A cyber security expert asserts that the Association of Southeast Asian Nations (Asean) must confront fundamental challenges in cyber security directly for countries in the region to realise their fullest potential in the digital space.
In commending Digital Minister Gobind Singh Deo’s recent call for unified cyber standards in the region, Murugason R. Thangaratnam, the co-founder and chief executive officer of cyber security company Novem CS, added that while internet penetration is continuously increasing, digital inequity is growing at the same time.
“Mobile connections are skyrocketing, yet digital literacy to combat cybercrime, disinformation, and misinformation is plummeting. Most importantly, cyberattacks are rising, but trust-building among key stakeholders remains stagnant or, worse, declining,” Murugason said.
“If these issues are not fully addressed, the region’s digital ambitions, oriented around Asean’s inclusive community-building agenda, are likely to be aspirational rather than attainable. Perhaps this is an opportunity for Malaysia to take the lead, leveraging its position as Asean chair this year.”
He added that cyber security has become a cross-sectoral issue in the region.
“Initially focusing on the digital economy, cyber security now cuts across Asean’s three community pillars, which are political security, economic, and socio-cultural.
“The region should strive to achieve a feasible, middle-path approach to cyber security standards; one that is aligned with international standards and best practices, yet is localised and context-specific.
“Along with each individual country’s earnest efforts to invest more in digital infrastructure and human resources, the parallel middle-path approach can pave the way for the Asean region to become a leader rather than a follower in standard-setting, thereby improving its capacity to influence various technical and policy discussions, even on a global stage.”
Murugason stated that this may seem ambitious but is not impossible, adding that the European Union is “a living example.”
“Any unified cyber security standards should be outcome, rather than implementation-oriented to avoid being too prescriptive. Such an approach can help the region strike a healthy balance in the adoption of international standards according to the domestic context.”
“Additionally, the school of thought is that the standards-setting processes should be agile and iterative due to the ever-changing nature of emerging and critical technologies. Adhering to highly rigid or inflexible processes could render standards obsolete in the long run.”
He said the biggest challenge is getting the respective nations to agree on a transparent method to share information, without sacrificing their national security and sovereignty.
“Currently, at a national level, issues like regulatory non-compliance, cost considerations, exposure or leakage of sensitive data or intellectual property, and reputational damage prevent the public and private sectors from sharing or disclosing information on cyber incidents in a timely fashion.
“Stakeholders are aware that the failure to mitigate cyber incidents is often seen as shameful, which deters organisations from sharing more information publicly. Across the board, ineffective data sharing is driven by the prevailing trust deficit, which leads to weak enforcement of rules and regulations.”
He added that even though there is a strong appetite to collaborate on data sharing and incident management, especially due to the borderless nature of cybersecurity risks, and the obvious interdependencies among industries, the lack of government incentives for the private sector often undermines the effectiveness of public-private partnerships.
Murugason said the passing of several laws including the Cyber Security Act is a testament to the Malaysian government’s seriousness in getting its digital security foundation in order.
“And on the digital trust and data governance front, the digital minister is leading the charge by establishing the right building blocks for us to lead by example, by engaging with the private sector, tapping into success stories from nations outside the region, and setting up the right vehicles to drive the nation’s digital aspirations.
“There are going to be no easy answers or discussions over the coming months, but the important thing is to get the conversation moving at a more rapid and urgent pace, and I am sure, based on the minister’s statement, he knows that better than anyone else.
“In addition to the conferences and summits planned for the year, more informal dialogues will allow Asean member states to share challenges and ideas openly and help to build shared understandings.”
He said Asean member states seem to be aligned in having a regional voice in the international cyber ecosystem conversation, but how coherent or unified that voice will be is dependent on three things: an appreciation of internal cyber threats without being consumed by them; a nuanced awareness of the agendas and power plays within the international cyber norms debate; and a clear-headed drive to look to the best ideas in the field, whether they come from within or outside of Asean.”
“Malaysia has an opportunity to lead the way and help crystallise a standardised cyber sovereign structure for the region,” he added.