ASEAN Australia Digital Trade Standards Initiative

ASEAN–Australia Digital Trade Standards Initiative Workshop 3 Report, 2019

Page | 1

ASEAN–Australia Digital Trade Workshop 3 Report, 2019

Background

The final workshop of the ASEAN-Australia Digital Trade Standards Initiative for 2019 was

delivered in Jakarta, Indonesia on 5 and 6 November 2019. This was one of three

workshops delivered by Standards Australia to staff of National Standards Bodies (NSBs) in

ASEAN and their valued stakeholders, as part of the 2019 Initiation Phase of the ASEAN-

Australia Digital Trade Standards Initiative. The Initiative aims to expand bilateral political

and economic linkages between ASEAN and Australia.

The workshops sought to support recommendations identified in the 2018

Recommendations Report published on completion of the 2018 Initiation Phase, focusing

especially on:

• Recommendation 3: Raise awareness of digital trade and international digital trade

standards through education to stakeholders across ASEAN and Australia and

• Recommendation 5: National Standards Body institutional strengthening and

capacity building for improved standardisation processes.

The workshops also contribute to two End of Program Outcomes (EOPO) for the

Initiative:

• EOPO 1: ASEAN Member States more aware of benefits of digital trade, digital trade

standards and standards development process; and

• EOPO 2: Better engagement in international standards fora by NSBs of ASEAN

Workshop 3 addressed two key thematic areas, identified as priorities during the 2018

Initiation Phase:

• Day 1: Good standardisation practice including stakeholder engagement, effective

committee management, and standardisation guides

• Day 2: International Standards for cybersecurity

Attendees

The Workshop was attended by representatives and experts from eight of the ten ASEAN

Member States, as well as Australia and the International Organisation for Standardisation

(ISO) and International Electrotechnical Commission (IEC). There were over 35 participants

on day one, and more than 50 participants on day two. Participants included representatives

from National Standards Bodies, government and regulatory bodies, industry and

associations involved in the digital trade space, and experts in the event theme of

cybersecurity. A list of participants is included at the end of this report.

https://www.standards.org.au/engagement-events/international/asean-australia-digital-trade




https://www.standards.org.au/getmedia/d0942d6e-b58a-4fe4-a17d-aecc52effd50/ASEAN-Australia-Digital-Trade-Recommendations-Report.pdf.aspx

https://www.standards.org.au/getmedia/d0942d6e-b58a-4fe4-a17d-aecc52effd50/ASEAN-Australia-Digital-Trade-Recommendations-Report.pdf.aspx

Page | 2


DAY ONE – Program

Group Photo: Day 1

Opening and Welcomes

Pamela Tarif, Senior International Engagement Manager at Standards Australia, welcomed

all Workshop participants to the third ASEAN-Australia Digital Trade Standards Workshop

for 2019 and encouraged participants to actively engage in the discussions and activities for

the next two days.

Pamela introduced Dr Zakiya, Deputy Director for Implementation of Standards and

Conformity Assessment at the Badan Standardisasi Nasional (BSN) who provided an

opening address to the Workshop attendees on behalf of Indonesia. Dr Zakiyah noted that

the Singapore and Cambodia Workshops had delivered recommendations which benefited

ASEAN Member States in the development of digital trade strategies. Key recommendations

had manifested into ASEAN ACCSQ deliverables and working group work plans as

challenges across the entire region. Such recommendations have also been positively

responded to and progressed by ASEAN Member States. She hoped that this third

Workshop would identify further challenges and opportunities for collaboration and produce

recommendations to support good standardization practice that can strengthen economic

integration and digital trade cooperation initiative.

Page | 3


Project Updates

Pamela continued with an overview of the ASEAN-Australia Digital Trade Standards

Initiative.

It was one of 15 cooperation initiatives announced at the ASEAN-Australia Special Summit

in 2018. Key milestones included conducting focus group sessions and a Digital Trade

Survey by May. This led to an Issues Paper in September which was the focus of a two-day

Digital Trade Workshop in Sydney in October. The Workshop produced a Recommendations

Report in December and identified objectives to increase awareness of international

standards which support digital trade, to support increased engagement of AMS in

international standards development, and encourage greater adoption and use of

international standards that support digital trade.

During 2019, the inception phase continued with 3 Workshops across key digital trade

themes, a standards mapping exercise, and development of a workplan for capacity

building. Pamela explained that the work on the mapping exercise and workplan continued.

The Workshop themes were: Ecommerce for small business; emerging technologies,

blockchain and artificial intelligence; and cybersecurity, held respectively in Singapore,

Phnom Penh and now Jakarta. Pamela saw participation at these events was steadily

increasing and knowledge about the subjects expanding. She encouraged participants to

continue working on the key action items they had identified from Workshops 1 and 2 -

detailed in the Workshop 3 programme - and explained a final session in the programme on

Day 2 would be an opportunity to review all action items, including for Workshop 3. This

would support discussions on next steps for the Initiative.

An ISO and IEC perspective

As a lead in to the training session on stakeholder engagement, effective committee

management and good standardisation practice, participants first heard from ISO and IEC

about their organisation’s best practices.

Page | 4


Ms Maya Ishikawa addresses participants on Day 1

ISO REI project officer, Ms Maya Ishikawa, presented on behalf of the International

Organisation for Standardization (ISO) Central Secretariat. Maya began with the who, why

and how of stakeholder engagement. She introduced the principles for the development of

international standards – transparency, openness, impartiality and consensus, effectiveness

and relevance, coherence, and the development dimention – as set out by the World Trade

Organisation. She demonstrated this by talking of the reverse: a standard that would be

developed in secret, with limited contributions, favoring parties and introducing bias etc.

Global consensus was the objective.

On who to engage, Maya pointed to ISO’s stakeholder categories: industry and commerce,

government, consumers, labour, academic and research bodies, standards application, and

non-governmental organisations. She spoke about the benefits of mapping stakeholders and

developing a long-term engagement strategy. On how to engage stakeholders, Maya

emphasised communicating the value and benefits of standards and informed the group

about key resources and case studies that support this.

Maya also introduced ISO’s new Good Standardisation Practices publication and kindly

handed out copies to all participants to use back in their home countries to ensure NSBs are

following the latest best practice in their standardisation processes and procedures.

Page | 5


Linking back to the cybersecurity theme of the workshop Maya reminded participants of the

ISO Services Workshop in June 2019 which covered key digital trade topics such as

cybersecurity, interoperability and consumer protection. She highlighted key outcomes from

the session including updates on where ASEAN member states are participating in relevant

work in ISO.

In concluding, Maya took questions from participants around choosing best experts, issues

with communicating the value of standards, issues with mapping standards, to provide users

with an idea of which standards to adopt in the digital area, and criteria for deciding on active

or observer participation in technical work.

Ms Suzanne Yap Gook shares the IEC perspective

Technical Manager, Ms Suzanne Yap Geok from the IEC Asia-Pacific Regional Centre

reminded participants about the scope of IEC work with a global knowledge platform where

20 000 experts from industry, commerce, government, laboratories, academia and

consumer groups participate in standardization work, producing over 10000 international

standards to date.

The organisation has a global reach with representation in 173 countries through its

members, associates and affiliates, including from ASEAN member states. Suzanne

described the different categories of membership and their benefits and encouraged greater

participation in the work of IEC.

Suzanne then introduced an IEC perspective on cybersecurity. She explained that mass

integration of cyber physical systems means we now face new security risks, and cyber

Page | 6


security has become a global preoccupation. But not every cyber-attack is equal. A

malicious act against a personal device may be disruptive for an individual, but it normally

stays contained and does not hurt large parts of the population. A cyber-attack on a critical

infrastructure such as a power plant or a hospital however can bring down whole systems

and affect people’s well-being, or ability to run a business, or obtain basic services such as

water, food or healthcare. Suzanne reminded the group that the primary focus of IT is to

ensure that data can flow freely and securely in the virtual world. Since more and more

objects are connected, there are many more attack points through which cyber criminals can

gain access to IT systems.

Critical infrastructure and the automated environment rely on operational technologies to

ensure the correct execution of automated actions such as shutting down a valve to avoid

the overflow of chemicals or bringing a generator online to avoid a blackout. The automated

environment in manufacturing and critical infrastructure such as electricity generation, water

management, transportation, healthcare, etc are therefore also vulnerable to cyber-attacks.

The integration of physical machines with networked sensors and software is blurring the

line between IT and OT. IT teams may have little experience with the physical security

requirements of OT systems and a purely IT led cybersecurity strategy is not appropriate for

critical infrastructure systems. Suzanne then highlighted for participants important

cybersecurity standards developed by IEC and the conformity assessment scheme to test

and certify cybersecurity standards in electrotechnical products and systems.

In concluding her session, Suzanne took questions from participants around affiliate

membership and access to IEC standards and digital trade mirror committees.

Page | 7


Training Session

Learning and Development trainer at Standards Australia, Brendan Slowey, led participants

through a Standards Australia customised training session complete with slides, workbook,

interactive exercises, and links to further reading. The discussions were broken down into

three parts:

1. Engaging stakeholders in new digital work

2. Effective committee management

3. Good standardisation practice

Under part 1, the group heard about Standards Australia’s experience in engaging new

stakeholders in the digital space, in particular Artificial Intelligence (AI). A practical exercise

reflected on how Australia sought to achieve a balanced cross-section of interests in the

discussions and who was critical, important or simply impacted by the work. The group then

carried out an analysis of their own national context and how they would set up a national

committee for AI, testing for balance across stakeholders. The group went on to review

engagement strategies, both proactive and passive, and identified an approach for follow up

at national level.

On part 2, the group revisited the role of an NSB and its responsibilities to support effective

committee meetings and reach consensus on standards development work. The group

reviewed key responsibilities: design and plan meetings; set the context and ground rules;

encourage participation; facilitate discussion; keep to timeframes; record outcomes. The

group also studied and tested body language and verbal skills when facilitating group

conversations. The group also briefly looked at managing conflict in meetings.

Part 3 was a review of good standardisation practice and the use of published guides for

effective processes and policies for the development of standards. Standards Australia

shared its own key Standardisation Guides SG-001, SG-002, SG-003, SG-004 and SG-007

which participants worked through in small groups discussions then reported back to the

room about their purpose and content.

Throughout the day, participants posted feedback on boards about key takeaways from the

discussions. These were taken forward into day two and the final session on Reflections,

Achievements and Next Steps.

Page | 8


Brendan Slowey explains the exercise to a group of participants

Participants working on a training exercise

Page | 9


DAY TWO

Day 2: Group Photo

Opening and Welcomes

Deputy Head of Mission, Megan Jones, welcomed attendees on behalf of the Australian

Government. Megan spoke of the long relationship between ASEAN and Australia as a

dialogue partner. This was based on shared interests and linked by proximity, trade,

community, shared aspirations for the region and spanning economic, socio cultural and

security pillars. Megan thanked ASEAN Member States for their commitment to the Digital

Trade Standards Initiative which recognised the impact of technology and standards for the

ASEAN region.

Page | 10


Megan Jones welcomes participants on Day 2

She noted that a digital economy is no longer niche but essential and pointed to other

Australian initiatives in support of digital trade, for example an international cyber

engagement strategy and an e-commerce fund, including within the ASEAN architecture.

She reminded the meeting that the current phase builds on work from 2018 delivered by

Standards Australia; 2019 and 2020 would aim to deliver a standards mapping exercise to

identify priority standards that support the ASEAN economic agenda, as well as a DFAT and

ASEAN approved work plan for the implementation phase.

Dr Zakiya, Deputy Director for Implementation of Standards and Conformity Assessment at

the Badan Standardisasi Nasional (BSN) then addressed the Workshop on behalf of

Indonesia. She spoke of the importance of the Workshop theme, cybersecurity, in digital

trade and acknowledged the experts in the field from various countries that had come to the

Workshop to share their expertise.

Dr Zakiya welcomes participants on Day 2

Page | 11


She encouraged participants to build on the Workshop training and network with the

speakers to engage and raise awareness of relevant International Standards on

cybersecurity for systems and devices.

She expressed confidence that through standards harmonization, technical and regulatory

alignment among AMS and Australia, national competencies in the field of digital trade

would be enhanced and result in good data and digital system management. She hoped for

constructive discussions during the Workshop that would lead to further dialogue in the

future.

Cybersecurity, Industry 4.0, Education and Training: Ms Prerana

Mehta

Prerana Mehta, Chief of Ecosystem Development introduced AustCyber as an industry-led

organisation established as part of the Australian Government’s Industry Growth Centres

initiative and forming part of the National Innovation and Science Agenda, and Australian

Cyber Security Strategy. AustCyber’s objectives include growing a cyber security sector that

delivers economic benefit to Australia and can allow Australian cyber security businesses to

flourish nationally and globally.

Prerana noted that cybersecurity was defined as: the protection of data and systems from

cyber threats and attacks, spanning the technical and the non-technical. She highlighted key

facts and figures: the global spend on Cyber Security by 2025 would reach US$250 bn;

ASEAN demand for cyber security products and services were projected to triple in 6 years

to reach $7.3 bn; some 59% of suppliers globally confirmed data breaches in 2018, with

50% of current attacks not only aimed at target network but also their supply chain; and 90%

of Australia’s leading 250 websites did not know the difference between a bot and a

customer.

Prerana Mehta introduces her organisation’s work

Page | 12


Prerana introduced the three perspectives of cybersecurity: national security, which was

defensive and offensive action to protect country, critical infrastructure and people;

economic and business security, which involved managing risk; and human security.

Prerana added that cybersecurity is an enabler of economic growth and a sector in its own

right. It sits across all sectors: medical, financial, defence industry, critical infrastructure &

services etc.

She spoke of the technology landscape past, present and future, including industrial

revolutions (agrarian to urban, steam engine, factories; then steel, electricity, mass

production; then digital technology, ICT; and today’s embedded tech, cyber-physical).

Current technological innovations – such as the Internet of Things, machine learning,

Quantum, Blockchain, Complete digitisation – was changing the landscape through its scale

and speed. The convergence of technologies was adding further complexity as well and risk.

With increased digitalisation and automation, Prerana noted that cybersecurity is more

important in Industry 4.0 and advanced manufacturing applications.

Prerana concluded that global value chains and greater technological complexity brought

higher risk. Trust had become critical to managing risk and this was where standards &

accreditation were vital. Prerana explained that global supply chain requirements can only

be truly delivered on if the value chains supporting them can be trusted - cyber provides both

the security and the assurance of trust. From trust and assurance comes greater market

opportunity and preference in an increasingly noisy procurement environment domestically

and internationally.

Prerana shared a breakdown of the Australian cybersecurity workforce and sample

cybersecurity work roles. She anticipated a shortage of 18,000 cyber skilled people in 2025

so action was in hand to build a pipeline of interested boys and girls at primary and

secondary school level by introducing cyber skills. This would feed through to university level

where courses and curriculum would be both practical and multidisciplinary, with innovative

research working closely with industry in a multisectoral approach.

Page | 13


Cybersecurity in Australia: Dr Jed Horner

Dr Horner talks Cybersecurity in Australia

Dr Jed Horner, Strategic Advocacy Manager at Standards Australia pointed to a shared

challenge on cybersecurity across all nations, including Australia and ASEAN Member

States. This included a growing awareness of cyber threats by state and non-state actors

and a realisation of the economic impact. There was an expanding threat environment (due

to more data, more digital). This was coming from core critical infrastructure like energy,

telecommunications, water to specific applications and data sources. This meant we all

needed to do more to protect our countries from cyber-attacks.

One key step in this direction taken by Australia was the inaugural appointment of an

Ambassador for Cyber Affairs to lead Australia's whole‑of‑government international

engagement to advance and protect Australia's national security, foreign policy, economic

and trade, and development interests in the internet and in cyberspace. Jed highlighted

recent high-profile examples of cyber-attacks in Australia that reinforce the need for this role.

He also drew attention to a New South Wales Audit Office Report in 2018 that noted that

case study agencies it had reviewed were not learning from incidents to help improve

management of incidents in the future. The report went on recommend use of International

Standard ISO/IEC 27001 Information Security Management given its requirements that

knowledge gained from analysing and resolving information security incidents be used to

reduce the likelihood or impact of future incidents. Jed also pointed to Government policy

responses, such as that of New South Wales and Western Australia both of which had

introduced security policies.

Jed further highlighted Australia’s Protective Security Policy Framework (PFSP), developed

to assist Australian Government entities to protect their people, information and assets, at

home and overseas. Jed added that Australia’s 2020 Cyber Security Strategy was also in

Page | 14


the pipeline. This would build on a 2016 Strategy and acknowledged that the landscape had

evolved, and magnitude of threats increased and would become more acute as the society

and economy became increasingly connected. The standards environment in Australia was

seeing a corresponding increase in uptake of standards like the ISO/IEC 27000 series,

especially within Australian financial institutions.

Cybersecurity in Singapore: Mr Wong Onn Chee

Mr Wong Onn Chee, Member, Security and Privacy Standards Technical Committee and

Chair, Cloud Security Working Group spoke of how cybersecurity standards have helped

Singapore.

He began by introducing the Singapore Standardisation Structure, explaining the roles and

responsibilities at each level, and detailing the IT Standards Committee structure:

Mr Wong introduced the group to cybersecurity standards in use in Singapore, including

cloud computing security standards highlighted in ISO/IEC 27017:2015, and Singapore’s

national adoption of ISO/IEC 21878:2019.

Mr Wong explained Singapore benefits from the use of these standards because: they

support national initiatives, including in the area of National Digital Identity, Smart Urban

Mobility, and Smart Nation Sensor Platform; they quicken industry growth ahead of ISO/IEC

standards; they guide local vendors, providing direction and better security in their offerings

Page | 15


and so can compete with global players; and they educate local users on the expected

security controls from their vendors and aid in their selection of vendors.

For the organisations that he works with, Mr Wong also explained the benefits of standards:

they provide ethical security testing, assessment and audit services to key national projects;

they provide dedicated outbound protection to cloud/web services to protect against data

leakages and display of defacement; they provide cybersecurity advisory to clients in areas

of data protection, incident response planning, simulation exercises and provide forensic and

post-incident response support. Mr Wong wanted to continue supporting his organisations

and planned future activities including certification of ISO 9001, ISO/IEC 27001:2013

(focused on ISO/IEC 27017:2015) and ISO/IEC 27001:2013 and implementing other

ISO/IEC standards (27035, 27050).

Mr Wong closed his presentation with key take-away messages for the audience. He

advised regulators to consider including international and/or national cybersecurity

standards as industry requirements. This would ‘force” local players to up their game and

compete with international players and allow local users to enjoy more secure services or

goods. It would also reduce the effort of regulatory oversight. Furthermore, regulators should

consider including enablement programs and infrastructure to support local players. This

would provide support - consultancy and training - to drive capability upgrading of local

players. Working with national accreditation bodies and national standards bodies helps

strengthen standards and conformity infrastructure to enable local players to be certified.

For users and vendors, Mr Wong suggested they consider including international and/or

national cybersecurity standards as vendor requirements. This would bring more secure

services or goods and provide more objective assessment of vendors and maximise value

returned from investment. He further recommended benchmarking against international

and/or national cybersecurity standards to improve an organisation's security posture and

become more resilient to cyber risks. It would allow competition with international players

and provide more secure services or goods to customers, and for vendors to expand to

international markets.

Page | 16


Mr Wong talks Cybersecurity in Singapore

Walkabout Q and A: round one

To round off and reinforce the messages from these discussions, participants were invited to

rotate around each topic to discuss more with each speaker. This sparked a lively round of

questions and answers that participants reported as useful in deepening their understanding

of the technologies and opportunities for standardisation.

Participants are actively engaged in the Q&A with presenters

Page | 17


Cybersecurity in Malaysia: Dr Maslina Daud and Ms Norsalimi

Shaleh

Dr Daud of CyberSecurity Malaysia, the national ICT security and emergency response

centre, began by explaining that the digital environment in Malaysia is already complex and

introduced the country’s cybersecurity approach. Key proactive measures included risk

assessments, business continuity management, vulnerability assessments and penetration

testing, coupled with reactive measures such as incident management and digital forensics.

Dr Daud and Ms Shaleh on Cybersecurity in Malaysia

She described the trend for ISO/IEC 27001 certified organisations in Malaysia, growing

dramatically from 18 organisations in 2006 to 319 in 2019. Dr Daud introduced the most

used security standards in Malaysia, including national adoptions of International Standards

(such as ISO/IEC 27001 and ISO/IEC 15408 in Certification, ISO/IEC 17025 in Product

Testing and Evaluation Laboratory, and ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27037

for Processes) and ongoing work to strengthen international cybersecurity through the

ISO/IEC 27000 Series.

Ms Shaleh of the National Cyber Security Agency Malaysia continued the presentation with

an explanation of the Malaysian cybersecurity ecosystem and how her organisation, the

National Cyber Security Agency (NACSA) contributes to policy making, governance and

coordination:

Page | 18


Ms Saleh explained the history and evolution of cybersecurity governance in the country,

which had begun in 2006 and had led to the creation of NACSA in 2017 and development of

Malaysia’s Cyber Security Strategy for 2020 – 2024. NACSA was now the lead agency for

cyber security under the aegis of the National Security Council with the objective of securing

and strengthening Malaysia's resilience in facing cyberattacks, by coordinating and

consolidating the nation's best experts and resources in the field of cybersecurity.

The vision for Malaysia's Critical National Information Infrastructure (CNII) is to be secure,

resilient and self-reliant, promoting stability, social well-being and wealth creation. A key

policy direction is implementation and certification of nationally adopted ISO/IEC 27001

standards across all CNII sectors. Ms Salah closed off her presentation by sharing the key

pillars, strategies, action plans and programmes of the Cyber Security Strategy for 2020 –

2024.

Cybersecurity in Vietnam: Mr Nguyen Thanh Tuyen

Mr Nguyen Thanh Tuyen, Cybersecurity and Counter High-tech Crime Department at the

Vietnam’s Ministry of Public Security gave an update on Vietnam’s current situation and

solutions for cybersecurity.

He began by explaining that the Internet first reached Vietnam in 1997 but today there are

64 million users, which accounts for 67% of the population. All ministries, branches and

localities nationwide have built and put into operation websites, portals, information

technology systems and Vietnam is working towards digital Government, digital society and

digital economy. This meant that Vietnam was also facing many risks of cybersecurity and

information safety which infringe upon social order and safety as well as national security.

Page | 19


Attacks on websites and portals remain high with information gathering attacks accounting

for over 25%. Other kinds of attacks – such as privilege escalation, denial service, hijacking

and malicious attacks - also exist but are fewer in number. The rate of information systems

security holes and infected with malicious code remains high.

Mr Nguyen Thanh Tuyen talks Cybersecurity in Vietnam

To address these issues, Vietnam has enacted two laws: the 2015 Law on Network

Information Security which took effect in July 2016 and classifies the importance of

information systems into different levels; and the 2018 Law on Cybersecurity which took

effect in 2019.

In addition, Vietnam has developed sub-law documents such as decrees and circulars to

guide implementation. Vietnam has also introduced TCVN 11930:2017 Standard, a national

standard on basic requirements for information technology safety techniques.

Page | 20


Cybersecurity in Indonesia: Mr Bondan Widiawan and Mr Neil El

Himam

Neil El Himam of the Indonesian National Tourism and Creative Economy Agency

addressed the audience on Cybersecurity: standards implementation in Indonesia. He

began with a clear message that “it was all about the market!” with the following data about

market potential reinforcing his point:

Mr Himam spoke of a paradigm shift where ICT was converging with lifestyles. He referred

to a cyber culture where, for example, Facebook Netizens exceeded 1500 million, 65 Million

of whom were in Indonesia.

He pointed to the cyber economy: E-banking, E-commerce, E-Money, E-government, E-

health, E-transportation, E-everything! He drew on the example of GoJek – a company first

established in Indonesia in 2010 as a call centre to connect consumers to courier delivery

and two-wheeled ride-hailing services. It was now present in 5 countries and 204 cities.

They had over 2 million drivers and 400,000+ merchants and was valued at USD 9,5 billion.

It had become a de-facto e-commerce platform.

He spoke about information security being the preservation of confidentiality, integrity and

availability of information, as defined by ISO/IEC 27000:2016. He also pointed to the data

revolution where data had begun as just data, then it became an asset, then today it has

become a risk, drawing greater need for security standards like ISO/IEC 27001.

Page | 21


He posed an open question of how data might be regarded and managed in the future. Mr

Himam shared with the audience examples of security standards in use in Indonesia across

key areas such as governance, information security, and e-health.

Mr Bondan Widiawan of the Cyber Security Agency for Indonesia continued the presentation

with a discussion on cybersecurity standards and the importance of establishing a frontline

defence against immediate threats against industry, government, transport, health systems

etc. He explained that massive computing, Nano satellites, next generation-fibre optics,

cloud computing, Artificial Intelligence, Big Data and Blockchain were all presenting new

security challenges and inviting new threats such as hacktivism, Cyber Crime, Cyber

Terrorism, Cyber Espionage, State Sponsored/Well-Organized Crime and State Actors.

Cyber-attacks in Indonesia in the first six months of 2019 were varied but some two thirds

were trojan style activities. A strategy was therefore in place in Indonesia to improve

cybersecurity, enhance capabilities, develop innovation in cybersecurity, implement a legal

framework and expand international cooperation and cyber diplomacy. This called for

collaboration and cooperation across government ministries and agencies as well as

telecommunication providers.

Page | 22


Walkabout Q and A: round two

To round off and reinforce the messages from these discussions, participants were invited to

rotate around each topic to discuss more with each speaker. This sparked a lively round of

questions and answers that participants reported as useful in deepening their understanding

of the technologies and opportunities for standardisation.

Reflections, Achievements and Next Steps

Participants identify key findings from the Workshop

The final session on Day Two of the workshop involved a reflection on the progress of the

workshop program and next steps for the initiative. Workshop participants were encouraged

to identify and share the following: key learnings from the workshop program, actions taken

or planned to be taken as a result of the program and recommendations for the next steps of

the initiative.

Page | 23


Key Learnings

130 key learnings were identified by workshop participants. These have been categorised

into the following categories and set out in the graph below: Digital Trade Awareness, Digital

Standards Awareness, Standardisation Skills, International Participation and Regional

Cooperation.

Learnings identified by workshop participants were as follows:

• The principles of good standardisation practice

• The importance of identifying and actively engaging stakeholders

• How to effectively engage stakeholders and assess the balance of representation in

a technical committee

• The necessity of standardised measures in order to ensure your security

• Experiences and case studies from experts and other countries on cyber security.

Actions taken or planned to be taken

Participants identified 59 actions that have been taken or will be taken as a result of the

workshop program. These are categorised into the following: Improved Digital Trade

Awareness, Improved Standards Development Practice, Improved International

Participation.

40

14

77

713Learnings by Category

Digital Trade Awareness Digital Trade Standards Awareness

Standardisation Skills International Participation

Regional Cooperation

Page | 24


Examples of actions include:

• Write a short guide for Technical Committees

• To develop and adopt ISO standards for cyber security and other standards as

national standards

• Review a roadmap as standards develop of implementation strategy

• To invite local cyber agency to give awareness talk

• The NSB has formed a secretariat to manage the meetings

• Create new committee for specific disruptive standards (now is blockchain, IoT)

• Identify priority standards to be developed in 2020

27

31

4

Actions taken or will be taken, by category

Improved Digital Trade Awareness Improved Standards Development Practice

Improved International Participation

Page | 25


Recommendations for Next Steps

49 recommendations were identified by workshop participants to take forward in the next

steps of the initiative. These recommendations are categorised into the following: Digital

Trade, NSB Training, Regional Cooperation and Workshop Design.

Examples of recommendations include:

• Adopting a common set of standards between Australian and ASEAN countries to

respond to the growth of digital trade between countries.

• Include visitation to observe real practice of industry

• More awareness to stakeholders and public about cyber security and cyber

knowledge

• Help NSB to be able to take part in ISO/IEC JTC 1

• Encourage regional collaboration between technical specialists for adoption and

setting up standards

• Exchange of officers to another ASEAN country.

Bonnie Rivendell from the APEC Study Centre, RMIT University, gave a brief overview of

the current work progressing to develop next steps of the initiative.

She reported that a standards mapping exercise is currently underway, and will be

presented to ACCSQ in the near future. In addition, a work plan for 2020-2022 was under

development and further information on this will also be shared soon.

25

13

18

12

Recommendations by Category

Digital Trade NSB Training Regional Cooperation Workshop Design

Page | 26


Country Participant Organisation

Cambodia Mr Pen Tonat Institute of Standards of Cambodia

Mr Nhem Thoeun Institute of Standards of Cambodia

Mr Phav Lam Ministry of Post and Telecommunication

Mr Meas Linna ACLEDA BANK PLC

Indonesia Mr Rois Ricaro National Standardization Agency of Indonesia

Mr Rizky Mulya Akbar National Standardization Agency of Indonesia

Ms Ratih Aulia National Standardization Agency of Indonesia

Mr Kristianto Widiwardono National Standardization Agency of Indonesia

Mr Fitor Huda National Standardization Agency of Indonesia

Farisah Primarani National Standardization Agency of Indonesia

Mr Slamet Aji Pamungkas National Standardization Agency of Indonesia

Evan B National Standardization Agency of Indonesia

Mr Sutarwanto National Standardization Agency of Indonesia

Mr Ariyanto Hernowo National Standardization Agency of Indonesia

Ms Kartika Anggar Kusuma National Standardization Agency of Indonesia

Konny Sagala National Standardization Agency of Indonesia

Dr Zakiya National Standardization Agency of Indonesia

Mr Panji Ashari National Standardization Agency of Indonesia

Lao PDR Mr Phouthasak Baochanh Department of Standardisation and Metrology

Mr Bounthone Philavong Department of Standardisation and Metrology

Ms Vilaylack Onsiphanla Department of Standardisation and Metrology

Ms Amonechith Maniphonh TCE Service Center

Malaysia Ms Siti Mariam Mohd Din Department of Standardization Malaysia

Mr Mahadir Mohamed Department of Standards Malaysia

Dr Maslina Daud CyberSecurity Malaysia

Ms Norsalimi Shaleh CyberSecurity Malaysia

Myanmar Dr Soe Soe Khine National Standards and Quality Department

Dr War War Moe National Standards and Quality Department

Mr Myo Khing Win Department of Trade, Ministry of Commerce

Mr Ye Yint Win Myanmar Computer Federation

Philippines Ms Myra F. Magabilin Bureau of Philippine Standards

Mr Edgardo D. Del Rosario Bureau of Philippine Standards

Mr Angel Alvin R. Ruelos Bureau of Philippine Standards

Mr Jonathan Rudolph Y.

Ragsag

National Privacy Commission, Data Security and

Technology Standards Division

Thailand Mr Prakit Sangpar Advisor of Information Technology Industry Club

Mr Pranontha Titavanno National Digital Economy and Society Commission

Mr Ekapong Rimcharoen National Digital Economy and Society Commission

Mr Natchapol

Worakitpreeda

Office of ICT Standards, Electronic Transactions

Development Agency

Page | 27


Viet Nam Mr Nguyen Hai Anh Directorate for Standards, Metrology and Quality,

STAMEQ

Mr Lai Manh Tuan National Agency of Cryptography and Information

Security

Ms Truong Hanh Hoa International Cooperation Department

STAMEQ

Australia Ms Clare Hobern Standards Australia

Ms Pamela Tarif Standards Australia

Ms Torrin Marquardt Standards Australia

ISO Ms Maya Ishikawa ISO

IEC Ms Suzanne Yap Geok Sim IEC

Speakers Ms Prerana Mehta AustCyber

Mr Nguyen Thanh Tuyen Cyber Security and Counter High-Tech Crime

Department, Ministry of Public Security

Dr Jed Horner Standards Australia

Mr Wong Onn Chee Infotect Security, Singapore

Mr Bondan Widiawan Cyber Security Agency for Indonesia

Mr Neil El Himam Indonesian National Tourism & Creative Economy

Agency

Dr Maslina Daud CyberSecurity Malaysia

Ms Norsalimi Shaleh CyberSecurity Malaysia

Observers Ms Lusia Herwahyu ASEAN Secretariat

Mr Yan Aryanto ASEAN Secretariat

Ms Bonnie Rivendell APEC, RMIT University

Ms Georgie Passalaris TRPC

Ms Sarah Lee TRPC

ASEAN Australia Digital Trade Standards Initiative

Documents