Securing Asean’s cyber domain

The Naypyidaw Declaration on the Asean Community’s Post-2015 Vision positions Asean as a rules-based and resilient community that is capable of upholding its centrality in the evolving regional architecture.

By Elina Noor – 25 November 2014 @ 8:14 AM

THE Naypyidaw Declaration on the Asean Community’s Post-2015 Vision positions Asean as a rules-based and resilient community that is capable of upholding its centrality in the evolving regional architecture.

Equally, an Asean in the years to come should preserve its continued relevance by contributing and responding to global issues of common concern.

Ensuring that the region remains free of weapons of mass destruction is one way of achieving this vision. So, too, is strengthening maritime security and cooperation.

But, where Asean can really start to make a difference, to be proactive, to lead in partnership and to boldly underscore its bearing, is in the emergent area of strategic cybersecurity.

As a developing region, Southeast Asia has the most advanced implementation of harmonised e-commerce laws.

Nine of the 10 Asean countries have laws related to electronic transactions, while eight have those concerned with cybercrime. All but one have a national cybersecurity programme.

This is, perhaps, of little surprise, given that economic prosperity (and the regulatory framework to secure that) as the basis for peace and security has been an Asean priority from the beginning.

Since the World Trade Centre attacks in the United States, as well, issues of terrorism related to cyberspace and cybercrime have featured in numerous Asean declarations and communiques.

This growing recognition of the urgency to secure cyberspace has permeated discussions in the Asean Regional Forum with tentative initiatives, such as a work plan aimed at promoting confidence-building measures.

Where discussion has lagged in the Asean framework has been how state interactions with each other and non-state actors should be governed in cyberspace.

Specifically, and, rather shockingly, for a grouping of relatively and mostly small states with a constellation of powerful dialogue partners, there has been little consideration about the role and applicability of international law in the conduct of relations in the virtual realm. ‎

A region that aspires to connectivity must underwrite its own security. This goes beyond technical resilience — crucial in ‎its own right — to a framing set of cross-border laws and principles that will guide state conduct online, as well as offline. A conversation about rules must be had by a community to be based on rules.

It is not just diplomats who should be talking, however. The duality of cyberspace means that the usual parameters that define civilian and military spaces are mutable.

How should militaries in the region be guided in cyberspace, when infrastructure, network grids and software are shared with the civilian world? What rules of engagement apply if cyber or other operations are warranted?

As such, militaries should also be talking with each other to clarify intentions, promote some predictability of conduct and advance interoperability in cyberspace.

‎The Asean Defence Ministers Meeting does not yet discuss cybersecurity as a separate working group. It would do well to do so.

It would do better to explore the matter with its dialogue partners, many of which have superior cyber technologies and much to share.

Even accounting for the inevitable natural security sensitivities in this new domain, there is plenty of scope at this stage for doctrinal development, technical exchanges and joint exercises.

At the very least, militaries in the region should be establishing rules of engagement in cyberspace in accordance with prevailing international law.

The irony is that even as the East is rising, the sun appears to still be shining in the West, at least in cyberspace.

Asean cannot afford a security lag or lapse in this space, especially not when the digital domain — a recognised force leveller — is supposed to leapfrog the region’s development. To capitalise on technology, even the smallest and least developed member state must be an active and participatory stakeholder, if not in capability, then at least in voice.

As geopolitical dynamics evolve and states jostle with each other for power and dominance online, it will be absolutely in this region’s interest to shape and advocate a ‎cyber domain based on an international legal framework.

‎As chair of Asean next year, Malaysia should lead this charge and set the tone for, and in line with, the Community’s Post-2015 Vision.

SOURCE www.nst.com.my

Byadmin