Cyber ASEAN

Cyber ASEAN Report

Southeast Asia’s digital decade has begun. However, seizing its full potential in the emerging data-driven economy requires confronting head-on fundamental challenges in cybersecurity: Internet penetration is high, but digital inequity is growing; mobile connections are skyrocketing, yet digital literacy to combat cybercrime, disinformation, and misinformation is plummeting. Most importantly, cyberattacks are rising, but trust-building among key stakeholders remains stagnant, or worse, declining. If these issues are not fully addressed, the region’s digital ambitions oriented around ASEAN’s inclusive community-building agenda are likely to be aspirational rather than attainable.

To harmonize and elevate Southeast Asia’s cyber resiliency and capacity, this project offers Cyber ASEAN, the region’s proposed homegrown cyber-capacity assessment framework built around the key dimensions of the ASEAN Cybersecurity Cooperation Strategy 2021-2025. The Cyber ASEAN Framework is composed of four pillars: international collaboration, international technical standards, information-sharing and incident or threat management, and inclusion. The framework’s application aims to provide policy recommendations that are critical to the implementation of the current ASEAN Cybersecurity Cooperation Strategy and its future iterations.

The Cyber ASEAN Framework stands out among existing cyber-capacity assessment frameworks because firstly, it is indigenously designed for Southeast Asia by Southeast Asians. Its purpose and significance are driven by three underlying principles: local context and ownership, agency and autonomy, and public-private-people partnerships. 

Put simply, Cyber ASEAN contends that if cyber capacity-building frameworks and initiatives are grounded, informed, and shaped by the local perspectives of the target stakeholders from the onset of its incubation to operationalization, then Southeast Asia can adopt a more proactive, context-specific, and inclusive approach to raising cyber capacity and resiliency at the sectoral, national, and regional levels.

Secondly, it adopts a participatory design approach called 3C—consultative, collaborative, and community-building. The Cyber ASEAN Framework is the outcome of four multisectoral consultations among its pilot countries in Southeast Asia: Indonesia, Malaysia, the Philippines, and Viet Nam. The four countries are illustrative test cases that can provide comprehensive insights regarding the framework’s application, given their varying digital economic maturity, government systems, and demographics.

Finally, because of its 3C approach, the Cyber ASEAN Framework is tailored to the distinct contexts and priorities of the four countries, thereby ensuring a degree of local buy-in and ownership. Using the four pillars of the framework, stakeholders can better understand and operationalize pragmatic approaches to cybersecurity, and, in the process, advance and achieve the ASEAN community’s vision for cybersecurity and resiliency.

Guide to the publication:

This report is divided into two interlinked sections: Foundation and Application. Setting the context for the report, Part I: Foundation tackles the “so-what” of Cyber ASEAN, specifically the need to reimagine the conduct of cyber capacity-building in Southeast Asia. The proceeding chapters then examine the evolution of cybersecurity cooperation in ASEAN before diving into the strategic and economic imperatives of raising cyber-capacity:

  • Reimagining Cyber Capacity-Building in Southeast Asia: The Cyber ASEAN Framework

Mark Bryan Manantan

  • Tracing the Development of Cyber Cooperation in ASEAN: Progress and Shortcomings

Mabda Haerunnisa Fajrilla Sidiq

  • Buffering: Southeast Asia’s Response to Cyber Insecurity

Mark Bryan Manantan and Lesley Manantan

  • Assessing the Economic Benefits of Cybersecurity Standards in Southeast Asia

Adrian Glova and Mark Bryan Manantan

In Part II: Application, the Cyber ASEAN Framework is operationalized. Each chapter provides the main findings of the multistakeholder country consultations held in Jakarta, Kuala Lumpur, Manila, and Hanoi in greater detail:

  • Indonesia

Fitri Bintang Timur

  • Malaysia

Farlina Said

  • Philippines

Genalyn Macalinao

  • Viet Nam

Nguyễn Việt Lâm, Ph.D. and Đỗ Hoàng

We invite you to immerse yourself in this publication to grasp Southeast Asia’s first homegrown cyber capacity assessment framework, which highlights the region’s complex cybersecurity challenges, as well as its innovative, entrepreneurial, and inclusive approaches.

Read the Report