ABSTRACT

This paper explores the role of regional organizations in crafting solutions that are able to address both the scale and cross-border nature of cyber threats, as well as the challenges inherent to an anarchical international system. It focuses on the Association of Southeast Asian Nations (ASEAN) and the European Union (EU) and the cybersecurity frameworks they have developed in the last few years. The EU has significantly improved regional cyber resilience and cooperation by setting out ambitious goals, enhancing information sharing and harmonizing practices across its member states. In contrast, ASEAN has a lack of a strong unifying governance or legal framework, which limits the collective capability of the region to capitalize on shared knowledge to prevent and mitigate cyber threats. The paper aims to elaborate on relevant measures that could be implemented in ASEAN based on a comparative analysis with the EU. Despite the stark differences between the two organizations, there is common ground in some areas for the development of policy recommendations aimed at enhancing ASEAN’s cyber resilience, eliminating the need to reinvent the wheel in key policy areas. To this end, this paper analyzes the two organizations’ cybersecurity frameworks in line with the four pillars of cyber capacity building identified by the European Institute for Security Studies (EUISS) and adjusted to a regional context: overarching regional strategy, institutional framework for cyber threat prevention and response, harmonization of cybercrime and data privacy legislation, and cyber awareness and hygiene.