1.
Adopted Norms
Support development of cyber
norms, referring to 2015
UNGGE
Propose
mechanism
Singapore would propose
a mechanism to enhance
ASEAN cyber coordination
Agree to move
Agreed to move forward
on a formal cybersecurity
coordination mechanism
Checklist
Singapore + United
Nations to draw up a
checklist of steps to
implement cyber norms
Design by PresentationGo

2.
4
Capacity building for international cyber norms in southeast asia

3.
NO.
NORMS ACTION PLANS
ACTION ITEMS/
ACTIVITIES
EXISTING ASEAN-
RELATED
DOCUMENTS/
INITIATIVES
CHALLENGES
CAPACITIES
REQUIRED
TIME FRAME
LEAD ASEAN
COUNTRY
INTERESTED
PARTNERS
(state,
organisation
etc.)
(a) (b) (c) (d) (e) (f) (g) (h) (i)
1. Cooperate in
developing and
applying measures
to increase stability
and security in the
use of ICTs and to
prevent ICT
practices that are
acknowledged to be
harmful or that
may pose threats to
international peace
and security.
Example:
Active
participation in
regional and
international
fora in security
in the use of
ICTs.
Example:
Conduct training
and exercises
concerning the
security in the
use of ICTs
among AMS.
Encourage
bilateral
agreements
/MoUs on ICTs
security among
AMS.
Example:
Annual ASEAN-
Japan Table Top
Exercise
ARF Work Plan on
Security of and in
the use of ICTs
ASEAN Charter
Treaty of Amity
and Cooperation
Example:
Funding
Expertise to
develop the
scenario.
Identifying
partners.
Different level
of capabilities
between
states.
Example:
Fund to host the
training
Fund to fund
participants
Expert trainers
Equivalent
legislations,
infrastructure
and expertise

4.
No.
Supports
Norms
Initiative Area Outcome
Existing ASEAN
Initiatives
Sectoral Bodies (Lead
Country)
1. 1 Policy-level table-top
simulation exercise on cyber
incident responses.
Awareness of situations
where cyber-incidents can
lead to international
conflicts is improved.
Output:
ASEAN table-top
simulation exercises on
responding to cyberattacks.
 ARF table-top exercise
on cybersecurity
incidents.
 ADMM Plus table-top
exercise on
cybersecurity incidents.
 ARF ISM on ICTs
Security
(Singapore)
 ADMM Plus EWG
on CS (Malaysia)

5.
ACICE (ASEAN Cyber Information Centre of Excellence)
ACICE (ASEAN Cyber Information Centre of Excellence)
to “promote cooperation
on cybersecurity and
information within the
defense sector,
to “promote cooperation
on cybersecurity and
information within the
defense sector,
enhance multilateral
cooperation amongst
ASEAN defense
establishments
enhance multilateral
cooperation amongst
ASEAN defense
establishments
against cyber attacks,
disinformation, and
misinformation.”
against cyber attacks,
disinformation, and
misinformation.”

6.
8
Capacity building for international cyber norms in southeast asia

7.
ASEAN
leaders
Value the principles of “mutual
respect” and “non-interference”
View sovereignty as sacrosanct
principle among ASEAN member states
Do not define ‘sovereignty’ – this
provides flexibility in foreign and
domestic policy

8.
Cooperation among members and with external
partners (UN, SCO, GCC)
Economic Political Security

9.
Potential
• Business
• Information Exchange
• Culture
Risks
• Cybercrime
• Terrorists
• Disinformation

10.
Confidentiality
Integrity
CIA Triad
Availability
Confidentiality
- Data breach (SingHealth)
- Trade secrets
Integrity
- Software (Solarwinds)
- Nuclear power plant
(Stuxnet)
Availability
- Ransomware or wiperware
(NotPetya)
- DDOS

11.
https://carnegieendowment.org/2023/01/04/no-water-s-edge-russia-s-information-war-and-regime-security-pub-88644

12.
Cannot use
force
Except self
defence

13.
• Only target military objectives, not civilian objects
Principle of Distinction
• Collateral damage to civilian objects should not be in
excess to the concrete and direct military advantage
Principle of Military Necessity
and Proportionality
• The commander should (reasonably) determine the
effects of the attack
Principle of Precautions in
Attack

14.
US China European Union
States have right of self-defence
in cyberspace
Will not define application of
self-defence and IHL, in the
absence of international
consensus
Addressing questions of
applicability of IHL is necessary
for accountability
Applying LOAC in cyber does
not endorse cyber conflict but
reminds states to protect
Applying LOAC to cyber =
legitimises cyber conflict
Applying LOAC in cyber does
not endorse cyber conflict
No new international legal
instrument needed, can
interpret existing law
States must reach international
consensus, new international
legal instruments
No new international legal
instrument needed, can
interpret existing law
Source: EU Cyber Direct

15.
APT Target countries Target entities
FunnyDream
(C)
Malaysia, Philippines,
Thailand, Vietnam
High-level government
organisations; political parties
Platinum Indonesia, Malaysia,
Vietnam
Diplomatic and government
entities
Cycldek (C) Laos, Philippines, Thailand,
Vietnam
Government, defence, and energy
sectors
HoneyMyte Myanmar, Singapore,
Vietnam
Government organisations
Finspy Indonesia, Myanmar,
Vietnam
Individuals
PhantomLance Indonesia, Malaysia,
Vietnam
Entities
Zebrocy (R) Malaysia, Thailand Entities [source: Kaspersky]
Economic
and
Geopolitical
intelligence
gathering

16.
Digitisation growing faster than
cyber awareness
• Growth of cybercrime during the pandemic
Need for strategy / policy /
institutions to own it
• Cyber Strategy? Cyber Agency?
Lack of resources
• R&D
• Cyber Expertise
Priorities
• Cybercrime?
• Fake news?
Some states have offensive cyber
capability
Language and Culture

17.
Concept Perception
Cyber Security
or Information Security?
Threat Perception:
Who are the most serious
Cyber Threats to me?
Priority Perception
What Cyber problem do I fix
first?

18.
• Promote
cyber
hygiene
• R&D
• Build
awareness
• Secure the
data
• Policies
• Strategies
• Laws
Government Businesses
Public
Civil
society
and
Academi
a