While Southeast Asia was fortunate to avoid the worst effects of the global CrowdStrike outage in July, ASEAN is actively working to improve resilience for future cybersecurity risks. However, it must do more to build a rapid response mechanism that can immediately mitigate the damage from cyber incidents, and Australia must be more proactive in lending its expertise and resources to support ASEAN’s cybersecurity initiatives.
Southeast Asia’s resilience to cybersecurity incidents has been improved through ASEAN’s promotion of cybersecurity awareness and collaboration among member states. Initiatives such as the ASEAN Cybersecurity Cooperation Strategy and the ASEAN Defence Ministers’ Meeting (ADMM) Cybersecurity and Information Centre of Excellence (ACICE) play a central role in enhancing the region’s situational awareness and collective ability to prevent, detect and respond to cyber incidents.
As for the Crowdstrike outage, Southeast Asia mostly dodged last month’s blue screens of death largely because few businesses in the region were customers to the company. This contrasts with Western countries, which tend to rely on dominant providers and made up most of Crowdstrike’s customer base. Meanwhile, ASEAN’s corporate-level defensive measures are quite fragmented due to its lack of home-grown cybersecurity capabilities and resource constraints. Small and medium businesses in the region often choose economical solutions.
Despite its challenges, ASEAN focuses on ensuring that the region has its own agency and voice in cybersecurity matters. This was evident during the Digital Defence Symposium, co-organised by ACICE and held a few days after the Crowdstrike meltdown. The symposium aimed to bolster defence diplomacy and multilateral cooperation to counter digital threats like cyberattacks and disinformation. ASEAN cybersecurity experts were joined by representatives from NATO members, the United States and China to discuss common digital security challenges and to foster situational awareness. ASEAN’s other collaborative efforts include joint exercises, workshops and training sessions designed to improve the cybersecurity capabilities of its member states.
Regional cooperation in Southeast Asia extends beyond government agencies to include partnerships with the private sector. ASEAN recognises the importance of involving the private sector and knows that public-private partnerships are essential for sharing information on emerging threats, best practices and technological advancements. Companies that have a strong presence in Southeast Asia play a vital role in these partnerships, providing technical support and capacity building training, and conducting joint research projects. Such collaborations colour the regional approach to cybersecurity although, arguably, countries adopt their own digital norms following their history and culture.
ASEAN also established a Computer Emergency Response Team (CERT) in February to strengthen regional cyber resilience, although, after only six months and with a funding commitment from only Singapore, it is not yet operational. It failed to answer Indonesia’s call for prompt assistance during the June cyberattack by LockBit ransomware group that shut down 282 government agencies. This incident underscored the need for further capacity building and international collaboration to enhance national cybersecurity standards, conduct comprehensive threat intelligence analysis and facilitate public-private partnerships to bolster the region’s digital defences.
The incident also highlighted the importance of developing a rapid response mechanism within ASEAN that can provide a timely response and assistance, aside from its existing numerous formal meetings. While the region has made significant progress in establishing frameworks and strategies, the ability to respond quickly and effectively to cyber incidents needs to be strengthened. A regional rapid response team that can be deployed in the event of a major cyberattack would greatly enhance ASEAN’s ability to mitigate impact. This team could be comprised of experts from member states who could provide technical support, conduct forensic analysis and coordinate recovery efforts.
For a regional effort to be effective, national organisations also require capacity building. The Indonesian Cyber and Encryption Agency, Singapore’s Cyber Security Agency (CSA) and Malaysia’s National Cyber Security Agency (NACSA) and others must become better equipped to analyse and defend against global criminal networks.
Australia should play a bigger role in supporting ASEAN’s cybersecurity initiatives. As one of the 11 countries involved in the joint international operation to take down LockBit in February, Australia has the necessary expertise and resources, and yet it was notably absent from this year’s Digital Defence Symposium. By engaging more proactively, Australia can help Southeast Asia build a more robust and resilient cybersecurity landscape.
Australia could be involved in various ways. It could provide technical assistance and capacity building support to ASEAN member states, sharing expertise on advanced cybersecurity technologies, conducting joint training programmes, and providing resources for developing national cybersecurity strategies.
Australia could also play a key role in facilitating information sharing and intelligence exchange between ASEAN and other international partners. By acting as a bridge, Australia could help ensure that its neighbours in Southeast Asia have access to the latest threat intelligence and best practices from around the world.