been exposed in recent years, but there is an urgent need to strengthen the capabilities less capable Southeast Asian states in this respect to boost wider regional resilience and also promote economic, security, and business interests more generally (See: “Japan-ASEAN Cyber Cooperation in the Spotlight”).
As a result, it is little surprise that we have seen cyber feature in Japan-ASEAN interactions in recent years, whether as part of meetings on information security and cyber security or in terms of new training initiatives to boost cyber-attack defense for Southeast Asian government institutions that have been announced. This is amid the broader focus on cyber that we have seen in the region as well, with individual countries setting up dedicated cyber agencies and more regional efforts, be it Singapore’s new ASEAN Cyber Capacity Program (ACCP) announced at the inaugural ASEAN Ministerial Conference on Cybersecurity in October 2016 or the new cyber security working group within the ASEAN Defense Ministers Meeting Plus (ADMM-Plus) that was finally accepted (See: “Singapore Unveils New ASEAN Cyber Initiative”).
One of the ideas that had been under consideration within this broader context was the establishment of a new ASEAN-Japan cyber center to facilitate the training of security agency personnel of ASEAN countries in the next few years. Last December, at the ASEAN Telecommunications and IT Ministers meeting (TELMIN) meeting held in Cambodia, it was agreed that Thailand would be the host for the establishment of the so-called ASEAN-Japan Cybersecurity Capacity Building Center (AJCCBC), which would be set up with Japanese funding as well as training.
Last week, Thai officials disclosed a few more specifics about the Center and its future direction. Pichet Durongkaveroj, Thailand’s minister for digital economy and society, said that while details and preparations are still being made that will affect budgeting as well as future action plans, the Center would officially be launched around June, during which it would conduct the first round of training. The initial goal had been to train 300 personnel a year for four years for a total of 1,200 out to 2021, and Japan had made an initial commitment of $5 million.
The training hosted by the AJCCBC, which will be managed by the Electronic Transactions Development Agency (ETDA) as the lead agency, is expected to initially cover areas such as previously discussed ranging from malware analysis to incident response. Specifically, ETDA has indicated that the initial courses will include cyber defense with recurrence (CYDER) to handle cybersecurity incidents; forensics and digital evidence with respect to cyber attacks; and malware analysis trends and developments. There will also be other interactions as well such as an annual Cyber SEA Game.
As Pichet himself rightly noted, it is difficult to assess the AJCCBC given how new much of all this is. Much will depend not on just how the initial training goes, but how successful it is in actually boosting the still very limited capabilities of some Southeast Asian states, and how the AJCCBC itself will evolve beyond the initial round of funding and training that Japan is spearheading, especially within the context of other domestic and regional initiatives. That said, from a broader perspective initiatives like the AJCCBC are testament to the increased regional emphasis on cybersecurity as well as renewed efforts to tackle this challenge together.