ASEAN's ROLE IN CYBERSECURITY MAINTENANCE AND SECURITY STRATEGY THROUGH AN INTERNATIONAL SECURITY APPROACH

Abstract

neither just about how big the economy is nor how strong the military is. However, it is also about the values it offers to the world, and one of them is its mastery of technology." 9 Given that cybercrime is a transnational crime and the lack of handling of ASEAN member state governments in handling cybercrime, it reflects that there is a need for cooperation of law, politics, and security, as well as an increase in cybersecurity facilities to minimize the losses that will occur. 10 Therefore, the multilateralism approach is an effective solution, and this is in line with the results of III C 2000 millennium Congress and The Congress UN on The Prevention of Crime and The Treatment of Fugitives Offenders, which emphasizes that to prevent and overcome cybercrime that is transnational crime requires international cooperation efforts between countries in the world. 11 Based on the background that has been stated, the author formulates a formulation of the problem, namely, how is ASEAN's strategy in dealing with cybercrime in the region? This study's method of approach is the literature review on cybercrime. Sources are obtained using secondary data through research results based on literature research.

B. Discussion
The Association of Southeast Asian Nations (ASEAN) is a regional cooperation organization in the Southeast Asian region founded on August 8, 1967. ASEAN was established to maintain world peace and safety in the Southeast Asian region. 12 Currently, ASEAN consists of 10 countries: Indonesia, Malaysia, Singapore, Thailand, the Philippines, Brunei, Vietnam, Laos, Myanmar, and Cambodia. ASEAN has three pillars which include the ASEAN Political-Security Community (APSC), the ASEAN Economic Community (AEC), and the ASEAN Socio-Cultural Community (ASCC). 13 The discussion about cybersecurity intersects with one of the ASEAN pillars, APSC. With the APSC, it is hoped that ASEAN member states can coordinate well in facing the region's global challenges and emerging threats.
One of the global challenges and threats around security that is an essential issue in the region is cybersecurity-related. This issue is inseparable from the development of Information and Communications Technology (ICT) in ASEAN, based on the ASEAN ICT Master Plan in 2011. It contains details about how ASEAN wants to develop its ICT sector. Then in its development, ASEAN has made considerable progress in the development of the ICT sector by incorporating ICT development as one of the connectivity aspects in its current master plan for the building of ASEAN Community 2015, which contains encompasses physical, institutional, and people-to-people connectivity with ICT as an integral part of physical connectivity. 14 However, it turns out that an important aspect is not paid attention to, namely the security aspect, resulting in the fragility of the ICT security system.
Cyber security has become one of the priorities of leaders in the ASEAN region, especially after the disruption caused by the Covid-19 pandemic, which made all elements of society adapt 9 Muhamad Rizal, Yanyan M. Yani, "Cybersecurity Policy and Its Implementation in Indonesia", Journal of ASEAN Studies, Vol. 4, No. 1 (2016), pp. 61-78, 2016  to the era of digitalization because cyber security plays a vital role in the development of a country's stability. This is in line with one of ASEAN's objectives contained in Article 1 of the ASEAN Charter, which aims to maintain and enhance peace, security, and stability and further strengthen peace-oriented values in the Region. Concerning cybersecurity, Piet Hein van Kempen says that: "security may be described as freedom from such phenomena as a threat, danger, vulnerability, menace, force, and attack. 15 Furthermore, according to Lucas Kello, cybersecurity has mechanisms for protecting computer operating systems from threats of danger. Therefore cybersecurity can be understood when there is no illegal intrusion into computer systems. 16 Based on the results of research conducted by the ASEAN Desk, several cyber threats stand out in 2020 and beyond, including: 1. Business E-mail Compromise is a mode of fraud by posing as the victim's business partner company and aiming to obtain funds that should be directed to the actual business partner company. 2. Phishing is an attempt to obtain information about someone's data by phishing techniques. The data targeted for phishing are personal data (name, age, address), account data (username and password), and financial data (credit card information, accounts). 3. Ransomware can be defined as a mass extortion of personal data or information stolen to seek profit from the victim in the form of money. 4. E-commerce data interception is a threat to confidentiality in the form of information intercepted so that people who are not entitled can access the computer where the information is stored. 5. Crimeware-as-a-Service (CaaS) is malware software that encrypts files and documents from one of the computers to the entire network. The perpetrator will ask the victim for a ransom to be able to access the network that has been taken over again. Spyware, phishing kits, browser hijackers, keyloggers, and more are available to attackers through CaaS. 6. Cyber scams are fraudulent schemes by using fake websites to steal personal information and misuse it. 7. Cryptojacking is a type of cybercrime in which hackers use the victim's device secretly to take advantage of cryptocurrencies. In general, ASEAN member states have devised specific strategies for improving cybersecurity, such as implementing cybersecurity policies and laws to ensure the openness of internet platforms to enhance innovation and the economy while maintaining security in cyberspace and protecting the personal information and privacy of their citizens from being misused. For example, in the three countries in ASEAN, firstly Indonesia, to protect information security in cyberspace, issued Law No. 11 of 2008 concerning Information and Electronic Transactions which is the basis for the formulation of regulations and policies related to information security, then related to the protection of personal data and privacy regulated in Ministerial Regulation No. 20 of 2016 which is now Indonesia as of September 20, 2022, the Personal Data Protection Law has been passed by House of Representatives. 17 In addition, the Indonesian government also established a National Cyber and Encryption Agency (BSSN) responsible for preventing cyber-attacks and responding with an urgent strategy. 15  Furthermore, Singapore has also made efforts to improve cybersecurity through its various programs, which in 2005 began with the launch of planning in the form of a Cybersecurity Masterplan. Infocom Security Masterplan in 2007. Then continuing with the launch of the National Cyber Security Masterplan and the National Cyber Security Research and Development Program in 2013, in the same year also, Singapore pioneered the establishment of the National Cyber Security Center, which was established as a central body to supervise and coordinate all aspects of cybersecurity for the country. In its development, in 2015, a Cyber Security Agency was formed. Further on its regulatory aspects, in 2017, Singapore amended the existing Computer Abuse and Cybersecurity Act to address the increasing scale and transnational nature of cybercrime. 18 A comprehensive approach to improving cybersecurity in Singapore is reflected in the renewal of the National Cyber Security Master Plan, Cyber Watch Centre, and Threat Assessment Centre. Singapore established Cyber Security Agencies (CSAs) in all sectors as private and public partners.
As for the cybersecurity handling measures carried out by the Malaysian government through a series of existing developments, through the National Security Emergency Response Centre (NISER) 2006 was given the power to implement the National Cyber Security Policy (NCSP) policy to make Malaysia's IT System "safe, resilient and independent." Then NISER changed its name to Cyber Security Malaysia was parked under the Ministry of Science, Technology, and Innovation (MOSTI). 19 In its policy implementation, Malaysia implemented eight procedures in the National Cyber Security Framework, which consists of regulation and control, technology, and cooperation between public-private, institutional as well as worldwide aspects. 20 In addition, Malaysia is also active in organizing prevention programs, such as the Cyber Security Awareness for Everyone program. Considering the need for a forum to accommodate aspirations related to cybersecurity issues, the Malaysian government also provides email hotlines at (cyber999@cybersecurity.my) in the fight against cybercrime so that this can help local Law Enforcement Agencies. 21 Nonetheless, another problem in a nation's handling of cybercrime is a global phenomenon. Every country would be unable to fight this crime without the cooperation of the whole world. Cooperation between countries must reduce and control these cybercrimes before they become out of control. In the face of cybercrime of a multi-jurisdictional nature, there must be a quality improvement, especially with the latest technology that continues to increase. It should be of particular concern for each ASEAN member state to prepare preventive measures for cybercrime.

ASEAN's Steps in Managing Cybersecurity
So far, cybercrime handling tends to bilateral relations whose implementation is still limited. In this case, it can be understood that the concept of bilateral relations is a traditional approach, so the scope of security is defined by geopolitical terms and limited to relations between countries that intersect with nuclear use and military strategy issues. In summary, traditional security interprets a threat related to the state and physical threats from outside. International cooperation can enhance cybersecurity. 22 Thus, its development will give rise to initiatives, and 18 Muhammad Fikry Anshori, Rizki Ananda Ramadhan, "Kepentingan Singapura pada Keamanan Siber di Asia Tenggara dalam Singapore International Cyber Week", Padjadjaran Journal of International Relations Vol. therefore when difficulties arise in the enforcement of cyber incidents, it should not be ignored. 23 In line with this, according to the Coordinating Minister for Political, Legal, and Security Affairs of Indonesia, Wiranto, on the occasion of the 6 th Meeting of Attorneys General /Ministers of Justice and Minister of Law on the Treaty on Mutual Legal Assistance in Criminal Matters (Among Like-Minded ASEAN Member Countries) the eradication of transnational criminal acts must be carried out immediately by a country. 24 Otherwise, this will damage the political process, weakening security, endangering society, hindering economic development, and hindering the government of a country that is already doing well. 25 International Law plays a role in the principle of regulating behavior among international actors, not least in the context of technological advances, therefore in also playing a role in the development or dissemination of emerging technologies in response to the need to protect the international community from excesses, possible disasters, even risks posed by technology. 26 Realizing that the handling of cybersecurity must be done through international cooperation, ASEAN, as a regional organization with a basis or foundation in preparing activities or agendas, can determine the role of each member state. This can be seen from the existence of the ASEAN Charter, which is binding to provide legal status and institutional framework to compile values and regulations to set targets for ASEAN to present accountability and fulfillment. So after realizing that ASEAN has a vital role in the region, at a later stage, the question arises what challenges are faced by ASEAN in handling cybersecurity? Through several analyses of various problems in the region, it was found that the problem is contained in the ASEAN body itself and external ASEAN, especially in the coordination of problem-solving. One factor that hinders it is the inconsistency of member states in an effort to implement the framework that has been prepared through the institutions they have formed. On the other hand, the external challenges faced are increasingly complex, especially regarding transnational crimes. 27 The commitment to maintaining cybersecurity in the region is seen at several meetings, such as the ASEAN Ministerial Meeting on Transnational Crime (AMMTC), ASEAN Telecommunications Regulators Council (ATRC), ASEAN Senior Officials Meeting on Transnational Crime (SOMTC), Senior dan Officials Meeting on Social Welfare and Development (SOMSWD). In addition, the implementation of the Cybersecurity Maintenance and Security Strategy within the framework of multilateral cooperation can be seen in the ASEAN Regional Forum (ARF) through the ASEAN Political-Security Community (APSC) blueprint in Sub Chapter B.4.1. It is about an agreement to increase cooperation in nontraditional threats, specifically addressing transnational and cross-border crime issues. The discussion of Cybercrime is contained in Article XVII. 28 In this regard, in 2006, ARF established ARF on cybersecurity initiatives related to the discussion of Cybercrime in ASEAN, which was then outlined in ASEAN's Cooperation on Cybersecurity and against Cybercrime. The ASEAN Regional Forum (ARF) was established in 1994, which aims to encourage constructive dialogue and consultation on political and security issues of common concern and interest, as well as positively contribute to confidence building and preventive diplomacy in the  Lampung Journal of Iternational Law (LaJIL) P-ISSN 2656-6532 Volume 4 Number 2, July-December 2022E-ISSN: 2723-2603 Asia-Pacific region. 29 In this case, there is a difference with the concept of security cooperation by the North Atlantic Treaty Organization (NATO), which is synonymous with using military force. At the same time, the ARF tends to dialogue and engagement as a way of preventing conflicts in the region. 30 The ARF on cybersecurity initiatives is part of ASEAN's mechanism in dealing with cybercrime contained in ASEAN's Cooperation on Cybersecurity and against cybercrime. The ARF on cybersecurity initiatives began to be implemented in 2006 through a joint statement at a meeting in Malaysia and was reaffirmed in the ARF Statement on Cooperation in Ensuring Cyber Security in Phnom Penh on 12 July 2012. The realization of the joint statement is then implemented in the form of various training at the regional level, with one of the focuses being how a country responds and coordinates when cyber incidents occur. 31 In order to follow up on this cooperation, various international meetings were held in addition to the ARF, such as the ASEAN Ministerial Meeting on Transnational Crime (AMMTC), the ASEAN Senior Officials Meeting on Transnational Crime (SOMTC), the ASEAN Ministerial Conference on Cybersecurity (AMCC), and the ASEAN Telecommunications and IT Ministers Meeting (TELMIN). ASEAN SOMTC aims to implement the Comprehensive Partnership between ASEAN and the United Nations. On November 19, 2011, ASEAN leaders and the UN Secretary met to discuss the Joint Declaration in Bali, Indonesia. Regional meetings continue to increase ASEAN's capacity to address the growing number of cyber threats in the ASEAN region.
Then The ASEAN Ministerial Conference on Cybersecurity (AMCC) the meeting was held in Singapore on October 11, 2016. In its development, Singapore held the ASEAN Cyber Capacity Program to ensure that the ability of ASEAN member countries can be increased in dealing with cyber security issues. To that end, four ASEAN mechanisms look to aspects of cybersecurity and cybercrime, namely: the ASEAN Ministerial Meeting on Transnational Crime (AMMTC); ASEAN Telecommunications and IT Ministers Meeting (TELMIN); the ASEAN Regional Forum (ARF), and the ASEAN Senior Officials Meeting on Transnational Crime (SOMTC). Starting from regional news, issues that are then analyzed will be discussed in various ASEAN forums to establish cooperation in transnational crime, including cybercrime. SOMTC then implements the AMMTC plan. 32 The framework contained in the ASEAN Regional Forum Work Plan on Security of and in The Use of Information and Communications Technologies (ICT) document on May 7, 2015, contains several goals to be achieved through a work plan as a means to promote a peaceful, safe, open, and mutually cooperative ICT environment and to prevent conflicts and crises by developing trust between ARF member states and capacity building. In its development through the ARF, ASEAN continues to follow up on cybersecurity cooperation using international global with China, Japan, the European Union, the United States, Australia, Canada, India, New Zealand, Russia, and South Korea. So that ASEAN cooperation can strengthen the country's security against the dangers of cyber aggression. The framework contained in the ASEAN Regional Forum Work Plan on Security of and in The Use of Information and Communications Technologies (ICT) document on May 7, 2015, contains several goals to be achieved through a work plan as a means to promote a peaceful, safe, open, and mutually cooperative ICT environment and to prevent conflicts and crises by developing trust between ARF member states and capacity building. In its development through the ARF, ASEAN continues to follow 29 Michael Raska, Benjamin Ang, "Cybersecurity in Southeast Asia", Paris: up on cybersecurity cooperation using international global with China, Japan, the European Union, the United States, Australia, Canada, India, New Zealand, Russia, and South Korea. So that ASEAN cooperation can strengthen the country's security against the dangers of cyber aggression.

C. Conclusion
ASEAN, as a forum for cooperation for member states, plays a critical role in realizing cybersecurity. Therefore, ASEAN must improve its holistic handling of cyber resilience by strengthening the framework and work plan conceived together. It is necessary to embrace countries that are still passive so that cybersecurity can improve positively. On the other hand, cooperation between dialogue partnerships such as Japan, China, America, and several other countries is not limited to agreements but also requires a review of the components needed to encourage the success of cybersecurity resilience in ASEAN. In addition, the cyber issue itself is still a struggle for ASEAN because it is a new issue, so extra efforts are still needed to attract member states.