The 4 th ARF Seminar on Cyber Terrorism Busan, Korea, 16 – 19 October 2007

STRENGTHENING COOPERATION ON CYBER SECURITY WITHIN THE ASEAN REGION

The ASEAN Secretariat

ARF Cooperation on Cyber Security

    First ARF Seminar on Cyber Terrorism, Jeju Island, October 2004 Second ARF Seminar on Cyber Terrorism, Cebu City, the Philippines, October 2005 Third ARF Workshop on Cyber Security, New Delhi, September 2006 Fourth ARF Seminar on Cyber Terrorism, Busan, October 2007

Previous recommendations

    Promote International and Inter-agency’s information sharing and cross-sectoral measures/activities Networking and dialogue (contact person, web based, mailing list, phone/fax, etc.) Working on and sharing guiding principles/ reference paper, best practices, case studies, technologies and solutions, etc.

Public-Private Partnership, e.g. the Social Corporate Responsibility, especially for the cross-border matters

ARF Statement on Cooperation in Fighting Cyber Attack and Terrorist Misuse of Cyber Space

Progress

    ASEAN Convention on Counter-terrorism   Adopted by ASEAN Leaders in January 2007 in Cebu, the Philippines The Convention includes Cyber-Terrorism in the areas of cooperation ASEAN Focal Points for CERTs  ARF is working on the List of Contact Points Network of Technical (Expert) Group   ASEAN WG on Information Infrastructure Working on technical cooperation on N-SOC, Network Monitoring Centre Capacity and confidence building activities

Work in Progress

   Compilation of the national legislation on cyber terrorism (cyber security issues) Mechanism for regional cooperation to combat cyber terrorism ARF Centre on Counter Cyber-terrorism

ASEAN Cooperation in Policy and Regulation on Network and Information Security

Cooperation in Policy

 ASEAN Telecommunications and IT Ministers and Senior Officials Meetings (TELMIN/ TELSOM)  Platform for cooperation initiatives amongst ASEAN Member Countries, Dialogue Partners/industries to further enhance the progress, readiness, and awareness of, amongst others, network and information security  TELSOM Working Group on Information Infrastructure   Technical knowledge and current challenges relating to the network and information security and available solutions Operational activities and policy implementation

Achievement

     Adoption of suitable international standards (e.g., telecommunications and cyber-security standards) Put in place minimum performance guidelines for setting up National CERT Put in place guidelines for implementation of CERT cooperation in ASEAN Cooperation on Cyber-security skills Encourage the development of National Security Operation Centre (N-SOC) and/or cooperation of the Network Monitoring Centre to proactively manage, monitor and facilitate cross border information sharing

Cooperation in Regulation

 ASEAN Telecommunication Regulators Council (ATRC)  2005 Framework on Cooperation of Network Security  ATRC Action Plan  ATRC Working Group on Network Security  Evaluation of preparedness and right to enforce against any network abuse     Establishment of an ASEAN liaison network ASEAN-wide user education and awareness raising programs, technical solutions, periodic assessment, and ATRC Internet Access Service Provider (IASP) Forum International and regional cooperation

   

Multiplatform Cooperation

 ASEAN+ Dialogue Partners:   CERT Incident Drills with Dialogue Partners An expanded exercise from the ASEAN-wide CID in 2006 The ASEAN + DPs CID on 16 July 2007 (ASEAN, China, Japan, Korea, India and Norway)   Capacity Building Workshops, seminars and training courses and technical visits (China, Korea, Japan, and India) ASEAN helps ASEAN  ASEAN+ other Organizations: ASEAN+ APEC Workshop on Network Security at TEL 35, Manila - The Philippines, 24 April 2007  Cooperation with ITU/APT ASEAN+ Industry (MS, IBM, etc)

Multiplatform Cooperation

    ASEAN+ China: Emergency Response Contact Mechanism by end of 2007    1 st CERTS Incidents Drill in 2007 (or 2008) Coordination Framework for Network and Information Security Emergency Responses China to join the ATRC Network Security Liaison Network (Point of Contacts)  ASEAN+ Japan: a high-level meeting on ICT security issues in 2008  ASEAN+ EU: Propose a Workshop to discuss and exchange views on the EU Cyber-crime Convention.

Disaster Relief Communications

   A regional proposal on common frequency for disaster relief communications in ASEAN Region ATRC is working on common frequencies for disaster relief ATRC will consider to propose and/or submit the proposal on a common set of frequencies for ASEAN Telecoms and IT Ministers (TELMIN) to further consider and/or adopt

Future Work Program

      

Course of Actions

Conduct the Seminar on Cyber Terrorism on regular basis Exchange of views and knowledge on regulations, cyber laws, and ICT Security Masterplan (Roadmap) Establishment of the National Cyber Security Agency (NISA, KISA) Complete the List of Focal Points of the ARF National Cyber Security Agencies Further collaborate/cooperate within ARF Members and with other Int’l Organizations Conduct technical training on technology and solutions for counter-measures Sharing experience, model and benefit of the Public Private Partnership (Gov’t-Business Forum on Cyber Security)

Contact Points

ARF Unit: Mr. Pratap Parameswaran: [email protected]

Ms. Retno Astrini: [email protected]

ICT Unit: Mr. Nguyen Ky Anh: [email protected]

Thank you