18 July 2013
CO13133 | Enhancing ASEAN-wide Cybersecurity: Time for a Hub of Excellence?
Synopsis
In line with the region’s aim to establish an ASEAN Community by 2015, the ASEAN ICT Masterplan envisions the creation of a global ICT hub. A cohesive and comprehensive effort to tackle cybersecurity issues is a prerequisite for an ASEAN Community and is in the shared interests of ASEAN member states.
Commentary
THE ASEAN ICT Masterplan 2015 (AIM2015) envisions creating a global Information and Communications Technology (ICT) hub. The grouping’s ambition is to distinguish itself as a region of high quality ICT infrastructure, skilled manpower and technological innovation.
In support of these plans, member states should spur the creation of a cybersecurity hub of excellence in the region as part of a wider comprehensive cybersecurity strategy.
Lack of region-wide cohesiveness
National and regional moves to adopt comprehensive cybersecurity strategies have been somewhat slow and fragmented across the globe. To date, ASEAN’s efforts to adopt a comprehensive regional framework for cybsersecurity are equally piecemeal.
This lack of region-wide cohesiveness does not help the region’s security and impairs the ASEAN Economic Community Blueprint to become a single market and production base, a highly competitive economic region, and one that is fully integrated into the global economy. Indeed, an ASEAN-wide comprehensive cybersecurity framework has yet to be developed, official public documents are vague, the 2013 schedule for ASEAN official meetings does not include cybersecurity, and the precise extent of discussions and proposed initiatives is difficult to ascertain.
Creating a regional hub of cybersecurity professionals
Congruent with ASEAN’s aims to develop a workforce with high-level ICT proficiency, member states should develop a pool of cybersecurity professionals to effectively respond to regional and international cybersecurity challenges. This could be achieved through a range of approaches and programmes including ASEAN cybersecurity scholarships (like those proposed under the Mactan Cebu Declaration and AIM2015 for the creation of an ASEAN ICT Scholarship programme to attract ICT talent); education on cybersecurity issues at the earliest possible age as well as incorporation in school curricula; the further development of “ASEAN Cyberkids Camp”; and initiatives to encourage and attract talent to choose ICT as a career.
Innovative initiatives like CoderDojo could also be considered by ASEAN member states as a novel way to attract young talent for the purposes of regional cybersecurity. CoderDojo is a cost effective and largely community-driven global movement sweeping across Europe and the United States with more than 15,000 children learning to write software in more than 35 countries. Currently, there is one CoderDojo in the ASEAN region (CoderDojo Bandung, Indonesia), five in India and eight in Japan. It runs free not-for-profit coding clubs in local communities and regular sessions for young people to learn how to code and develop websites, apps, and programs in a fun environment.
In China for instance, one out of three school children already want to be a “hacker” when they grow up – hackers are the new cool, the new rock star. To attract such young talent, “Dojos” also organise tours of technology companies and introduce guest speakers to talk about their careers. Its focus on young girls and women in technology at DojoCon2013 in April this year is particularly noteworthy for the ASEAN region.
ICT experts and innovators
AIM2015 calls for the establishment of a database of ICT experts and innovators within ASEAN, which could be harnessed for cybersecurity professionals. Furthermore, accrediting IT and cybersecurity professionals with a regionally-recognised certification should also be considered to allow for regional cohesiveness. As it stands, ASEAN has completed eight Mutual Recognition Arrangements (MRAs) to facilitate the free movement of skilled labour in the region, albeit to varying degrees of cooperation in recognition of qualifications. However, of the eight professional groups listed, computer scientists and IT professionals are not listed (although engineering services are included).
It is also worth considering the European Commission’s recent proposal under the February 2013 Cybersecurity Strategy of the European Union of a roadmap for a “Network and Information Security Driving Licence”. If implemented, this would be a voluntary certification programme to promote enhanced skills and competence of IT professionals. Furthermore, the Commission plans to organise with the support of the European Network and Information Security Agency (ENISA) in 2014, a “cybersecurity championship” where university students across the region will compete in proposing network and information security solutions.
Finally, to stimulate a culture of security and data privacy by design, the Commission recommends the introduction of training on network and information security, secure software development, and personal data protection for computer science students.
Fostering a “win-win solution”
Such measures will further increase the attractiveness of ASEAN for foreign direct investment and enhance the region’s competitiveness. ICT is regarded as a growth sector for the region, employing nearly 12 million people and contributing more than USD32 billion to ASEAN’s GDP, with figures expected to increase by 2015.
These initiatives will also address the development divide, help alleviate poverty, and create employment opportunities in line with the social development goals of the ASEAN Community and the Millennium Development Goals of the United Nations.
While there is no one-size-fits-all approach for this developing area, it is in the common interests of ASEAN states – and the wider international community – to adopt such regional initiatives for cybersecurity to tackle cross-border cyber threats. The current lack of region-wide cohesiveness and a comprehensive framework is detrimental not just to the realisation of the ASEAN Economic Community but also to the overall security of the ASEAN region.
Significantly, it will also impede current and future international cooperation efforts on cybersecurity that are required to deal effectively with the cross-border nature of cyber incidents.
About the Author
Caitríona H. Heinl is a Research Fellow at the Centre of Excellence for National Security (CENS), a constituent unit of the S. Rajaratnam School of International Studies (RSIS), Nanyang Technological University.
Synopsis
In line with the region’s aim to establish an ASEAN Community by 2015, the ASEAN ICT Masterplan envisions the creation of a global ICT hub. A cohesive and comprehensive effort to tackle cybersecurity issues is a prerequisite for an ASEAN Community and is in the shared interests of ASEAN member states.
Commentary
THE ASEAN ICT Masterplan 2015 (AIM2015) envisions creating a global Information and Communications Technology (ICT) hub. The grouping’s ambition is to distinguish itself as a region of high quality ICT infrastructure, skilled manpower and technological innovation.
In support of these plans, member states should spur the creation of a cybersecurity hub of excellence in the region as part of a wider comprehensive cybersecurity strategy.
Lack of region-wide cohesiveness
National and regional moves to adopt comprehensive cybersecurity strategies have been somewhat slow and fragmented across the globe. To date, ASEAN’s efforts to adopt a comprehensive regional framework for cybsersecurity are equally piecemeal.
This lack of region-wide cohesiveness does not help the region’s security and impairs the ASEAN Economic Community Blueprint to become a single market and production base, a highly competitive economic region, and one that is fully integrated into the global economy. Indeed, an ASEAN-wide comprehensive cybersecurity framework has yet to be developed, official public documents are vague, the 2013 schedule for ASEAN official meetings does not include cybersecurity, and the precise extent of discussions and proposed initiatives is difficult to ascertain.
Creating a regional hub of cybersecurity professionals
Congruent with ASEAN’s aims to develop a workforce with high-level ICT proficiency, member states should develop a pool of cybersecurity professionals to effectively respond to regional and international cybersecurity challenges. This could be achieved through a range of approaches and programmes including ASEAN cybersecurity scholarships (like those proposed under the Mactan Cebu Declaration and AIM2015 for the creation of an ASEAN ICT Scholarship programme to attract ICT talent); education on cybersecurity issues at the earliest possible age as well as incorporation in school curricula; the further development of “ASEAN Cyberkids Camp”; and initiatives to encourage and attract talent to choose ICT as a career.
Innovative initiatives like CoderDojo could also be considered by ASEAN member states as a novel way to attract young talent for the purposes of regional cybersecurity. CoderDojo is a cost effective and largely community-driven global movement sweeping across Europe and the United States with more than 15,000 children learning to write software in more than 35 countries. Currently, there is one CoderDojo in the ASEAN region (CoderDojo Bandung, Indonesia), five in India and eight in Japan. It runs free not-for-profit coding clubs in local communities and regular sessions for young people to learn how to code and develop websites, apps, and programs in a fun environment.
In China for instance, one out of three school children already want to be a “hacker” when they grow up – hackers are the new cool, the new rock star. To attract such young talent, “Dojos” also organise tours of technology companies and introduce guest speakers to talk about their careers. Its focus on young girls and women in technology at DojoCon2013 in April this year is particularly noteworthy for the ASEAN region.
ICT experts and innovators
AIM2015 calls for the establishment of a database of ICT experts and innovators within ASEAN, which could be harnessed for cybersecurity professionals. Furthermore, accrediting IT and cybersecurity professionals with a regionally-recognised certification should also be considered to allow for regional cohesiveness. As it stands, ASEAN has completed eight Mutual Recognition Arrangements (MRAs) to facilitate the free movement of skilled labour in the region, albeit to varying degrees of cooperation in recognition of qualifications. However, of the eight professional groups listed, computer scientists and IT professionals are not listed (although engineering services are included).
It is also worth considering the European Commission’s recent proposal under the February 2013 Cybersecurity Strategy of the European Union of a roadmap for a “Network and Information Security Driving Licence”. If implemented, this would be a voluntary certification programme to promote enhanced skills and competence of IT professionals. Furthermore, the Commission plans to organise with the support of the European Network and Information Security Agency (ENISA) in 2014, a “cybersecurity championship” where university students across the region will compete in proposing network and information security solutions.
Finally, to stimulate a culture of security and data privacy by design, the Commission recommends the introduction of training on network and information security, secure software development, and personal data protection for computer science students.
Fostering a “win-win solution”
Such measures will further increase the attractiveness of ASEAN for foreign direct investment and enhance the region’s competitiveness. ICT is regarded as a growth sector for the region, employing nearly 12 million people and contributing more than USD32 billion to ASEAN’s GDP, with figures expected to increase by 2015.
These initiatives will also address the development divide, help alleviate poverty, and create employment opportunities in line with the social development goals of the ASEAN Community and the Millennium Development Goals of the United Nations.
While there is no one-size-fits-all approach for this developing area, it is in the common interests of ASEAN states – and the wider international community – to adopt such regional initiatives for cybersecurity to tackle cross-border cyber threats. The current lack of region-wide cohesiveness and a comprehensive framework is detrimental not just to the realisation of the ASEAN Economic Community but also to the overall security of the ASEAN region.
Significantly, it will also impede current and future international cooperation efforts on cybersecurity that are required to deal effectively with the cross-border nature of cyber incidents.
About the Author
Caitríona H. Heinl is a Research Fellow at the Centre of Excellence for National Security (CENS), a constituent unit of the S. Rajaratnam School of International Studies (RSIS), Nanyang Technological University.
