Tokyo, 13 September 2013
1. We, the Ministers of the Member States of the Association of Southeast Asian Nations (hereinafter referred to as “ASEAN”), namely Brunei Darussalam, the Kingdom of Cambodia, the Republic of Indonesia, the Lao People’s Democratic Republic, Malaysia, the Republic of the Union of Myanmar, the Republic of the Philippines, the Republic of Singapore, the Kingdom of Thailand and the Socialist Republic of Viet Nam, and Japan (hereinafter referred to as “ASEAN-Japan”), gathered in Tokyo, Japan on 12 and 13 September 2013, the 40th year of the ASEAN-Japan Friendship and Cooperation for the ASEAN-Japan Ministerial Policy Meeting on Cybersecurity Cooperation.
2. We believe that a secure cyberspace is one of the major drivers in innovation as well as being essential in promoting social and economic activities and strengthening ASEAN connectivity.
3. Towards this, we acknowledge the efforts of our senior officials in promoting cooperation in this field and the outcome of the ASEAN-Japan Information Security Policy Meetings held since 2009.
4. Further, we note the importance of strengthening our collective efforts in cybersecurity* in order to create a secure business environment in the knowledge economy, build an environment for secure Information and Communication Technology use, and support government driven cybersecurity strategy, through cooperation of the relevant ministries and agencies within the government of each ASEAN Member State and Japan, and mutual cooperation between ASEAN Member States and Japan.
* Recommendation ITU-T X.1205 provides a definition of cybersecurity.Final
5. Recognizing that ASEAN Member States are at different levels of development, we should take into account the following principles when we make efforts to promote cybersecurity:
Any measures to foster a reliable cyberspace should continue to encourage information flow, interoperability and economic prosperity and should not disrupt the smooth technical functioning of the Internet;
Especially when regulatory measures are introduced, sufficient consideration should be taken in order to maintain the information flow and foster economic activities;
Individual Internet users should be encouraged to develop their literacy regarding cybersecurity, including self-regulation
Policy makers and regulators should collaborate with the private sector in order to effectively and promptly address cyber threats and risks.
6. Taking into account domestic laws, rules, regulations and available resources, we encourage our senior officials to promote our joint efforts further in the following areas:
CREATING A SECURE BUSINESS ENVIRONMENT
Encouraging public and private entities to enhance the level of cybersecurity through referencing best practices such as Information Security Management System (ISMS);
Promoting cooperation and collaboration among relevant ministries and agencies such as Computer Security Incident Response Teams (CSIRTs) of ASEAN Member States and Japan through initiatives like Internet Traffic Monitoring Data Sharing Project (TSUBAME Project);
II. BUILDING A SECURE INFORMATION AND COMMUNICATION NETWORK
Enhancing network security through activities such as information exchanges on anti-botnet and anti-spam measures; Final
Enhancing technical cooperation for security through activities such as Japan-ASEAN Security Partnership (JASPER) composed of the Proactive Response Against Cyber-attacks Through International Collaborative Exchange (PRACTICE) project and infection alerting;
Promoting the exchange of technical expertise such as cooperation among Internet Service Providers (ISPs) facilitated by relevant authorities of the ASEAN Member States and Japan and exchange of researchers;
ENHANCING CAPACITY FOR CYBERSECURITY
Promoting cooperation in the areas of cybersecurity strategies including critical infrastructure protection, public-private partnership, business continuity plans for ICT, protection of vulnerable groups online especially children, cloud computing security, and smartphone security;
Fostering human resource development through activities such as ASEAN-Japan Cybersecurity Capacity-Building Initiatives;
Establishing a mechanism for ASEAN Member States and Japan to enable information sharing, and quick responses to cyber incidents through activities such as cyber exercises;
Promoting joint awareness raising activities among ASEAN Member States and Japan.
7. We believe that by applying the above principles and focusing our continued joint efforts in the areas mentioned above in the spirit of consensus, taking into consideration the different stages of development of ASEAN Member States, we will be able to develop measures which will result in a more secure cyberspace for our citizens, business communities and government.