With projections of closing out at $1 to $2 trillion by the end of the present decade and making up about a third of total regional GDP, ASEAN’s rapid digital economy growth is poised to put it at the center of global conversations about cyber rights and regulations in the very near future. These bright digital prospects are hampered by “trust gaps” in multiple areas, however, from consumer confidence in government and tech firm safeguards to vital small-to-medium business investment not viewing the region as a viable opportunity as compared to the existing Pacific heavyweight economies.
Singapore’s Senior Minister and Coordinating Minister for National Security, Teo Chee Hean, went directly at this trust issue with his opening address for 2023’s Singapore International Cyber Week (SICW) summit. Mr Teo outlined some of the major areas in which these trust gaps exist: between states, between the tech industry and government regulators, and between the general public and essentially every major player in the field.
Though the term was not used, Mr Teo’s comments broadly reflect the growing prospect of a more multipolar world with substantial pockets of isolationist tendencies. This is to the direct detriment of a number of current international projects, among them the development of rules and norms for cyberspace and cooperation in taking down cross-border cyber criminal groups. Big tech firms are also a part of this dynamic, sometimes making decisions to de-emphasize information and content from particular regions or block them entirely.
For its part, Singapore’s government used the SICW opportunity to roll out several initiatives designed to address at least some of these “trust gap” areas. The central theme of these is empowering businesses of all sizes, but particularly those reliant on cloud services and susceptible to ransomware attacks, to take cyber security improvements into their own hands. The government is making a more direct intervention with the new Internet Hygiene Rating (IHR) proposal, a program for IT companies that specialize in website and email management. A published table will essentially serve as a recommendation for those providers that have particularly good security hygiene.
Josephine Teo, Singapore’s Minister for Communications and Information, directly addressed the growth of ASEAN’s digital economy and the critical role of cybersecurity in supporting it. Mrs Teo reiterated the importance of the near-term establishment of a rules-based international order by which cyberspace can be governed, and suggested that regional cooperation and promotion of resilience was a critical first step.
While ASEAN members still have a great degree of variance in their data protection and digital rights laws, cooperation under various joint cybersecurity initiatives was characterized as going well. Mrs Teo suggested three steps for improving these efforts: improved information sharing and coordinated cyber response plans, a regional “Internet of Things” device security standard similar to Singapore’s Cybersecurity Labelling Scheme, and regional capacity-building efforts. ASEAN has already staked out a pioneer role in establishing more far-reaching international norms for cyberspace, being the first association of nations to commit in principle to the voluntary norms proposed by the UN’s Group of Governmental Experts in 2018.
Each member of ASEAN will have to similarly establish its own path in addressing its issues. Ongoing negotiations over the proposed Digital Economy Framework Agreement (DEFA) will likely play into this; the first meeting is set to take place sometime toward the end of the year, with annual follow-up meetings in 2024 and 2025. Japan has also recently pledged to work with ASEAN nations on cybersecurity issues, primarily in the interest of limiting China’s influence and attack capability.