Association of Southeast Asian Nations (ASEAN)
Last Updated: September 2020

Relevant Strategy Documents, Other Documents, and Communications.

Strategy Documents

Official documents of the intergovernmental organization designed to outline the policy plans, priorities, and principles in cybersecurity and cybersecurity-related matters.

ASEAN ICT Masterplan 2020
ASEAN Secretariat

Eight strategic thrusts, initiatives and action points:

  1. Economic Development and Transformation;
  2. People Integration and Empowerment through ICT;
  3. Innovation;
  4. ICT Infrastructure Development;
  5. Human Capital Development;
  6. ICT in the ASEAN Single Market;
  7. New Media and Content;
  8. Information Security and Assurance.
November 2015
ASEAN Regional Forum (ARF)
  • Purpose: to promote a peaceful, secure, open and cooperative ICT environment and to prevent conflict and crises by developing trust and confidence between states in the ARF region, and by capacity building
  • Objectives:
    • to promote transparency and develop confidence building measures to enhance the understanding of ARF Participating Countries in the ICT environment with a view to reducing the risk of misperception, miscalculation and escalation of tension leading to conflict;
    • to raise awareness on threats related to the security of and in the use of ICTs
    • enhance practical cooperation between ARF Participating Countries to protect ICT-enabled critical infrastructure with the view to also developing resilient government ICT environments; and
    • to improve cooperation including develop regional capacity to respond to criminal and terrorist use of ICTs through improved coordination and coordinated response
  • Activities:
    • To establish an open ended Study Group on Confidence Building Measures to reduce the risk of conflict stemming from the use of ICTs; the Study Group will comprise ARF Members
    • To conduct workshops and seminars for ARF Participating Countries 
6 August 2015
Other Documents

Guideline documents that lay out common approaches, frameworks, best practices etc. pertaining to cyber policy.

ASEAN Framework on Digital Data Governance
The 18th ASEAN Telecommunications and Information Technology Ministers Meeting
  • Sets out the strategic priorities, principles and initiatives to guide ASEAN Member States in policy and regulatory approaches towards digital data governance in the digital economy
  • Identifies four strategic priorities of digital data governance that support the ASEAN digital economy
    • Data Life Cycle and Ecosystem
    • Cross Border Data Flows
    • Digitalisation and Emerging Technologies; and
    • Legal, Regulatory and Policy
  • Identifies four initiatives that can be undertaken in support of the four strategic priorities
    • ASEAN Data Classification Framework
    • ASEAN Cross Border Data Flows Mechanism
    • ASEAN Digital Innovation Forum; and
    • ASEAN Data Protection and Privacy Forum
  • The Principle on data security establishes the need to safeguard data, and any storage centres the data sits within, as well as the systems and platforms that handle the data
6 December 2018
(in progress) Japan-ASEAN Cybersecurity Policy Handbook
Agreement to compile the Handbook as a project celebrating the tenth anniversary of the inauguration of the ASEAN-Japan Information Security Policy Meeting.
October 2017
ASEAN Framework on Personal Data Protection
Telecommunications and Information Technology Ministers
  • Objective: to strengthen the protection of personal data in ASEAN and to facilitate cooperation among the Participants, with a view to contribute to the promotion and growth of regional and global trade and the flow of information
  • Principles of Data Protection encompass: 
    • Consent, Notification and Purpose
    • Accuracy of Personal Data
    • Security Safeguards
    • Access and Correction
    • Transfers to Another Country or Territory
    • Retention
    • Accountability
  • Participants' joint activities to strengthen cooperation and collaboration in the area of personal data protection may include:
    • Information sharing and exchange
    • Workshop, seminar or other capacity building activity; and
    • Joint research in areas of mutual interest
26 November 2016
CIIP Guidelines, 9th ASEAN-Japan Information Security Policy Meeting
• Acknowledgment of new common guidelines concerning protection of critical information infrastructures;
• Revision of the 2015 guidelines
20 October 2016

Statements distributed by organizations and/or organizational agencies outlining positions, commitments, action plans, obligations etc. in the area of cyber policy.

ASEAN Leaders’ Statement on Cybersecurity Cooperation
Heads of State/Government

Recommits to cooperation and tasks relevant Ministers from all ASEAN Member States to closely consider and submit recommendations on feasible options of coordinating cybersecurity policy, diplomacy, cooperation, technical and capacity building efforts

27 April 2018
ASEAN Declaration to Prevent and Combat Cybercrime
Heads of State/Government

Outlines measures to prevent and combat cybercrime:

• Acknowledge the importance of harmonization of laws related to cybercrime and electronic evidence;

• Encourage ASEAN Member States to explore the feasibility of acceding to existing regional and international instruments in combating cybercrime;

• Encourage the development of national plans of actions in addressing cybercrimes

14 November 2017
ARF Statement by the Ministers of Foreign Affairs on Cooperation in Ensuring Cyber Security
ASEAN Regional Forum

ARF reiterates the need to further intensify regional cooperation on security in the use of ICTs

12 July 2012

Relevant Specialized Agencies and Key Positions.

Specialized Agencies

The official nodal agencies within the organization established or proposed to be established and designated with responsibilities for supporting processes related to cyber policy matters.

(proposed) Creation of National Security Operations Centres (SOC)
ASEAN Chief Information Officer Association

• Council composed of representatives from each country

• Provide the platform for horizontal exchange of information on threat surveillance at the governmental and industrial levels and facilitate regional research into security solutions leveraging technology and best-practices


Regulations and Directives.


Relevant Meetings, Activities, and External Cooperation.


Conferences and dialogues related to cyber policy matters carried out by the regional, sub-regional or multilateral organization.

ASEAN Regional Forum Inter-Sessional Meetings on Security of and in the Use of Information and Communication Technologies (ARF ISMs On ICTs Security)
ASEAN Regional Forum (ARF)
  • 1st Meeting was held in Kuala Lumpur on 25-26 April 2018
    • The Meeting took note of the following proposed initiatives on CBMs:
      1. Establishment of ARF Points of Contact (POC) Directory on Security of and in the Use of ICTs 
      2. Sharing of Information on National Laws, Policies, Best Practices and Strategies as well as Rules and Regulations 
      3. Protection of Critical Infrastructures and Consultations Mechanism
      4. Awareness-Raising and Information Sharing on Emergency Responses to Security Incidents in the Use of ICTs
      5. ARF Workshop on Principles of Building Security of and in the Use of ICTs in the National Context
    • The Meeting took note of the proposed activities mapped into priority areas:
      1. Establishment of Coordination Mechanism within the ARF
      2. Awareness Building and Exchange of Best Practices
      3. Computer Emergency Response Team (CERT)-CERT Cooperation Frameworks
      4. Critical Information Infrastructure Protection Frameworks and Mechanisms
      5. Combating Criminal and Terrorist Use of ICTs


  • 2nd Meeting was held in Singapore on 28-29 March 2019; the ARF Participants:
    • Discussed possible CBMs, and confirmed that those achievements would be reported to the ARF Inter-Sessional Support Group (ISG)
    • Shared and exchanged views on their regional efforts in cyber security
    • Exchanged their perspectives on the role of ARF in collaboration with the United Nations Group of Governmental Experts (GGE) to convene regional consultations in advance of its sessions
25-26 April 2018 (1st Meeting); 28-29 March 2019 (2nd Meeting)
ASEAN-Japan Cybercrime Dialogue (series)

Series of meetings:

  • The Inaugural ASEAN-Japan Cybercrime Dialogue: held in Singapore on 28 March 2014 to discuss ASEAN-Japan cooperation on cybercrime, such as promotion of information-sharing on trends and lessons learned to combat cybercrime
  • The 2nd ASEAN – Japan Cybercrime Dialogue​: held in Kuala Lumpur, Malaysia on 1-2 March 2017 to confirm the importance of the Budapest Convention with the countries of ASEAN, and discuss ASEAN-Japan cooperation on cybercrime
  • The 3rd ASEAN – Japan Cybercrime Dialogue: held in Bandar Seri Begawan, Brunei Darussalam on 23 - 24 January 2019 to confirm the importance of the Budapest Convention with ASEAN Member States, to exchange information on trends and lessons learned to combat cybercrime, and to discuss ASEAN-Japan cooperation on cybercrime
28 March 2014 (the Inaugural Dialogue); 1-2 March 2017 (2nd Dialogue); 23 - 24 January 2019 (3rd Dialogue)
ASEAN Cyber Norms Workshop

• Recognised the importance of having norms of responsible state behavious for cyberspace;

• Agreed on the need for capacity building initiatives to support these norms.

May 2017
ASEAN Ministerial Conference on Cybersecurity, Third Edition
Attended by Ministers and Senior Officials responsible for Cybersecurity and Information and Communications Technology (ICT) from all 10 ASEAN Member States
19 September 2018
ASEAN Cyber Risk Reduction Workshop
November 2017 (announced)
ASEAN-Japan Information Security Policy Meetings (10th edition), to be renamed to the Japan-ASEAN Cybersecurity Policy Meeting
Agreed on future efforts, including: continuing ongoing joint awareness-raising activities, inter-governmental exercises for an information liaison system, discussion for fortifying a collaboration and cooperation framework to further promote information sharing on a regular basis, and sharing advanced and leading efforts for the protection of critical information infrastructures
10-11 October 2017
ASEAN Telecommunications and Information Technology Ministers Meeting (TELMIN), 16th edition (Bandar Seri Begawan, Brunei Darussalam)

• Adopted the Framework on Personal Data Protection;

• Welcomed the progress made in the first year of implementation of the ASEAN ICT Masterplan 2020.

25-26 November 2016
Symposium: ASEAN Cyber Security and Cyber Crime Center: Possibility and Way Forward (Bangkok)
Focus on exploring the possiblity to establish a Cyber Security and Cybercrime Center serving the 10 countries of the ASEAN region
14-16 September 2016
Seminar on Confidence Building Measures in Cyberspace (Seoul)
ASEAN Regional Forum
Four sessions:
  1. Identification of Existing and Potential Threats in Cyberspace,
  2. Confidence-Building Measures in Cyberspace,
  3. Norms of Acceptable Behavior in Cyberspace,
  4. Capacity-Building Measures in Cyberspace.
11-12 September 2012
Cyber Incident Response Workshop (Singapore)
ASEAN Regional Forum
Four objectives:
  1. Develop an understanding of the domestic arrangements of each participant, including the equivalency of offences and law enforcement powers and procedures,
  2. Understand and explore how to communicate and share information in the event of an incident,
  3. Identify models of best practise within the region, and
  4. Prioritise capacity building activities for those participants with less mature frameworks and mechanisms.
6-7 September 2012
Workshop on Proxy Actors in Cyberspace (Hoi An City, Quang Nam Province, Viet Nam)
ASEAN Regional Forum
Workshop on proxy actors in cyberspace, including sessions on their threat, the legal frameworks, strategies and the way forward.
14-15 March 2012

Joint exercises, training programs, and other initiatives related to cyber policy matters undertaken by the organization.

ASEAN-Singapore Cybersecurity Centre of Excellence
  • Aimed to serve as thinktank and training centre, CERT center, and cyber range training centre
  • Extension of the ASEAN Cyber Capacity Programme
  • To be launched in October 2019



September 2018 (announced)
ASEAN-Japan Cybersecurity Capacity Building Centre
Hosted in Thailand, will teach courses to prepare cybersecurity workforce in ASEAN for the rising threats of cyber-attacks
June 2018
ASEAN-Japan Information Security Drill
Hosted in Vietnam, involving three levels: the international coordination agency, the national coordination agency and the core units
May 2018
ASEAN CERT Incident Drill (ACID), 12th edition (Hanoi)
Aims to test and enhance incident response as well as broader cooperation and coordination among ASEAN CERTS as well as some of their key dialogue partners.
September 2017
ASEAN Cyber Capacity Programme (ACCP)
  • Goal: to build cyber capacity in ASEAN Member States
  • Objectives:
    • to enhance regional ability to respond to the evolving cyber threat landscape and to build a secure and resilient ASEAN cyberspace
    • to develop technical, policy and strategy-building capabilities within ASEAN Member States
  • Focus areas: cyber policy, legislation, strategy development as well as incident response
  • Events under the Programme to include workshops, seminars and conferences, which will be organised in collaboration with ASEAN Members
  • Target audience: ASEAN policy officials, diplomats, prosecutors as well as technical operators and analysts
  • Provided with funding of SGD10 million, to be utilised over five years (2017-2021)
April 2017
ASEAN Cyber University Project
Aims to expand opportunities of higher education in ASEAN and strengthen the relationships between ROK and ASEAN.
External Cooperation

Legally binding and non-legally binding agreement(s) and initiatives related to cyber policy matters undertaken by the organization with non-member States and other organizations.

Heads of State / Government of the Member States of the Association of Southeast Asian Nations
  • Commit to broadening and deepening cooperation to promote an open, interoperable, reliable and secure ICT environment 
  • Reaffirm UNGA resolution 71/28 and its call for all States to be guided in their use of ICTs by the 2015 Report of the UNGGE
  • Reaffirm the applicability of international law, and in particular the UN Charter to maintaining peace and stability and promoting an open, secure, stable, accessible and peaceful ICT environment
  • Commit to increase efforts in implementing practical confidence-building measures to reduce the risk of misperception and escalation, including through the ARF ISM on ICTs Security
  • Commit to promote certain voluntary, non-binding norms of responsible State behaviour in cyber space in peacetime, taking reference from the 2015 UN GGE Report
  • Etc. 
15 November 2018
INTERPOL-led cybercrime operation across ASEAN
Identification of nearly 9,000 Command and Control (C2) servers and hundreds of compromised websites, including government portals. Information provided by the private sector combined with cyber issues flagged by the participating countries
Japan's International Campaign for Information Security
Cybersecurity awareness raising activities in cooperation with ASEAN member states

This interactive map is for illustration purposes only. The boundaries and designations shown do not imply official endorsement by the UNIDIR. For a more accurate and up-to-date world map, please consult the UN Geospatial Information Section website.