THINK TANK | The Possible Cyber Security Cooperation Models for ASEAN Countries

This article tries to analyse what kind of framework/model ASEAN will need on preparation to widen its security agenda to cyber world in the future to complete its preparation of being connected.

By Khanisa Krisman

Centre for Political Studies, Indonesia Institute of Sciences (LIPI)

Image Attribute: The Conversation / Creative Commons

As Cyber Security becoming a global concern, the need to arrange a cooperation to overcome cybercrime threat is inevitable. Many countries started to realize the importance of having cooperation to tackle the growth of cybercrime. This argument also implied in a statement by Eun-Ju Kim, the ITU (International Communication Union) Regional Director for Asia and the Pacific, “The best way to counter this crime is through close partnerships and cooperation in an interdependent information society” (UNODC, Cybercrime in Asia and the Pacific: Countering a Twenty-First-Century Security Threat).

Dr. Hamadoun Touré in his ITU Publication “Quest for Cyber Peace” (2011) enlists some cooperation addressed to this issue. Some of them are Council of Europe with Convention on Cybercrime 2001, North Atlantic Treaty Organization (NATO) with Cyber Defence Management Authority, and United Nation which implement cybercrime prevention on some of its branch like the UN Economic and Social Council and United Nations Office on Drugs and Crime.

From all written above, Council of Europe’s Convention on Cybercrime (2001) is the earliest international formal cooperation who set the definition, typology, and measures to be taken to cope with cyber-crime. It has signed by 49 countries, four are from outside the Europe, and they are Japan, South Africa, Canada and United States. The numbers who have ratified is 39 countries, as the Belgium as the newest one, who ratified it in 2012, and two countries in latest accession status, Australia in 2012 and Dominican in 2013 Republic (Council of Europe Treaty Office, 2013). 

This comprehensively written agreement can be a good source to look at what ASEAN needs to prepare and socialize among each member before working on the actual framework of cyber security cooperation. The most important part to be examine for the future framework is Chapter III of the convention which includes article on extradition (article 24), vast scope of mutual assistance in cyber space (Article 25-35) and active communication (article 35). Regulation regarding extradition is important in cyber-crime is a transnational-based crime whose offender can launch their attack from anywhere outside the country. For the later matters on mutual assistance and active communication, these arrangements can answer the fulfillment of gaps between ASEAN countries that more advance parties have the obligation to encourage the region to stand on the same standard before enforcing the cooperation framework.

Another example of cyber security cooperation is offered by NATO with their cyber defence framework. In their document released in 2011, the alliance draft their cyber defence agendas not only in regard of securing the region in defensive mode trough NATO Cyber Defence Management Board and NATO Computer Incident Response Capability, but also integrating it into the national policy of the Alliance members and encouraging education in cyber defence sector with NATO Cooperative Cyber Defence Centre of Excellence (NATO 2011).

NATO’s cooperation might seem very organized and can be strongly recommended for ASEAN to build such cooperation, but it has to be realized that NATO and ASEAN have a different platform of cooperation. ASEAN is not security alliance and in ASEAN, where noninterference and sovereignty are two of some basic principles, defence policy is a very crucial aspect to be interrupted. Each country has their own view and ASEAN cannot dictate members’ domestic area. The framework of ASEAN future cooperation has to be emphasized on security of the region as a whole without disturbing its member sovereign.

Another example of cooperation, Asia Pacific Computer Emergency Response Team (APCERT), took the form of regional cooperation. APCERT members are CERT and Computer Security and Incident Response Team (CSIRT) of each country, the main legal body in combating cybercrime. Its missions are enhancing cooperation, developing measures to overcome cases, facilitating in information sharing, promoting research and development, assisting conduct on CERT, and providing recommendation on legal issues (APCERT: Missions Statement). Moreover since the members are team of experts, APCERT will be able to focus on the technicalities to overcome cyber threat, event like drill exercise is the one of the main program held annually (APCERT: Operational Framework, p 8).

This model might be the one ASEAN is aiming for, since almost all ASEAN member countries are also joining APCERT it is probably easier to use APCERT model and configure ASEAN’s cyber security framework based on that model. However, APCERT is less legitimate than the other two previous examples. As mentioned, APCERT members are only technical bodies of the member states that lacking of political power to make significant policy change. If ASEAN take APCERT format cooperation as a whole, it will only make a cooperation that will overlap with APCERT agenda and will not be powerful enough to make any changes in governmental level.

Cite this Article:

Krisman, Khanisa: A Secure Connection: Finding the Form of ASEAN Cyber Security Cooperation. In: Journal of ASEAN Studies 1 (2013), 1, pp. 46-48. URN: http://nbn-resolving.de/urn:nbn:de:0168-ssoar-441755

This article is made available under a CC BY-NC Licence (Attribution-NonCommercial) by the original publisher. For more Information see: http://creativecommons.org/licenses/