How cybersecurity becomes an issue in the post-COVID-19 era in ASEAN
年初來一篇,上個學期International Studies and Cybersecurity 課堂的期末報告。這篇報告回顧了近三年來(從2018年新加坡擔任東協輪值主席國)東協高峰會主席聲明中對資訊安全(Cybersecurity)議題的態度,以及新加坡、泰國、越南三國國內資訊安全的相關法律規範。
第一次寫資訊量這麼大的英文報告,胃疼:)一般大家在討論資安議題的時候大多聚焦在美國、中國、俄羅斯、伊朗、北韓等國家,但我想東南亞也是一個發展中、市場潛力無窮的可愛地方。歡迎大家給予指教!
1. Introduction
In 2018, the 32nd ASEAN Summit released the “ASEAN Leaders’ Statement On Cybersecurity Cooperation”, acknowledging that the urgency of cross-border cyber threats has become an international issue in the context of economic digitization and Internet penetration.[1] At the same time, the digital-economy business opportunities brought about by the development of the Internet may also positively influence the economic growth of the Association of Southeast Asian Nations (ASEAN), especially providing a large number of employment opportunities. Therefore, as an active part of the region, member states should guarantee cyberspace’s security and stability and gradually move towards stable cyber standards, promoting ASEAN’s economic growth and regional connectivity. The discussion of ASEAN statements usually divides digitization issues into two aspects: smart cities and cybersecurity, representing the development and possible potential crises that must face in the Internet era. The term “cybersecurity” includes many issues; avoiding the use of the Internet as a tool of crime, or even threatening national security, is taken to discuss the central issue of “cybersecurity” in this study.
ASEAN was established on 8 August, 1967 in Bangkok, Thailand, with Brunei, Cambodia, Indonesia, Laos, Malaysia, Myanmar (Burma), Philippines, Singapore, Thailand, and Vietnam, making up the ten Member States of ASEAN today. From the data released by DATA REPORTAL in 2020[2], the Internet penetration rate of ASEAN varies significantly between countries (see Table 1). It seems that other issues are more urgent than cybersecurity issues for the entire region, but the international cooperation actions to improve cybersecurity have undoubtedly become one of the most concerning topics of ASEAN in recent years.
The outbreak of COVID-19 has changed people’s Internet usage habits. In many countries, studies and work must carry out online, making a large amount of data stored in personal computers instead of computers protected by the company’s information security department. Changes in lifestyle have also increased the threat of cybercrime. For example, the web media Bleeping Computer reported “Zoom accounts are sold on the dark web”, showing that since online meetings have become the norm, hackers have more often used credential stuffing attacks to steal users’ accounts information.[3] According to the INTERPOL report in August 2020, post-COVID-19 cyber threats include: Online Scams and Phishing, Disruptive Malware (Ransomware and DDoS), Data Harvesting Malware, Malicious Domains, and Misinformation. Among them, the primary cybersecurity issues in the Asia Pacific/ASEAN are COVID-19 related fraud, phishing campaigns, and online sale of fake medical supplies and personal protective equipment (PPE).[4][5]
In the 36th “online” ASEAN Summit held in Vietnam in June 2020, it was mentioned that facing the changing lifestyles of COVID-19 and dealing with the subsequent security issues demand immediate action. This study will review the progress of ASEAN’s cybersecurity issues and discuss its possible development after the post-COVID-19 era.
2. Cybersecurity issues in ASEAN
Cybersecurity has become a worldwide issue. The “NATIONAL CYBER
STRATEGY” report submitted by the US government in September 2018 directly pointed to possible cyber threats from Russia, China, Iran and some other countries. It proposed four pillars to establish partnerships between countries with the same concept to maintain open, interoperable, reliable, and secure Internet.[6] On the other hand, the European Union (EU) adopted an enforcement framework for the European Union Agency for Cybersecurity (ENISA) and pointed out that it is crucial to maintain and develop the capabilities to strengthen Union cybersecurity structures of Member States to respond to cybersecurity threats comprehensively, which including to cross-border incidents.[7]
However, this is still a developing issue for the ASEAN. In 2017, the ASEAN Summit adopted “ASEAN Cybersecurity Cooperation Strategy” and some other regional initiatives.[8] After Singapore took over the rotating chairmanship in 2018, it had actively promoted the importance of cybersecurity issues and responded to challenges posed by the cross-border Internet and the digital economy. In September, the 3rd ASEAN Ministerial Conference on Cybersecurity (AMCC) was held in Singapore. Based on “ASEAN Leaders’ Statement on Cybersecurity Cooperation”, the conference approved it is necessary to establish a cybersecurity coordination system to build a standard among ASEAN countries. At the same time, “ASEAN Network Security Action Council” (ANSAC) prepared a draft of the ASEAN cybersecurity coordination system to face the increasing cyber threats and fake news. AMCC should continue to be a cybersecurity platform among ASEAN countries and institutions.[9]
Thailand was the chairmanship of the 2019 ASEAN summit, announcing that it would actively promote the ASEAN-Singapore Cybersecurity Centre of Excellence (ASCCE) and the ASEAN-Japan Cybersecurity Capacity Building Center (AJCCBC). ASCCE has its own research institutes and training centers under the Cyber Security Agency (CSA) of Singapore, which focuses on the research of cybersecurity international laws, policies and strategies. In addition to conducting the research mentioned above, professional training on human power will also be provided, and the ASEAN countries will be promoted to exchange information and technologies on cyber-attacks and cyber-defense. AJCCBC was also established to address the cyber-attacks in Southeast Asia. To make up for the lack of professional talents, ASEAN-Japan chose to set up a cybersecurity personnel training center in Bangkok. In addition to deepening technological development, ASEAN also planned to gradually strengthen member countries’ resilience to cyber threats and cross-border crimes.[10]
Vietnam assumed the chairmanship in 2020. Since this year, digital economy, smart city development and cybersecurity issues have been discussed separately. Cybersecurity issues have been juxtaposed with crucial national security issues such as drug abuse and nuclear weapons restrictions, and have become part of regional political-security statements.[11] Furthermore, in response to the changes in people’s lives caused by the epidemic and its dependence on digital technology, ASEAN proposed the “ASEAN Comprehensive Recovery Framework” to discuss the importance of cybersecurity issues from digital economy perspectives, and strengthen rules-based cyberspace and advance regional cybersecurity policy coordination and capacity building.[12]
in the past three years
As shown from the information above, the chairman’s statement of the year on cybersecurity issues has a lot to do with the rotating chairmanship country’s attitude. Singapore has the highest internet penetration rate and complete construction among ASEAN countries, which has played a pioneering role in cybersecurity issues. The emphasis on cybersecurity issues raised its significance to the public’s vision. The AJCCBC, which was established in cooperation with Japan, set up a in Thailand. In the year when Thailand is the chairman of the ASEAN summit, the chairman’s statement attaches great importance to cooperation within and outside the region; This year, Vietnam is the chairmanship of the ASEAN summit. Against the background of the COVID-19 epidemic and the signing of RCEP, the chairman’s statement separates cybersecurity from digital development and presents them alongside other non-traditional national security threats, which shows that Vietnam is highly sensitive to this issue. Besides, in related documents, cybersecurity issues are mainly discussed under the recovery framework that promotes economic development. It can be seen that in the current epidemic situation, the most crucial thing for ASEAN countries is how to deal with the threat of cybercrime derived from the development of the digital economy.
3. Cybersecurity laws in ASEAN Countries
Since cybersecurity has become a topic of concern, many ASEAN countries have promulgated or amended relevant domestic laws in recent years. Next, the studies will further sort out the forms of cybercrimes in Singapore, Thailand, and Vietnam these years, and summarize the main points of the laws formulated for cybersecurity.
A. Singapore
According to the Singapore Cyber Landscape 2019 report released by the CSA, cybercrimes accounted for 26.8% of all crimes in 2019, with e-commerce scams being the most popular.[13] As more and more people get used to online shopping, crimes of selling fake and stealing personal financial data during the consumption process are increasing, becoming severe cybersecurity issues. Besides, attacks on website defacement, phishing incidents, and malware infections have also increased, most of the affected websites operated by Small and Medium Enterprises (SMEs). Compared with large enterprises that have robust information departments to deal with these cyber-attacks, SMEs are vulnerable, and they are the objects of priority protection by law.[14] CSA believes that the COVID-19 pandemic may extend the number of cybersecurity incidents in 2020. The increased number of people who work from home has caused many companies to put company internal information in the cloud, bringing more security risks that are difficult to control.
“Singapore’s Cybersecurity Act” received the President’s assent on 2 Mar 2018. It regulates Critical Information Infrastructure (CII) and Cybersecurity Service Providers. According to the Singapore government, ‘A “cybersecurity threat” is defined as an act or activity (known or suspected) carried out on or through a computer or computer system, which may imminently jeopardise or affect adversely’[15]. Part 3 of the Cybersecurity Act clearly demonstrated their determination to proactively protect CII from cyber-attacks, ensuring the stability of CII. The CII department includes all the necessary services for the regular operation of the country. The country’s power should be involved to ensure it would not be attacked and affect national security. Also, the revised law stipulates that the government must certify cybersecurity service providers. It constitutes a crime if there is anyone who claims to provide cybersecurity services without permission.[16]
B. Thailand
According to Bangkok Post’s report, although the street crime rate in Thailand declined in 2019, the number of cybercrimes is expected to rise as computers and the Internet become popular. National police chief Pol Gen Chakptip Chaijinda believes that cybercrime changes the form through technology and the trading may also use virtual currencies like Bitcoin, which makes it difficult for investigators to trace the criminal evidence.[17] In addition to online shopping scams, other forms of cybercrimes such as “call centre” frauds, romance scams, intellectual property infringements are common forms of cybercrime in recent years. Internet users also be warned that they should be cautious in facing “phishing” scams and avoid hackers from defrauding sensitive personal information (usernames, passwords or credit card details, for example) with fake pages.[18] During the Covid-19 period, fake news was also taken seriously by the Thai government. Although the spread of false news does not directly result in criminal consequences, it will be detrimental to the current government’s control of the disease if it caused public panic occurs.[19]
Thailand’s Cybersecurity Act was promulgated on 27 May 2019. This act proclaims the establishment of the “National Cybersecurity Committee (NCC)”, chaired by the Prime Minister, and regulates any behavior intended to endanger cybersecurity. According to the Thai government’s definition, ‘“Cyber Threats” shall mean any action or unlawful undertaking by using the computer, with an intention to cause any harm to the computer system, computer data, and be an imminent threat to damage affect operation of the computer.’[20] Part 3 of the act states the management norms for CII, and holds that NCC has the right to prescribe the characteristics, duties, and responsibilities of each CII department, protect its stability to maintain national security.[21] CII departments should also establish mechanisms to respond to cyber threats and cybersecurity incidents, and notify the NCC at any time, so that the government can grasp cybersecurity incidents as quickly as possible.
C. Vietnam
As society becomes more dependent on the digital economy, the number and complexity of cybercrime in Vietnam are growing rapidly. Vietnam Investment Review reported that the number of people using digital financial services in Vietnam had increased significantly compared to a few years ago.[22] However, it has also increased the number of crimes that use online attacks against banks, including using malicious code to paralyze bank systems, sending phishing emails to customers to obtain customer information and spyware to steal bank secrets.[23]
During the COVID-19 pandemic, Vietnam also committed crimes of international fraud in the name of selling epidemic prevention materials. The suspect established a webpage selling hand sanitizer, masks and other goods to attract American customers to place orders and use Paypal to receive payment. The goods were not sent after the payment, which caused considerable losses to victims.[24] On the other hand, FireEye also reported that a hacker group known as APT32 carried out a cyberattack against the Chinese government to gather intelligence about the COVID-19. APT32 is believed to be a group from Vietnam, whose work aligns with Vietnam’s national policy and commercial interests. They sent Chinese spear-phishing messages to the Hubei provincial government that was the first to discover COVID-19, and used them to induce recipients to click on attachments to obtain internal information.[25]
Vietnam started implementing Law On Cybersecurity on 1 Jan 2019. Unlike the laws of Singapore and Thailand that focus on the protection of CII, Vietnam’s cybersecurity law places much emphasis on the government’s control of Internet service providers.[26] These include requiring data localization, and Internet service providers should set up an office in Vietnam. Additionally, the government is able to delete sensitive content, and define what illegal content is not allowed to appear on the Internet. It is mentioned in Articles 8, 16, and 17 that if inciting people against the state, disturb public order, and violate state secrets, and they can all be punished according to law. Generally, foreign investors believed that stricter cybersecurity laws would not be conducive to foreign companies engaging in commercial activities in Vietnam, as well as the progress of regional integration.[27] In the next part, the study will analyze this point.
4. The challenges of regional integration and international cooperation after the post-pandemic era
Facing the economic shock caused by the pandemic and the emergence of the digital economy, accelerating economic recovery through regional integration is the focus of countries worldwide. However, the information disclosure requirements in the regional integration agreement may sometimes conflict with the domestic cybersecurity regulations of a country. Achieving a balance between the two through negotiation is a challenge that the ASEAN countries must face. On the other hand, ASEAN interacts closely with neighboring countries. Except for discussing the possibility of development cooperation, we also need to pay attention to possible risks.
A. Regional Comprehensive Economic Partnership (RCEP)
In the RCEP text, the part that is more relevant to cybersecurity is Chapter 12 “E-Commerce”. This chapter requires contracting parties to create a favorable environment for e-commerce, protect the personal information of e-commerce users, and propose relevant restrictions for the local storage and cross-border transmission of information.[28] RCEP stipulates that contracting parties shall not force e-commerce to store locally, as Article 12.14.2 states, “No Party shall require a covered person to use or locate computing facilities in that Party’s territory as a condition for conducting business in that Party’s territory.”[29]
However, the article also mentions that when parties consider achieving public policy goals (12.14.3.1) or protecting their safety interests (12.14.3.2), the above local storage rules can be excluded from the application.[30] Among them, due to the stricter domestic restrictions on cybersecurity, Vietnam has received differentiated treatment (adjustment period) for five years in terms of “Do not restrict local storage” and “Do not prevent commercial activities from transmitting information across borders through electronic means.” This allows the Vietnamese government to adjust domestic laws gradually.
B. Comprehensive and Progressive Agreement for Trans-Pacific Partnership (CPTPP)
The e-commerce chapter of CPTPP is Chapter 14, which requires contracting parties not to require companies to establish data storage centers locally and provide software source codes.[31] Furthermore, contracting parties shall prevent online fraud and false commercial activity; ensure consumer privacy, and other cybersecurity provisions. Article 14.13.2 stipulates that “No Party shall require a covered person to use or locate computing facilities in that Party’s territory as a condition for conducting business in that territory.”[32] To promote e-commerce, CPTPP encourages paperless transactions, such as electronic customs clearance forms, electronic verification and signatures. It also agrees to assist SMEs in using e-commerce and personal data protection.
CPTPP’s e-commerce chapter applies to the “Dispute Settlement” chapter. However, in response to the restrictions of Vietnam’s cybersecurity law, Article 14.4 (Non-Discriminatory Treatment of Digital Products) and Article 14.11 (Cross-Border Transfer of Information by Electronic Means) and Article 14.13 (Location of Computing Facilities) are exceptions.[33] It is to say Vietnam will have a two-year adjustment period to deal with the e-commerce agreement regulated in this chapter.
C. Japan
The official organization dealing with cooperation between Japan and the ASEAN is the “Japan ASEAN Center”, established in 1981 to enhance economic and trade investment, cultural exchanges, and tourism activities between both sides through seminars, international events and infrastructure building programs. For the cooperation on cybersecurity, AJCCB is the platform between ASEAN and Japan. Japan actively seeks to strengthen its security relations with ASEAN countries. As introduced in this study, ASEAN countries have exposed their vulnerability to cyberattacks in recent years. To ensure Japan’s domestic economic interests in ASEAN and provide a safe investment environment, cybersecurity has become an important issue. In December 2017, at the ASEAN Telecommunications and Information Technology Ministers Meeting (TELMIN) held in Cambodia, it was agreed that Thailand would be the host country of AJCCBC. Japan would provide funding and training human resources related to cybersecurity, and made an initial commitment of US$5 million.[34]
AJCCBC’s training content is expected to cover cyber defense with recurrence, particular emphasis on handling cybersecurity incidents, obtaining digital evidence of cyberattacks, and analyzing the development of malware trends.[35] The design of these training contents is in line with the information reported by INTERPOL, the shared cyber threats in the Pan-Pacific region in the post-pandemic era.
D. China
The China-ASEAN Center is an intergovernmental organization jointly established by China and ASEAN member states in 2011. The founding of the China-ASEAN Center reflects the development of bilateral relations and partnership in trade, investment, education, culture, and tourism. This year at China-ASEAN Summit, China released “the Initiative on Building China-ASEAN Partnership on Digital Economic”, declaring that China is willing to cooperate with ASEAN in e-commerce, smart city, and 5G innovation, enhancing the technical exchange between both sides.[36] The statement also echoed the recovery framework proposed by the ASEAN Summit due to the economic shock of the COVID-19 pandemic, agreeing with the necessity of improving the digital economy.
However, China’s significant influence in the ASEAN also seems to be vigilant. According to the analysis submitted by the cybersecurity supplier FireEye in 2015, a hacker group named APT 30 has continuously carried out cyberattacks on Southeast Asia in the past ten years, and it is believed that China is behind the scenes.[37] The targets of APT 30 are mostly government agencies, enterprises, or media reporting on China affairs. They modify the code to install automatic download tools, backdoor programs, and spread multiple infections on removable storage devices to steal data. FireEye believes that APT 30 has been conducting spying activities against governments and companies since at least 2005, and now holds many essential regional political, economic, and military intelligence.[38] How to strike a balance between cooperating with China and resisting possible threats is testing the ASEAN countries’ political acumen.
E. The United States
The ASEAN-United States Summit has been held every year to discuss bilateral partnerships on various issues since 2013.[39] In 2019, the first U.S.-ASEAN Cyber Dialogue was held to discuss cyber issues and tangible cooperation opportunities. For ASEAN, the pressing issue is to improve its ability and infrastructure to deal with the digital economy and cyber threats. On the other hand, the United States hopes to consolidate its Indo-Pacific strategy through cooperation with ASEAN countries in the cyber realm. The Digital Connectivity and Cybersecurity Partnership (DCCP) mentioned in the U.S. free and open Indo-Pacific strategy proposed by the U.S. government in the same year has the primary purpose of “to promote an open, interoperable, secure, and reliable Internet.”[40] The U.S. government provided funding and technical assistance, hoping to improve partner countries’ regulatory policies and cybersecurity. Whether the collaboration between the United States and ASEAN on cyber policies will extend to the digital economy in the post-pandemic era, is worthy of attention.
5. Conclusion
With the development of e-commerce and the increasing dependence on the digital economy after COVID-19, cybersecurity has become a significant worldwide issue, and ASEAN is no exception. Although there are still gaps in the status of Internet penetration in ASEAN countries, since Singapore assumed the ASEAN Summit’s chairmanship in 2018, cybersecurity has increasingly become the focus of discussion at the summit. According to the discussions on cybersecurity issues in the past three years, it can be seen that it has been strongly affected by the position of the rotating chairmanship: Singapore is the most advanced country in the Internet instruction of the ASEAN, and its development of the digital economy is also comparable. ASEAN’s emphasis on cybersecurity issues will benefit Singapore’s growth in related industries. Therefore, they have proposed a complete blueprint for smart cities and cybersecurity in 2018.
Thailand’s insufficiency of cybersecurity talents is directly reflected in the enthusiastic collaboration with countries inside and outside the region, and more actively declares its cooperation with the human resource center of AJCCBC in Bangkok. Vietnam, on the other hand, is facing a conservative atmosphere on cyber issues in the country. For the first time, this year’s ASEAN statement departs cybersecurity from digital development, considering cyber threats are non-traditional national security threats. Vietnam government will further regulate those behaviors that may endanger the stability of the regime, which shows that they are susceptible to this issue.
In terms of cybersecurity development in the future, ASEAN has a large population (which is over 600 million), a low average age of the population, and a rapid increase in the “mobile age” of using the Internet. It attracts foreign investment in construction and market development and has excellent development potential. According to the “economy SEA 2019” annual report jointly published by Google, Temasek and Bain & Company in October 2019, the scale of Southeast Asia’s digital economy in 2025 is estimated to reach 300 billion US dollars. This has also attracted foreign governments to develop partnership plans with ASEAN countries, hoping to expand their influence in the Southeast Asian market, which is an external resource that ASEAN countries can link to.
However, due to the limitations of national infrastructure capabilities and differences in political systems in the ASEAN, the implementation of cyber issues is not sufficient. For example, Vietnam’s domestic laws are inconsistent with the general direction of Singapore and Thailand when regulating cybersecurity issues. Besides, the operation of the ASEAN Summit usually adopts a consensus decision, and most of it issued in the form of a statement, which is no mandatory binding effect. It is still challenging to develop a community with consistent strategies in the ASEAN.
According to data released by INTERPOL, the most common cybercrime types in ASEAN countries during the COVID-19 were online shopping scams, phishing emails, and ransomware attacks. Most of these were aim at stealing governments and companies’ secrets. During the pandemic, due to the increase in the number of people Working from Home, the company’s internal data was often stored in the cloud, making it easier to become a cybercrime victim, causing cybersecurity loopholes. In response to increasing cyber threats, many countries have successively revised their domestic cybersecurity laws. This study takes Singapore, Thailand, and Vietnam as examples to demonstrate the latest cybersecurity laws of the ASEAN countries, and try to understand the primary cyber threats for governments of each country.
From the analysis results, it can be seen that the laws of Singapore and Thailand emphasize the protection of CII, and believe that attacks on CII are notable events that constitute a national security threat and need to be regulated. Vietnam’s cybersecurity laws tend to focus on the government’s control of Internet service providers and users, including local storage, deleting sensitive content, and defining illegal content. It once again illustrates the conservative attitude of the Vietnamese government on cyber issues.
Regional integration has been another critical issue in recent years. The ASEAN countries also hope to help the weak economy due to the COVID-19 by promoting the opening-market.
However, the requirements for information disclosure in the regional integration agreement, especially in local storage and cross-border electronic transmission, partly conflict with the domestic cybersecurity regulations of contracting parties (such as Vietnam, Cambodia and Laos). Regarding the more sensitive chapters, both RCEP and CPTPP provide adjustment periods for specific contracting parties in response to the gradual amendments to member states’ laws, while Vietnam is granted each adjustment period of five and two years.
In terms of international cooperation, this study takes the partnership between Japan, China, the United States and the ASEAN to illustrate possible cooperation with external resources on cybersecurity. Among them, Japan will continue to develop the AJCCBC center to help the ASEAN fixed talents needed to promote cybersecurity, combat cybercrimes, and ensure the security of the business environment in ASEAN. At the same time, China is committed to its vigorous progress in 5G and related to ICT fields, and would like to enhance the collaboration with the ASEAN to promote product development and technical exchanges. The United States hopes that by improving the cybersecurity construction and capabilities of the ASEAN countries, they will be included in the “Indo-Pacific Strategy” to establish a clean and secure Internet environment, and therefore ensure the political interest of the United States.
On the whole, whether it is within ASEAN countries or cooperation with foreign countries and organizations, it shows ASEAN’s concern for technological development and its adverse effects, as well as cybersecurity.
[1] ASEAN. (2018), “Chairman’s Statement of the 32nd ASEAN Summit”, ASEAN Summit. Retrieved from https://asean.org/wp-content/uploads/2018/04/Chairmans-Statement-of-the-32nd-ASEAN-Summit.pdf (Oct 15, 2020)
[2] Kepios. (2020), “Digital 2020”, DATAREPORTAL. Retrieved from https://datareportal.com/reports/?tag=Digital%202020 (Oct 25, 2020)
[3] Lawrence Abrams. (2020), “Over 500,000 Zoom accounts sold on hacker forums, the dark web”, Bleeping Computer. Retrieved from https://www.bleepingcomputer.com/news/security/over-500-000-zoom-accounts-sold-on-hacker-forums-the-dark-web/ (Oct 16, 2020
[4] Interpol. (2020), “Cybercrime: COVID-19 Impact”, Interpol. Retrieved from https://s3.us-west-2.amazonaws.com/secure.notion-static.com/2f8f9a20-8065-432c-b6f6-461c09cb970e/COVID-19_Cybercrime_Analysis_Report-_August_2020.pdf (Oct 20, 2020)
[5] Leo Lin. (2020), “COVID-19’s Impact on Cybersecurity in ASEAN”, Atlas Institute for International Affairs. Retrieved from https://www.internationalaffairshouse.org/covid-19s-impact-on-cybersecurity-in-asean/ (Oct 16, 2020)
[6] Seal of the President. (2018), “NATIONAL CYBER STRATEGY of the United States of America”, The White House. Retrieved from https://www.whitehouse.gov/wp-content/uploads/2018/09/National-Cyber-Strategy.pdf (Oct 20, 2020)
[7] EU. (2019), “REGULATION (EU) 2019/881 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 17 April 2019 on ENISA (the European Union Agency for Cybersecurity) and on information and communications technology cybersecurity certification and repealing Regulation”, Official Journal of the European Union. Retrieved from https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32019R0881&from=EN (Oct 20, 2020)
[8] ASEAN. (2017), “The 17th ASEAN Telecommunications and Information Technology Ministers Meeting and Related Meetings”, ASEAN Summit. Retrieved from https://asean.org/wp-content/uploads/2012/05/14-TELMIN-17-JMS_adopted.pdf (Oct 15, 2020)
[9] ASEAN. (2018), “Chairman’s Statement of the 32nd ASEAN Summit”, ASEAN Summit. Retrieved from https://asean.org/wp-content/uploads/2018/04/Chairmans-Statement-of-the-32nd-ASEAN-Summit.pdf (Oct 15, 2020)
[10] ASEAN. (2019), “Chairman’s Statement of the 34th ASEAN Summit”, ASEAN Summit. Retrieved from https://asean.org/storage/2019/06/Final_Chairs-Statement-of-the-34th-ASEAN-Summit-rev.pdf (Oct 17, 2020)
[11] ASEAN. (2020), “Chairman’s Statement of the 37th ASEAN Summit”, ASEAN Summit. Retrieved from https://asean.org/storage/43-Chairmans-Statement-of-37th-ASEAN-Summit-FINAL.pdf (Nov 17, 2020)
[12] ASEAN. (2020), “ASEAN Comprehensive Recovery Framework and its Implementation Plan”, ASEAN Summit. Retrieved from https://asean.org/storage/2020/11/2-FINAL-ACRF_adopted-37th-ASEAN-Summit_12112020.pdf (Nov 17, 2020)
[13] Cyber Security Agency of Singapore (2020), “Singapore Cyber Landscape 2019”, Singapore Government Agency Website. Retrieved from https://www.csa.gov.sg/news/publications/singapore-cyber-landscape-2019 (Nov 7, 2020)
[14] Eileen Yu. (2020), “Cyber accounts for 26% of all crimes in Singapore”, ZD Net. Retrieved from https://www.zdnet.com/article/cyber-accounts-for-26-of-all-crimes-in-singapore/ (Nov 18, 2020)
[15] Cyber Security Agency of Singapore (2018), “Cybersecurity Act”, Singapore Government Agency Website. Retrieved from https://www.csa.gov.sg/legislation/cybersecurity-act (Nov 9, 2020)
[16] Ibid.
[17] Wassayos Ngamkham and King-Oua Laohong. (2019), “Keeping tabs on cybercrime”, Bangkok Post. Retrieved from https://www.bangkokpost.com/tech/1603482/keeping-tabs-on-cybercrime (Oct 30, 2020)
[18] Serena. (2020), “Cybercrime in Thailand: current trends and solutions”, Pacific Prime Thailand. Retrieved from https://www.pacificprime.co.th/blog/cybercrime-thailand-trends/ (Oct 29, 2020)
[19] UNESCO Bangkok. (2020), “‘Fake news’ in the time of COVID-19”, UNESCO Bangkok. Retrieved from https://bangkok.unesco.org/content/press-provides-antidote-fake-news-time-covid-19 (Oct 29, 2020)
[20] Royal Command. (2019), “Cybersecurity Act”, Government Gazette. Retrieved from https://thainetizen.org/wp-content/uploads/2019/11/thailand-cybersecrutiy-act-2019-en.pdf (Oct 29, 2020)
[21] Ibid.
[22] Luu Phuong (2019), “Local cybercrime threats on the rise”, Vietnam Investment Review. Retrieved from https://www.vir.com.vn/local-cybercrime-threats-on-the-rise-68827.html (Nov 16, 2020)
[23] Ibid.
[24] Reuters (2020), “Four Vietnamese arrested for coronavirus PPE scam targeting U.S. buyers”, Reuters. Retrieved from https://www.reuters.com/article/us-health-coronavirus-vietnam-fraud-idUSKBN25G27Z (Nov 16, 2020)
[25] John Leyden (2020), “Covid-19 cyber-espionage: Vietnam blamed for attacks on Chinese government”, The Daily Swig. Retrieved from https://portswigger.net/daily-swig/covid-19-cyber-espionage-vietnam-blamed-for-attacks-on-chinese-government (Nov 17, 2020)
[26] Socialist Republic of Viet Nam (2018), “Law On Cybersecurity”, National Assembly. Retrieved from https://www.economica.vn/Content/files/LAW%20%26%20REG/Law%20on%20Cyber%20Security%202018.pdf (Nov 17, 2020)
[27] Dezan Shira (2018), “Vietnam Approves New Law on Cybersecurity”, Global Payroll Management Institue. Retrieved from https://www.gpminstitute.com/publications-resources/Global-Payroll-Magazine/december-2018/vietnam-approves-new-law-on-cybersecurity (Nov 19, 2020)
[28] RCEP (2020), “Chapter 12 Electronic Commerce”, RCEP. Retrieved from https://rcepsec.org/wp-content/uploads/2020/11/Chapter-12.pdf (Nov 28, 2020)
[29] Ibid.
[30] Ibid.
[31] CPTPP (2018), “Chapter 14 Electronic Commerce”, CPTPP. Retrieved from https://www.mfat.govt.nz/assets/Trade-agreements/TPP/Text-ENGLISH/14.-Electronic-Commerce-Chapter.pdf (Nov 28, 2020)
[32] Ibid.
[33] Ibid.
[34] Prashanth Parameswaran. (2018), “ASEAN Cybersecurity in the Spotlight Under Singapore’s Chairmanship”, The Diplomat. Retrieved from https://thediplomat.com/2018/04/whats-behind-the-new-japan-asean-cyber-center/ (Oct 15, 2020)
[35] Prashanth Parameswaran. (2017), “Japan-ASEAN Cyber Cooperation in the Spotlight”, The Diplomat. Retrieved from https://thediplomat.com/2017/02/japan-asean-cyber-cooperation-in-the-spotlight/ (Oct 15, 2020)
[36] China Daily. (2020), “Speech by Chinese Premier at the 23rd China-ASEAN Summit”, China Daily. Retrieved from https://www.chinadaily.com.cn/a/202011/13/WS5fad6e7ca31024ad0ba93c17.html (Nov 22, 2020)
[37] Fireeye Labs. (2015), “APT 30 and the Mechanics of a Long-Running Cyber Espionage Operation”, Fire Eye. Retrieved from https://thediplomat.com/2018/04/whats-behind-the-new-japan-asean-cyber-center/ (Oct 15, 2020)
[38] Ibid.
[39] Prashanth Parameswaran. (2019), “What’s Behind the New US-ASEAN Cyber Dialogue?”, The Diplomat. Retrieved from https://thediplomat.com/2019/10/whats-behind-the-new-us-asean-cyber-dialogue/ (Oct 19, 2020)
[40] US Department of State. (2019), “A Digital Connectivity and Cybersecurity Partnership”, US Department of State. Retrieved from https://www.state.gov/digital-connectivity-and-cybersecurity-partnership/ (Oct 25, 2020)
