Relevant Strategy Documents, Other Documents, and Communications.
Official documents of the intergovernmental organization designed to outline the policy plans, priorities, and principles in cybersecurity and cybersecurity-related matters.
Eight strategic thrusts, initiatives and action points:
- Economic Development and Transformation;
- People Integration and Empowerment through ICT;
- ICT Infrastructure Development;
- Human Capital Development;
- ICT in the ASEAN Single Market;
- New Media and Content;
- Information Security and Assurance.
- Purpose: to promote a peaceful, secure, open and cooperative ICT environment and to prevent conflict and crises by developing trust and confidence between states in the ARF region, and by capacity building
- to promote transparency and develop confidence building measures to enhance the understanding of ARF Participating Countries in the ICT environment with a view to reducing the risk of misperception, miscalculation and escalation of tension leading to conflict;
- to raise awareness on threats related to the security of and in the use of ICTs
- enhance practical cooperation between ARF Participating Countries to protect ICT-enabled critical infrastructure with the view to also developing resilient government ICT environments; and
- to improve cooperation including develop regional capacity to respond to criminal and terrorist use of ICTs through improved coordination and coordinated response
- To establish an open ended Study Group on Confidence Building Measures to reduce the risk of conflict stemming from the use of ICTs; the Study Group will comprise ARF Members
- To conduct workshops and seminars for ARF Participating Countries
Guideline documents that lay out common approaches, frameworks, best practices etc. pertaining to cyber policy.
- Sets out the strategic priorities, principles and initiatives to guide ASEAN Member States in policy and regulatory approaches towards digital data governance in the digital economy
- Identifies four strategic priorities of digital data governance that support the ASEAN digital economy
- Data Life Cycle and Ecosystem
- Cross Border Data Flows
- Digitalisation and Emerging Technologies; and
- Legal, Regulatory and Policy
- Identifies four initiatives that can be undertaken in support of the four strategic priorities
- ASEAN Data Classification Framework
- ASEAN Cross Border Data Flows Mechanism
- ASEAN Digital Innovation Forum; and
- ASEAN Data Protection and Privacy Forum
- The Principle on data security establishes the need to safeguard data, and any storage centres the data sits within, as well as the systems and platforms that handle the data
- Objective: to strengthen the protection of personal data in ASEAN and to facilitate cooperation among the Participants, with a view to contribute to the promotion and growth of regional and global trade and the flow of information
- Principles of Data Protection encompass:
- Consent, Notification and Purpose
- Accuracy of Personal Data
- Security Safeguards
- Access and Correction
- Transfers to Another Country or Territory
- Participants' joint activities to strengthen cooperation and collaboration in the area of personal data protection may include:
- Information sharing and exchange
- Workshop, seminar or other capacity building activity; and
- Joint research in areas of mutual interest
Statements distributed by organizations and/or organizational agencies outlining positions, commitments, action plans, obligations etc. in the area of cyber policy.
Recommits to cooperation and tasks relevant Ministers from all ASEAN Member States to closely consider and submit recommendations on feasible options of coordinating cybersecurity policy, diplomacy, cooperation, technical and capacity building efforts
Outlines measures to prevent and combat cybercrime:
• Acknowledge the importance of harmonization of laws related to cybercrime and electronic evidence;
• Encourage ASEAN Member States to explore the feasibility of acceding to existing regional and international instruments in combating cybercrime;
• Encourage the development of national plans of actions in addressing cybercrimes
ARF reiterates the need to further intensify regional cooperation on security in the use of ICTs
Relevant Specialized Agencies and Key Positions.
The official nodal agencies within the organization established or proposed to be established and designated with responsibilities for supporting processes related to cyber policy matters.
• Council composed of representatives from each country
• Provide the platform for horizontal exchange of information on threat surveillance at the governmental and industrial levels and facilitate regional research into security solutions leveraging technology and best-practices
Regulations and Directives.
Relevant Meetings, Activities, and External Cooperation.
Conferences and dialogues related to cyber policy matters carried out by the regional, sub-regional or multilateral organization.
- 1st Meeting was held in Kuala Lumpur on 25-26 April 2018
- The Meeting took note of the following proposed initiatives on CBMs:
- Establishment of ARF Points of Contact (POC) Directory on Security of and in the Use of ICTs
- Sharing of Information on National Laws, Policies, Best Practices and Strategies as well as Rules and Regulations
- Protection of Critical Infrastructures and Consultations Mechanism
- Awareness-Raising and Information Sharing on Emergency Responses to Security Incidents in the Use of ICTs
- ARF Workshop on Principles of Building Security of and in the Use of ICTs in the National Context
- The Meeting took note of the proposed activities mapped into priority areas:
- Establishment of Coordination Mechanism within the ARF
- Awareness Building and Exchange of Best Practices
- Computer Emergency Response Team (CERT)-CERT Cooperation Frameworks
- Critical Information Infrastructure Protection Frameworks and Mechanisms
- Combating Criminal and Terrorist Use of ICTs
- The Meeting took note of the following proposed initiatives on CBMs:
- 2nd Meeting was held in Singapore on 28-29 March 2019; the ARF Participants:
- Discussed possible CBMs, and confirmed that those achievements would be reported to the ARF Inter-Sessional Support Group (ISG)
- Shared and exchanged views on their regional efforts in cyber security
- Exchanged their perspectives on the role of ARF in collaboration with the United Nations Group of Governmental Experts (GGE) to convene regional consultations in advance of its sessions
Series of meetings:
- The Inaugural ASEAN-Japan Cybercrime Dialogue: held in Singapore on 28 March 2014 to discuss ASEAN-Japan cooperation on cybercrime, such as promotion of information-sharing on trends and lessons learned to combat cybercrime
- The 2nd ASEAN – Japan Cybercrime Dialogue: held in Kuala Lumpur, Malaysia on 1-2 March 2017 to confirm the importance of the Budapest Convention with the countries of ASEAN, and discuss ASEAN-Japan cooperation on cybercrime
- The 3rd ASEAN – Japan Cybercrime Dialogue: held in Bandar Seri Begawan, Brunei Darussalam on 23 - 24 January 2019 to confirm the importance of the Budapest Convention with ASEAN Member States, to exchange information on trends and lessons learned to combat cybercrime, and to discuss ASEAN-Japan cooperation on cybercrime
• Recognised the importance of having norms of responsible state behavious for cyberspace;
• Agreed on the need for capacity building initiatives to support these norms.
• Adopted the Framework on Personal Data Protection;
• Welcomed the progress made in the first year of implementation of the ASEAN ICT Masterplan 2020.
- Identification of Existing and Potential Threats in Cyberspace,
- Confidence-Building Measures in Cyberspace,
- Norms of Acceptable Behavior in Cyberspace,
- Capacity-Building Measures in Cyberspace.
- Develop an understanding of the domestic arrangements of each participant, including the equivalency of offences and law enforcement powers and procedures,
- Understand and explore how to communicate and share information in the event of an incident,
- Identify models of best practise within the region, and
- Prioritise capacity building activities for those participants with less mature frameworks and mechanisms.
Joint exercises, training programs, and other initiatives related to cyber policy matters undertaken by the organization.
- Aimed to serve as thinktank and training centre, CERT center, and cyber range training centre
- Extension of the ASEAN Cyber Capacity Programme
- To be launched in October 2019
- Goal: to build cyber capacity in ASEAN Member States
- to enhance regional ability to respond to the evolving cyber threat landscape and to build a secure and resilient ASEAN cyberspace
- to develop technical, policy and strategy-building capabilities within ASEAN Member States
- Focus areas: cyber policy, legislation, strategy development as well as incident response
- Events under the Programme to include workshops, seminars and conferences, which will be organised in collaboration with ASEAN Members
- Target audience: ASEAN policy officials, diplomats, prosecutors as well as technical operators and analysts
- Provided with funding of SGD10 million, to be utilised over five years (2017-2021)
Legally binding and non-legally binding agreement(s) and initiatives related to cyber policy matters undertaken by the organization with non-member States and other organizations.
- Commit to broadening and deepening cooperation to promote an open, interoperable, reliable and secure ICT environment
- Reaffirm UNGA resolution 71/28 and its call for all States to be guided in their use of ICTs by the 2015 Report of the UNGGE
- Reaffirm the applicability of international law, and in particular the UN Charter to maintaining peace and stability and promoting an open, secure, stable, accessible and peaceful ICT environment
- Commit to increase efforts in implementing practical confidence-building measures to reduce the risk of misperception and escalation, including through the ARF ISM on ICTs Security
- Commit to promote certain voluntary, non-binding norms of responsible State behaviour in cyber space in peacetime, taking reference from the 2015 UN GGE Report