Can ASEAN stop the scourge of cybersecurity threats?

A member of the military specialised in cyber defense works on servers in Lille on January 23, 2018 (AFP Photo / Philippe Huguen)

The Southeast Asian region is a hotbed for development. The digital economy of the 10-member Association of Southeast Asian Nations (ASEAN) alone currently generate US$150 billion in revenue annually and could potentially add US$1 trillion to its collective Gross Domestic Product (GDP) over the coming decade.

Information technology (IT) is fast reshaping the way ASEAN citizens live, work and interact with one another. With a young population where some 40 percent are below the age of 30, most are accustomed to the digital realm and are in some way or another, connected to the regional digital ecosystem. These past few years have seen an uptick in the growth of e-commerce websites like Lazada and Alibaba, increase in active social media users and a growing internet and smartphone penetration especially in rural parts of the region.

However, as with all types of progress, there is a flip side to this. As the region progresses in the cyber domain, it inadvertently exposes itself to the threats of malicious cyber-attacks. Blackhat hackers are already gaining an upper hand in the region due to the lacklustre cybersecurity frameworks currently in place by member states. Moreover, as the digital space becomes more boundless, cyber-threats become more transboundary, making it even more difficult to apprehend perpetrators of cyber-attacks.

According to a report by management consulting firm AT Kearney, cybersecurity expenditure by ASEAN member states are woefully dismal when compared to the global average. This could potentially result in the top 1,000 ASEAN companies losing almost US$750 billion in market capitalisation. To negate this, the 10-member bloc will have to spend an estimated US$171 billion collectively on cybersecurity between 2017 and 2025.

Due to financial limitations, countries cannot afford to develop frameworks at a national level alone to combat this cross-border threat. Hence, the solution has to be financially viable and regionally applicable for it to be a strong deterrent to such attacks.

Singapore’s chairmanship of ASEAN has elicited some positive results in this endeavour. The ASEAN Leaders’ Statement on Cybersecurity Cooperation, was formally announced in the 32nd ASEAN Summit which ended last week. The document reaffirms the need for closer collaboration and cooperation between member states and tasks the relevant ministries of these states to come up with suggestions and measures to take in order to combat this threat.

Besides that, the ASEAN-Japan Cybersecurity Capacity Building Center (AJCCBC) is set to be launched in June to train up to 1,200 security agency personnel by 2021. Cybersecurity cooperation with Japan is definitely a welcomed proposal given that ASEAN can leverage on their experiences – both good and bad – in dealing with cyber threats.

On top of that, Singapore has already been investing in a ASEAN Cyber Capacity Program (ACCP) since 2016 which aims to fund capacity building to counter digital threats to ASEAN member states. The program includes workshops, conferences and consulting which would help enable the formation of cybersecurity policymaking and strategies to be developed at a domestic level.

However, progress in this domain is slow due to the ASEAN Way which is rooted in the principles of non-interference and consensus. In ensuring sufficient cyber resilience, ASEAN member states would have to come to an agreement on data and resource sharing as a potential attack on the regional cyber realm would have an effect on all member states but prevailing data and privacy laws may inhibit such progress. Data sovereignty issues like this should be the first thing to be tackled when negotiating a regional cybersecurity framework.

After all, the region stands at the precipice of boundless potential. Chinese e-commerce firms, Silicon Valley giants and even homegrown IT players need a secure cyberspace to harness this potential. We should not lose this or be afraid to take steps forward in pursuing a digital agenda because of cybersecurity threats. Threats like this are inevitable as Southeast Asia continues to develop and in fighting them, ASEAN’s mettle will be put to its ultimate test.