ASEAN Cyber Diplomacy: Overcoming Differences

Oleg Abdurashitov, Head of Public Affairs, Asia Pacific

The ASEAN countries announced building vibrant digital economies as their priority and may well be on the path to create one of the world’s largest digital marketplaces. Singapore – the current chair of ASEAN – is advocating for the region-wide e-commerce agreement, and Credit Suisse already projects the e-commerce market to reach 90 billion dollars by 2025. However, on the path to securing the growth of the digital economy, ASEAN member countries will have to navigate through the competing approaches to cyberspace governance.

There are two prevalent and widely different approaches to regulating cyberspace - that of ‘digital sovereignty’ and ‘multistakeholder governance’.  With those approaches being advocated by the two largest trade partners of ASEAN – China and the United States respectively - experts note that ‘it would be unwise if ASEAN countries have to pick a side on questions as ideologically divided as cyber sovereignty’ (The Diplomat).

The question hence is how ASEAN member countries will chart their own course in cyberspace, balancing the interests of individual members of the one hand and the need for universally applicable regional norms on the other. The answer to it may lie in ASEAN’s traditional focus on economic development, and its historical ability to manage the differences among its members and seek compromises and practical solutions.

Among the signs of this ongoing practical inter-regional cooperation are ASEAN Cybersecurity Cooperation Strategy adopted in March 2017 and ASEAN Declaration to Prevent and Combat Cybercrime, signed in November 2017 in Manila. Earlier in 2017, ASEAN Defence Ministers Meeting (ADMM) announced the creation of ADMM-Plus Experts’ Working Group on Cyber Security to cooperate on enhancing cyber security capability (ADMM Joint Declaration, October 2017). In November 2017 members of ASEAN Regional Forum also agreed to establish the ARF Inter-Sessional Meeting (ISM) on ICT Security, that observers called the ‘Asian version of the UN Group of Government Experts’ (Council on Foreign Relations).

The ASEAN cyber diplomacy pioneers, Singapore and Malaysia, are ranked at the very top of the ITU’s Global Cybersecurity Index, and both well understand the need for transnational cooperation. Singapore, which is currently chairing ASEAN, is a host country for ASEAN Ministerial Conference on Cybersecurity and the largest contributor to ASEAN Cyber Capacity Programme (ACCP), as well as one most vocal advocates on cyberspace norms and CBMs in the UN. Malaysia co-chaired and hosted the ARF inaugural ARF Inter-Sessional Meeting (ISM) this year, and has long been one of the key enablers of technical cooperation in the region through its cyber agency CyberSecurity Malaysia, the co-founder of the Asia Pacific Computer Emergency Response Team (APCERT) and its current deputy chair.

Other major regional players, such China, Japan, and Australia also focus much of their cyber diplomacy efforts on ASEAN. 2018 ASEAN-China ICT Work Plan covers activities for information exchange and cooperation in capacity building on network security emergency; ASEAN ICT ministers also endorsed China’s proposal for ASEAN-China Network Security On-Site Training Program.

Japan actively promotes cooperation between CERTs and initiated the The CyberGreen Institute, which provides a health check of countries infection rates. The country drives ASEAN-Japan Cybercrime (AJCC) Dialogue, which is taking place in Brunei this year for the third time. Japan has also announced the launch of ASEAN-Japan Cybersecurity Capacity Building Centre in Thailand this year.

Australia’s International Cyber Engagement Strategy, launched in October 2017, is aiming for strengthening information sharing, response cooperation, and governance in the Indo-Pacific region. Australia already enjoys long-standing security partnerships with some key players in the region, and shared challenges and opportunities of cyberspace have been among the key themes of the Australia-ASEAN Special Summit in March 2018.

ASEAN also benefits from international organizations that proactively contribute to ASEAN cyber capacity building and cybercrime prevention. In particular, INTERPOL Global Complex for Innovation, located in Singapore, offers a convenient platform for region-wide initiatives, such as the regular meetings of ASEAN Heads of Cybercrime Units or the ASEAN-wide cybercrime operation which brought together law enforcement agencies and private sector partners.  

The dynamic institutional environment and shared understanding that cyber is key to national development, create further opportunities for collaboration on governmental (Track 1) or non-governmental (Track 2) levels in ASEAN. Elina Noor, one of the Asia’s foremost cyber policy experts, now calls for ASEAN and other East Asian governments to look beyond purely economic incentives and ‘promote trust and build confidence rather than to utilize cyber space as another domain to chart strategic maneuvers for power and influence’ (Japan Center for International Exchange, “Strategic Governance of Cyber Security: Implications for East Asia”). And from this point of view, the pragmatic ASEAN approach towards cyber diplomacy may offer a working alternative to separated ‘cyberspaces’ where only like-minded countries are allowed.