The ASEAN Cybersecurity Ecosystem: A Co-creation Approach

The ASEAN Cybersecurity Ecosystem: A Co-creation Approach

Cybersecurity resilience is an ultimate goal to be reached by organisations and countries to be able to continue operating and delivering services in spite of cyber-attacks. A well-functioning cybersecurity innovation ecosystem is a means to guarantee the development of solutions that help to predict, prevent and respond to cyber-attacks. Against this background and considering that the emergence of an ecosystem is a co-creative process in which different activities play significant role, VTT and ASEAN partners held workshops with relevant stakeholders in the ASEAN region to strengthen a common vision for the cybersecurity innovation ecosystem and identify steps in achieving this vision.

The main assumption for the vision creation was that by sharing the vision, actors support other elements of the ecosystem, like trust and governance, to get ground to develop. The focus group styled workshops included representatives from each of the YAKSHA target groups, namely – SMEs and Large Corporations; Critical infrastructure organisations; Government and policy making organisations; Knowledge and research and development organisations; as well as Associations, networks of organisations and other interested parties, including media representatives and NGOs. In addition to local stakeholders, the workshops were also attended by YAKSHA European partner organisations who facilitated the group discussions.

YAKSHA successfully organised three workshops: in Kuala Lumpur, Malaysia on 25 September, and two parallel workshops in Bangkok, Thailand and Ha Noi, Vietnam on 28 September 2018. The workshops specifically aimed at generating ideas to action paths and desirable scenarios to be considered for the establishment of the cybersecurity innovation ecosystem.

During the workshops, the participants created shared visions for the year 2030 and action roadmaps taking into account their own stakeholder groups’ perspectives and the state of the art of the national cybersecurity innovation ecosystem. A needs and gaps analysis drove the actions roadmap and contributed to a plan including the ecosystem actors in charge of implementation and the beneficiaries of the actions.  In brief, the main results of the workshops are listed in sequence.

Towards a resilient cybersecurity ecosystem

As part of developing a common cybersecurity ecosystem, workshop participants identified main national needs and gaps.

The most prominent needs are related to lack of awareness of cybersecurity across the countries, insufficient provision of education in cybersecurity, lack of financial resources to implement cybersecurity measures and solutions, lack of locally developed and produced cybersecurity solutions, lack of public-private sector collaboration, and insufficient international cooperation in the field.

An overall picture of the exercise identified public awareness and education to be urgently addressed in the three countries. A strategic planning process has started by means of the action plans, which foresee the implementation of measures to promote societal awareness and preparedness to deal with cybersecurity issues and include support to new businesses in the field. Even though there are elements of the innovation ecosystem in place, but in different levels of implementation, there is still a need to foment interactions and feedback loops among key actors from academia, industry, government, business and society.

Due to series of YAKSHA Co-creation Workshops, building of capabilities to create a resilient cybersecurity domain has been initiated and shall enforce stakeholders’ inclusiveness and engagement with international organisations in partnerships to support ASEAN region in education, awareness raising, business and policy advise. Preparation for resilience is also needed from the political arena, as the threats evolve quickly, and policies should adapt to the needs of this fast-evolving field.