October 6, 2022 Outcomes of the 15th ASEAN-Japan Cybersecurity Policy Meeting

The 15th ASEAN-Japan Cybersecurity Policy Meeting (hereafter "Policy Meeting") was held from Tuesday, October 4 to Wednesday, October 5, 2022.
The Policy Meeting has been held annually since 2009, with the purpose of enhancing international collaboration on cybersecurity among the ASEAN member states(hereinafter “AMS”) and Japan.
In this year, AMS and Japan exchanged views regarding the cybersecurity policies over the past year in the meeting. In addition, AMS and Japan confirmed and evaluated collaborative activities (hereinafter “CAs”) including critical information infrastructure protection workshop, joint awareness raising, capacity building and joint government-industry-academia, and cyber exercises.
AMS and Japan confirmed progress of CAs in this Policy Meeting, and also agreed to continuously implement CAs.

1. Date and Location

Date and location:
Tuesday, October 4 and Wednesday, October 5, 2022, in Tokyo
Hosts:
Cabinet Secretariat (National center of Incident readiness and Strategy for Cybersecurity(NISC)), Ministry of Internal Affairs and Communications (MIC), and Ministry of Economy, Trade and Industry (METI)
Co-Chairs:
Japan (Prof. HAYASHI Ryozo, Director of Musashino Institute for Global Affairs (MIGA) at Musashino University)
Malaysia (Mr. Rahamzan HASHIM, Chief Executive of the National Cyber Security Agency (NACSA))
Keynote speeches:
Dr. SHINODA Yoichi (Cybersecurity Advisor to the National center of Incident readiness and Strategy for Cybersecurity)
Professor WATANABE Kenji (Nagoya Institute of Technology; Chair, Critical Infrastructure Expert Panel, Cybersecurity Strategic Headquarters)
Attendees:
Cybersecurity/Telecommunications related Government Agencies of AMS, ASEAN Secretariat, Japan's Cabinet Secretariat, Ministry of Internal Affairs and Communications, Ministry of Foreign Affairs (MOFA), and Ministry of Economy, Trade and Industry.

2. Main achievements

In addition to confirming the current implementation status of the 9 CAs agreed upon at the 14th Policy Meeting held online in October last year (Remote Cyber Exercises, Table Top Exercise, Critical Information Infrastructure Protection, Awareness Raising, Capacity Building, Mutual Notification for Incidents, Reference (Handbook), Working Group Steering, and Joint Government-Industry-Academia), participants also discussed collaboration and cooperation among AMS and Japan going forward. The main contents are below.

1. Enhancing the Information Sharing Framework and the Incident Handling Skills

The Outcomes of Remote Cyber Exercise and Table Top Exercise was reported, which were aimed to confirm the information sharing framework and the incident handling procedures of international coordination. The online information liaison exercise featured a scenario involving cyberattacks on governmental organizations and critical infrastructure. An online chat tool was used to achieve swift communication and its utility as a means of communication and coordination was highly praised by the AMS. The in-person Table Top Exercise took as its themes the upgrading of ransomware countermeasures for critical infrastructure and cybersecurity challenges in promoting the digitalization of governmental organizations. A lively exchange of views regarding each country's knowledge and challenges was reported to have taken place. Furthermore, a report was provided on the outcomes of this year's initiatives to reconfirm and address the framework for mutual notification in the event of the detection of an incident in another country, as part of the ASEAN-Japan information sharing framework. At the same time, participants evaluated the information sharing framework and discussed further improvements.

2. Cooperation for Critical Information Infrastructure Protection

It was reported that the Critical Information Infrastructure Protection Workshop had taken place as an in-person event for the first time in three years. Focused on the theme of critical infrastructure protection and data protection, participants exchanged information about the current state of efforts in each country to enhance the legal system and put measures in place, along with each country's knowledge and initiatives focused on cyberattack incidents. Participants also discussed the theme for next year's workshop.

3. Promoting Cooperation for Capacity Building and Awareness Raising

There were reports on the implementation status of both Japan's capacity building (human resource development) projects in the cyber field and awareness raising activities. Among them was a report on plans for the ASEAN-Japan Cybersecurity Capacity Building Centre (AJCCBC) to hold various training courses and workshops. An explanation was also provided regarding the JP-US-EU Industrial Control System Cybersecurity Week for the Indo-Pacific Region, an online event taking place in late October that features hands-on training and workshops relating to industrial control sysems.

4. Promoting Joint Government-Industry-Academia collaborative activity

Participants agreed to move forward with discussions aimed at collaboration among cybersecurity related associations in AMS, as an initiative to promote collaboration between government, industry, and academia with the aim of improving cybersecurity capabilities in areas including critical infrastructure throughout the region.

3. Upcoming schedule

The 16th Policy Meeting is scheduled to be held next year.