View
11
Download
0
Category
Preview:
Citation preview
ASEAN–Australia Digital Trade Standards Initiative Workshop 3 Report, 2019
Page | 1
ASEAN–Australia Digital Trade Workshop 3 Report, 2019
Background
The final workshop of the ASEAN-Australia Digital Trade Standards Initiative for 2019 was
delivered in Jakarta, Indonesia on 5 and 6 November 2019. This was one of three
workshops delivered by Standards Australia to staff of National Standards Bodies (NSBs) in
ASEAN and their valued stakeholders, as part of the 2019 Initiation Phase of the ASEAN-
Australia Digital Trade Standards Initiative. The Initiative aims to expand bilateral political
and economic linkages between ASEAN and Australia.
The workshops sought to support recommendations identified in the 2018
Recommendations Report published on completion of the 2018 Initiation Phase, focusing
especially on:
• Recommendation 3: Raise awareness of digital trade and international digital trade
standards through education to stakeholders across ASEAN and Australia and
• Recommendation 5: National Standards Body institutional strengthening and
capacity building for improved standardisation processes.
The workshops also contribute to two End of Program Outcomes (EOPO) for the
Initiative:
• EOPO 1: ASEAN Member States more aware of benefits of digital trade, digital trade
standards and standards development process; and
• EOPO 2: Better engagement in international standards fora by NSBs of ASEAN
Workshop 3 addressed two key thematic areas, identified as priorities during the 2018
Initiation Phase:
• Day 1: Good standardisation practice including stakeholder engagement, effective
committee management, and standardisation guides
• Day 2: International Standards for cybersecurity
Attendees
The Workshop was attended by representatives and experts from eight of the ten ASEAN
Member States, as well as Australia and the International Organisation for Standardisation
(ISO) and International Electrotechnical Commission (IEC). There were over 35 participants
on day one, and more than 50 participants on day two. Participants included representatives
from National Standards Bodies, government and regulatory bodies, industry and
associations involved in the digital trade space, and experts in the event theme of
cybersecurity. A list of participants is included at the end of this report.
Page | 2
ASEAN–Australia Digital Trade Workshop 3 Report, 2019
DAY ONE – Program
Group Photo: Day 1
Opening and Welcomes
Pamela Tarif, Senior International Engagement Manager at Standards Australia, welcomed
all Workshop participants to the third ASEAN-Australia Digital Trade Standards Workshop
for 2019 and encouraged participants to actively engage in the discussions and activities for
the next two days.
Pamela introduced Dr Zakiya, Deputy Director for Implementation of Standards and
Conformity Assessment at the Badan Standardisasi Nasional (BSN) who provided an
opening address to the Workshop attendees on behalf of Indonesia. Dr Zakiyah noted that
the Singapore and Cambodia Workshops had delivered recommendations which benefited
ASEAN Member States in the development of digital trade strategies. Key recommendations
had manifested into ASEAN ACCSQ deliverables and working group work plans as
challenges across the entire region. Such recommendations have also been positively
responded to and progressed by ASEAN Member States. She hoped that this third
Workshop would identify further challenges and opportunities for collaboration and produce
recommendations to support good standardization practice that can strengthen economic
integration and digital trade cooperation initiative.
Page | 3
ASEAN–Australia Digital Trade Workshop 3 Report, 2019
Project Updates
Pamela continued with an overview of the ASEAN-Australia Digital Trade Standards
Initiative.
It was one of 15 cooperation initiatives announced at the ASEAN-Australia Special Summit
in 2018. Key milestones included conducting focus group sessions and a Digital Trade
Survey by May. This led to an Issues Paper in September which was the focus of a two-day
Digital Trade Workshop in Sydney in October. The Workshop produced a Recommendations
Report in December and identified objectives to increase awareness of international
standards which support digital trade, to support increased engagement of AMS in
international standards development, and encourage greater adoption and use of
international standards that support digital trade.
During 2019, the inception phase continued with 3 Workshops across key digital trade
themes, a standards mapping exercise, and development of a workplan for capacity
building. Pamela explained that the work on the mapping exercise and workplan continued.
The Workshop themes were: Ecommerce for small business; emerging technologies,
blockchain and artificial intelligence; and cybersecurity, held respectively in Singapore,
Phnom Penh and now Jakarta. Pamela saw participation at these events was steadily
increasing and knowledge about the subjects expanding. She encouraged participants to
continue working on the key action items they had identified from Workshops 1 and 2 -
detailed in the Workshop 3 programme - and explained a final session in the programme on
Day 2 would be an opportunity to review all action items, including for Workshop 3. This
would support discussions on next steps for the Initiative.
An ISO and IEC perspective
As a lead in to the training session on stakeholder engagement, effective committee
management and good standardisation practice, participants first heard from ISO and IEC
about their organisation’s best practices.
Page | 4
ASEAN–Australia Digital Trade Workshop 3 Report, 2019
Ms Maya Ishikawa addresses participants on Day 1
ISO REI project officer, Ms Maya Ishikawa, presented on behalf of the International
Organisation for Standardization (ISO) Central Secretariat. Maya began with the who, why
and how of stakeholder engagement. She introduced the principles for the development of
international standards – transparency, openness, impartiality and consensus, effectiveness
and relevance, coherence, and the development dimention – as set out by the World Trade
Organisation. She demonstrated this by talking of the reverse: a standard that would be
developed in secret, with limited contributions, favoring parties and introducing bias etc.
Global consensus was the objective.
On who to engage, Maya pointed to ISO’s stakeholder categories: industry and commerce,
government, consumers, labour, academic and research bodies, standards application, and
non-governmental organisations. She spoke about the benefits of mapping stakeholders and
developing a long-term engagement strategy. On how to engage stakeholders, Maya
emphasised communicating the value and benefits of standards and informed the group
about key resources and case studies that support this.
Maya also introduced ISO’s new Good Standardisation Practices publication and kindly
handed out copies to all participants to use back in their home countries to ensure NSBs are
following the latest best practice in their standardisation processes and procedures.
Page | 5
ASEAN–Australia Digital Trade Workshop 3 Report, 2019
Linking back to the cybersecurity theme of the workshop Maya reminded participants of the
ISO Services Workshop in June 2019 which covered key digital trade topics such as
cybersecurity, interoperability and consumer protection. She highlighted key outcomes from
the session including updates on where ASEAN member states are participating in relevant
work in ISO.
In concluding, Maya took questions from participants around choosing best experts, issues
with communicating the value of standards, issues with mapping standards, to provide users
with an idea of which standards to adopt in the digital area, and criteria for deciding on active
or observer participation in technical work.
Ms Suzanne Yap Gook shares the IEC perspective
Technical Manager, Ms Suzanne Yap Geok from the IEC Asia-Pacific Regional Centre
reminded participants about the scope of IEC work with a global knowledge platform where
20 000 experts from industry, commerce, government, laboratories, academia and
consumer groups participate in standardization work, producing over 10000 international
standards to date.
The organisation has a global reach with representation in 173 countries through its
members, associates and affiliates, including from ASEAN member states. Suzanne
described the different categories of membership and their benefits and encouraged greater
participation in the work of IEC.
Suzanne then introduced an IEC perspective on cybersecurity. She explained that mass
integration of cyber physical systems means we now face new security risks, and cyber
Page | 6
ASEAN–Australia Digital Trade Workshop 3 Report, 2019
security has become a global preoccupation. But not every cyber-attack is equal. A
malicious act against a personal device may be disruptive for an individual, but it normally
stays contained and does not hurt large parts of the population. A cyber-attack on a critical
infrastructure such as a power plant or a hospital however can bring down whole systems
and affect people’s well-being, or ability to run a business, or obtain basic services such as
water, food or healthcare. Suzanne reminded the group that the primary focus of IT is to
ensure that data can flow freely and securely in the virtual world. Since more and more
objects are connected, there are many more attack points through which cyber criminals can
gain access to IT systems.
Critical infrastructure and the automated environment rely on operational technologies to
ensure the correct execution of automated actions such as shutting down a valve to avoid
the overflow of chemicals or bringing a generator online to avoid a blackout. The automated
environment in manufacturing and critical infrastructure such as electricity generation, water
management, transportation, healthcare, etc are therefore also vulnerable to cyber-attacks.
The integration of physical machines with networked sensors and software is blurring the
line between IT and OT. IT teams may have little experience with the physical security
requirements of OT systems and a purely IT led cybersecurity strategy is not appropriate for
critical infrastructure systems. Suzanne then highlighted for participants important
cybersecurity standards developed by IEC and the conformity assessment scheme to test
and certify cybersecurity standards in electrotechnical products and systems.
In concluding her session, Suzanne took questions from participants around affiliate
membership and access to IEC standards and digital trade mirror committees.
Page | 7
ASEAN–Australia Digital Trade Workshop 3 Report, 2019
Training Session
Learning and Development trainer at Standards Australia, Brendan Slowey, led participants
through a Standards Australia customised training session complete with slides, workbook,
interactive exercises, and links to further reading. The discussions were broken down into
three parts:
1. Engaging stakeholders in new digital work
2. Effective committee management
3. Good standardisation practice
Under part 1, the group heard about Standards Australia’s experience in engaging new
stakeholders in the digital space, in particular Artificial Intelligence (AI). A practical exercise
reflected on how Australia sought to achieve a balanced cross-section of interests in the
discussions and who was critical, important or simply impacted by the work. The group then
carried out an analysis of their own national context and how they would set up a national
committee for AI, testing for balance across stakeholders. The group went on to review
engagement strategies, both proactive and passive, and identified an approach for follow up
at national level.
On part 2, the group revisited the role of an NSB and its responsibilities to support effective
committee meetings and reach consensus on standards development work. The group
reviewed key responsibilities: design and plan meetings; set the context and ground rules;
encourage participation; facilitate discussion; keep to timeframes; record outcomes. The
group also studied and tested body language and verbal skills when facilitating group
conversations. The group also briefly looked at managing conflict in meetings.
Part 3 was a review of good standardisation practice and the use of published guides for
effective processes and policies for the development of standards. Standards Australia
shared its own key Standardisation Guides SG-001, SG-002, SG-003, SG-004 and SG-007
which participants worked through in small groups discussions then reported back to the
room about their purpose and content.
Throughout the day, participants posted feedback on boards about key takeaways from the
discussions. These were taken forward into day two and the final session on Reflections,
Achievements and Next Steps.
Page | 8
ASEAN–Australia Digital Trade Workshop 3 Report, 2019
Brendan Slowey explains the exercise to a group of participants
Participants working on a training exercise
Page | 9
ASEAN–Australia Digital Trade Workshop 3 Report, 2019
DAY TWO
Day 2: Group Photo
Opening and Welcomes
Deputy Head of Mission, Megan Jones, welcomed attendees on behalf of the Australian
Government. Megan spoke of the long relationship between ASEAN and Australia as a
dialogue partner. This was based on shared interests and linked by proximity, trade,
community, shared aspirations for the region and spanning economic, socio cultural and
security pillars. Megan thanked ASEAN Member States for their commitment to the Digital
Trade Standards Initiative which recognised the impact of technology and standards for the
ASEAN region.
Page | 10
ASEAN–Australia Digital Trade Workshop 3 Report, 2019
Megan Jones welcomes participants on Day 2
She noted that a digital economy is no longer niche but essential and pointed to other
Australian initiatives in support of digital trade, for example an international cyber
engagement strategy and an e-commerce fund, including within the ASEAN architecture.
She reminded the meeting that the current phase builds on work from 2018 delivered by
Standards Australia; 2019 and 2020 would aim to deliver a standards mapping exercise to
identify priority standards that support the ASEAN economic agenda, as well as a DFAT and
ASEAN approved work plan for the implementation phase.
Dr Zakiya, Deputy Director for Implementation of Standards and Conformity Assessment at
the Badan Standardisasi Nasional (BSN) then addressed the Workshop on behalf of
Indonesia. She spoke of the importance of the Workshop theme, cybersecurity, in digital
trade and acknowledged the experts in the field from various countries that had come to the
Workshop to share their expertise.
Dr Zakiya welcomes participants on Day 2
Page | 11
ASEAN–Australia Digital Trade Workshop 3 Report, 2019
She encouraged participants to build on the Workshop training and network with the
speakers to engage and raise awareness of relevant International Standards on
cybersecurity for systems and devices.
She expressed confidence that through standards harmonization, technical and regulatory
alignment among AMS and Australia, national competencies in the field of digital trade
would be enhanced and result in good data and digital system management. She hoped for
constructive discussions during the Workshop that would lead to further dialogue in the
future.
Cybersecurity, Industry 4.0, Education and Training: Ms Prerana
Mehta
Prerana Mehta, Chief of Ecosystem Development introduced AustCyber as an industry-led
organisation established as part of the Australian Government’s Industry Growth Centres
initiative and forming part of the National Innovation and Science Agenda, and Australian
Cyber Security Strategy. AustCyber’s objectives include growing a cyber security sector that
delivers economic benefit to Australia and can allow Australian cyber security businesses to
flourish nationally and globally.
Prerana noted that cybersecurity was defined as: the protection of data and systems from
cyber threats and attacks, spanning the technical and the non-technical. She highlighted key
facts and figures: the global spend on Cyber Security by 2025 would reach US$250 bn;
ASEAN demand for cyber security products and services were projected to triple in 6 years
to reach $7.3 bn; some 59% of suppliers globally confirmed data breaches in 2018, with
50% of current attacks not only aimed at target network but also their supply chain; and 90%
of Australia’s leading 250 websites did not know the difference between a bot and a
customer.
Prerana Mehta introduces her organisation’s work
Page | 12
ASEAN–Australia Digital Trade Workshop 3 Report, 2019
Prerana introduced the three perspectives of cybersecurity: national security, which was
defensive and offensive action to protect country, critical infrastructure and people;
economic and business security, which involved managing risk; and human security.
Prerana added that cybersecurity is an enabler of economic growth and a sector in its own
right. It sits across all sectors: medical, financial, defence industry, critical infrastructure &
services etc.
She spoke of the technology landscape past, present and future, including industrial
revolutions (agrarian to urban, steam engine, factories; then steel, electricity, mass
production; then digital technology, ICT; and today’s embedded tech, cyber-physical).
Current technological innovations – such as the Internet of Things, machine learning,
Quantum, Blockchain, Complete digitisation – was changing the landscape through its scale
and speed. The convergence of technologies was adding further complexity as well and risk.
With increased digitalisation and automation, Prerana noted that cybersecurity is more
important in Industry 4.0 and advanced manufacturing applications.
Prerana concluded that global value chains and greater technological complexity brought
higher risk. Trust had become critical to managing risk and this was where standards &
accreditation were vital. Prerana explained that global supply chain requirements can only
be truly delivered on if the value chains supporting them can be trusted - cyber provides both
the security and the assurance of trust. From trust and assurance comes greater market
opportunity and preference in an increasingly noisy procurement environment domestically
and internationally.
Prerana shared a breakdown of the Australian cybersecurity workforce and sample
cybersecurity work roles. She anticipated a shortage of 18,000 cyber skilled people in 2025
so action was in hand to build a pipeline of interested boys and girls at primary and
secondary school level by introducing cyber skills. This would feed through to university level
where courses and curriculum would be both practical and multidisciplinary, with innovative
research working closely with industry in a multisectoral approach.
Page | 13
ASEAN–Australia Digital Trade Workshop 3 Report, 2019
Cybersecurity in Australia: Dr Jed Horner
Dr Horner talks Cybersecurity in Australia
Dr Jed Horner, Strategic Advocacy Manager at Standards Australia pointed to a shared
challenge on cybersecurity across all nations, including Australia and ASEAN Member
States. This included a growing awareness of cyber threats by state and non-state actors
and a realisation of the economic impact. There was an expanding threat environment (due
to more data, more digital). This was coming from core critical infrastructure like energy,
telecommunications, water to specific applications and data sources. This meant we all
needed to do more to protect our countries from cyber-attacks.
One key step in this direction taken by Australia was the inaugural appointment of an
Ambassador for Cyber Affairs to lead Australia's whole‑of‑government international
engagement to advance and protect Australia's national security, foreign policy, economic
and trade, and development interests in the internet and in cyberspace. Jed highlighted
recent high-profile examples of cyber-attacks in Australia that reinforce the need for this role.
He also drew attention to a New South Wales Audit Office Report in 2018 that noted that
case study agencies it had reviewed were not learning from incidents to help improve
management of incidents in the future. The report went on recommend use of International
Standard ISO/IEC 27001 Information Security Management given its requirements that
knowledge gained from analysing and resolving information security incidents be used to
reduce the likelihood or impact of future incidents. Jed also pointed to Government policy
responses, such as that of New South Wales and Western Australia both of which had
introduced security policies.
Jed further highlighted Australia’s Protective Security Policy Framework (PFSP), developed
to assist Australian Government entities to protect their people, information and assets, at
home and overseas. Jed added that Australia’s 2020 Cyber Security Strategy was also in
Page | 14
ASEAN–Australia Digital Trade Workshop 3 Report, 2019
the pipeline. This would build on a 2016 Strategy and acknowledged that the landscape had
evolved, and magnitude of threats increased and would become more acute as the society
and economy became increasingly connected. The standards environment in Australia was
seeing a corresponding increase in uptake of standards like the ISO/IEC 27000 series,
especially within Australian financial institutions.
Cybersecurity in Singapore: Mr Wong Onn Chee
Mr Wong Onn Chee, Member, Security and Privacy Standards Technical Committee and
Chair, Cloud Security Working Group spoke of how cybersecurity standards have helped
Singapore.
He began by introducing the Singapore Standardisation Structure, explaining the roles and
responsibilities at each level, and detailing the IT Standards Committee structure:
Mr Wong introduced the group to cybersecurity standards in use in Singapore, including
cloud computing security standards highlighted in ISO/IEC 27017:2015, and Singapore’s
national adoption of ISO/IEC 21878:2019.
Mr Wong explained Singapore benefits from the use of these standards because: they
support national initiatives, including in the area of National Digital Identity, Smart Urban
Mobility, and Smart Nation Sensor Platform; they quicken industry growth ahead of ISO/IEC
standards; they guide local vendors, providing direction and better security in their offerings
Page | 15
ASEAN–Australia Digital Trade Workshop 3 Report, 2019
and so can compete with global players; and they educate local users on the expected
security controls from their vendors and aid in their selection of vendors.
For the organisations that he works with, Mr Wong also explained the benefits of standards:
they provide ethical security testing, assessment and audit services to key national projects;
they provide dedicated outbound protection to cloud/web services to protect against data
leakages and display of defacement; they provide cybersecurity advisory to clients in areas
of data protection, incident response planning, simulation exercises and provide forensic and
post-incident response support. Mr Wong wanted to continue supporting his organisations
and planned future activities including certification of ISO 9001, ISO/IEC 27001:2013
(focused on ISO/IEC 27017:2015) and ISO/IEC 27001:2013 and implementing other
ISO/IEC standards (27035, 27050).
Mr Wong closed his presentation with key take-away messages for the audience. He
advised regulators to consider including international and/or national cybersecurity
standards as industry requirements. This would ‘force” local players to up their game and
compete with international players and allow local users to enjoy more secure services or
goods. It would also reduce the effort of regulatory oversight. Furthermore, regulators should
consider including enablement programs and infrastructure to support local players. This
would provide support - consultancy and training - to drive capability upgrading of local
players. Working with national accreditation bodies and national standards bodies helps
strengthen standards and conformity infrastructure to enable local players to be certified.
For users and vendors, Mr Wong suggested they consider including international and/or
national cybersecurity standards as vendor requirements. This would bring more secure
services or goods and provide more objective assessment of vendors and maximise value
returned from investment. He further recommended benchmarking against international
and/or national cybersecurity standards to improve an organisation's security posture and
become more resilient to cyber risks. It would allow competition with international players
and provide more secure services or goods to customers, and for vendors to expand to
international markets.
Page | 16
ASEAN–Australia Digital Trade Workshop 3 Report, 2019
Mr Wong talks Cybersecurity in Singapore
Walkabout Q and A: round one
To round off and reinforce the messages from these discussions, participants were invited to
rotate around each topic to discuss more with each speaker. This sparked a lively round of
questions and answers that participants reported as useful in deepening their understanding
of the technologies and opportunities for standardisation.
Participants are actively engaged in the Q&A with presenters
Page | 17
ASEAN–Australia Digital Trade Workshop 3 Report, 2019
Cybersecurity in Malaysia: Dr Maslina Daud and Ms Norsalimi
Shaleh
Dr Daud of CyberSecurity Malaysia, the national ICT security and emergency response
centre, began by explaining that the digital environment in Malaysia is already complex and
introduced the country’s cybersecurity approach. Key proactive measures included risk
assessments, business continuity management, vulnerability assessments and penetration
testing, coupled with reactive measures such as incident management and digital forensics.
Dr Daud and Ms Shaleh on Cybersecurity in Malaysia
She described the trend for ISO/IEC 27001 certified organisations in Malaysia, growing
dramatically from 18 organisations in 2006 to 319 in 2019. Dr Daud introduced the most
used security standards in Malaysia, including national adoptions of International Standards
(such as ISO/IEC 27001 and ISO/IEC 15408 in Certification, ISO/IEC 17025 in Product
Testing and Evaluation Laboratory, and ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27037
for Processes) and ongoing work to strengthen international cybersecurity through the
ISO/IEC 27000 Series.
Ms Shaleh of the National Cyber Security Agency Malaysia continued the presentation with
an explanation of the Malaysian cybersecurity ecosystem and how her organisation, the
National Cyber Security Agency (NACSA) contributes to policy making, governance and
coordination:
Page | 18
ASEAN–Australia Digital Trade Workshop 3 Report, 2019
Ms Saleh explained the history and evolution of cybersecurity governance in the country,
which had begun in 2006 and had led to the creation of NACSA in 2017 and development of
Malaysia’s Cyber Security Strategy for 2020 – 2024. NACSA was now the lead agency for
cyber security under the aegis of the National Security Council with the objective of securing
and strengthening Malaysia's resilience in facing cyberattacks, by coordinating and
consolidating the nation's best experts and resources in the field of cybersecurity.
The vision for Malaysia's Critical National Information Infrastructure (CNII) is to be secure,
resilient and self-reliant, promoting stability, social well-being and wealth creation. A key
policy direction is implementation and certification of nationally adopted ISO/IEC 27001
standards across all CNII sectors. Ms Salah closed off her presentation by sharing the key
pillars, strategies, action plans and programmes of the Cyber Security Strategy for 2020 –
2024.
Cybersecurity in Vietnam: Mr Nguyen Thanh Tuyen
Mr Nguyen Thanh Tuyen, Cybersecurity and Counter High-tech Crime Department at the
Vietnam’s Ministry of Public Security gave an update on Vietnam’s current situation and
solutions for cybersecurity.
He began by explaining that the Internet first reached Vietnam in 1997 but today there are
64 million users, which accounts for 67% of the population. All ministries, branches and
localities nationwide have built and put into operation websites, portals, information
technology systems and Vietnam is working towards digital Government, digital society and
digital economy. This meant that Vietnam was also facing many risks of cybersecurity and
information safety which infringe upon social order and safety as well as national security.
Page | 19
ASEAN–Australia Digital Trade Workshop 3 Report, 2019
Attacks on websites and portals remain high with information gathering attacks accounting
for over 25%. Other kinds of attacks – such as privilege escalation, denial service, hijacking
and malicious attacks - also exist but are fewer in number. The rate of information systems
security holes and infected with malicious code remains high.
Mr Nguyen Thanh Tuyen talks Cybersecurity in Vietnam
To address these issues, Vietnam has enacted two laws: the 2015 Law on Network
Information Security which took effect in July 2016 and classifies the importance of
information systems into different levels; and the 2018 Law on Cybersecurity which took
effect in 2019.
In addition, Vietnam has developed sub-law documents such as decrees and circulars to
guide implementation. Vietnam has also introduced TCVN 11930:2017 Standard, a national
standard on basic requirements for information technology safety techniques.
Page | 20
ASEAN–Australia Digital Trade Workshop 3 Report, 2019
Cybersecurity in Indonesia: Mr Bondan Widiawan and Mr Neil El
Himam
Neil El Himam of the Indonesian National Tourism and Creative Economy Agency
addressed the audience on Cybersecurity: standards implementation in Indonesia. He
began with a clear message that “it was all about the market!” with the following data about
market potential reinforcing his point:
Mr Himam spoke of a paradigm shift where ICT was converging with lifestyles. He referred
to a cyber culture where, for example, Facebook Netizens exceeded 1500 million, 65 Million
of whom were in Indonesia.
He pointed to the cyber economy: E-banking, E-commerce, E-Money, E-government, E-
health, E-transportation, E-everything! He drew on the example of GoJek – a company first
established in Indonesia in 2010 as a call centre to connect consumers to courier delivery
and two-wheeled ride-hailing services. It was now present in 5 countries and 204 cities.
They had over 2 million drivers and 400,000+ merchants and was valued at USD 9,5 billion.
It had become a de-facto e-commerce platform.
He spoke about information security being the preservation of confidentiality, integrity and
availability of information, as defined by ISO/IEC 27000:2016. He also pointed to the data
revolution where data had begun as just data, then it became an asset, then today it has
become a risk, drawing greater need for security standards like ISO/IEC 27001.
Page | 21
ASEAN–Australia Digital Trade Workshop 3 Report, 2019
He posed an open question of how data might be regarded and managed in the future. Mr
Himam shared with the audience examples of security standards in use in Indonesia across
key areas such as governance, information security, and e-health.
Mr Bondan Widiawan of the Cyber Security Agency for Indonesia continued the presentation
with a discussion on cybersecurity standards and the importance of establishing a frontline
defence against immediate threats against industry, government, transport, health systems
etc. He explained that massive computing, Nano satellites, next generation-fibre optics,
cloud computing, Artificial Intelligence, Big Data and Blockchain were all presenting new
security challenges and inviting new threats such as hacktivism, Cyber Crime, Cyber
Terrorism, Cyber Espionage, State Sponsored/Well-Organized Crime and State Actors.
Cyber-attacks in Indonesia in the first six months of 2019 were varied but some two thirds
were trojan style activities. A strategy was therefore in place in Indonesia to improve
cybersecurity, enhance capabilities, develop innovation in cybersecurity, implement a legal
framework and expand international cooperation and cyber diplomacy. This called for
collaboration and cooperation across government ministries and agencies as well as
telecommunication providers.
Page | 22
ASEAN–Australia Digital Trade Workshop 3 Report, 2019
Walkabout Q and A: round two
To round off and reinforce the messages from these discussions, participants were invited to
rotate around each topic to discuss more with each speaker. This sparked a lively round of
questions and answers that participants reported as useful in deepening their understanding
of the technologies and opportunities for standardisation.
Reflections, Achievements and Next Steps
Participants identify key findings from the Workshop
The final session on Day Two of the workshop involved a reflection on the progress of the
workshop program and next steps for the initiative. Workshop participants were encouraged
to identify and share the following: key learnings from the workshop program, actions taken
or planned to be taken as a result of the program and recommendations for the next steps of
the initiative.
Page | 23
ASEAN–Australia Digital Trade Workshop 3 Report, 2019
Key Learnings
130 key learnings were identified by workshop participants. These have been categorised
into the following categories and set out in the graph below: Digital Trade Awareness, Digital
Standards Awareness, Standardisation Skills, International Participation and Regional
Cooperation.
Learnings identified by workshop participants were as follows:
• The principles of good standardisation practice
• The importance of identifying and actively engaging stakeholders
• How to effectively engage stakeholders and assess the balance of representation in
a technical committee
• The necessity of standardised measures in order to ensure your security
• Experiences and case studies from experts and other countries on cyber security.
Actions taken or planned to be taken
Participants identified 59 actions that have been taken or will be taken as a result of the
workshop program. These are categorised into the following: Improved Digital Trade
Awareness, Improved Standards Development Practice, Improved International
Participation.
40
14
77
713Learnings by Category
Digital Trade Awareness Digital Trade Standards Awareness
Standardisation Skills International Participation
Regional Cooperation
Page | 24
ASEAN–Australia Digital Trade Workshop 3 Report, 2019
Examples of actions include:
• Write a short guide for Technical Committees
• To develop and adopt ISO standards for cyber security and other standards as
national standards
• Review a roadmap as standards develop of implementation strategy
• To invite local cyber agency to give awareness talk
• The NSB has formed a secretariat to manage the meetings
• Create new committee for specific disruptive standards (now is blockchain, IoT)
• Identify priority standards to be developed in 2020
27
31
4
Actions taken or will be taken, by category
Improved Digital Trade Awareness Improved Standards Development Practice
Improved International Participation
Page | 25
ASEAN–Australia Digital Trade Workshop 3 Report, 2019
Recommendations for Next Steps
49 recommendations were identified by workshop participants to take forward in the next
steps of the initiative. These recommendations are categorised into the following: Digital
Trade, NSB Training, Regional Cooperation and Workshop Design.
Examples of recommendations include:
• Adopting a common set of standards between Australian and ASEAN countries to
respond to the growth of digital trade between countries.
• Include visitation to observe real practice of industry
• More awareness to stakeholders and public about cyber security and cyber
knowledge
• Help NSB to be able to take part in ISO/IEC JTC 1
• Encourage regional collaboration between technical specialists for adoption and
setting up standards
• Exchange of officers to another ASEAN country.
Bonnie Rivendell from the APEC Study Centre, RMIT University, gave a brief overview of
the current work progressing to develop next steps of the initiative.
She reported that a standards mapping exercise is currently underway, and will be
presented to ACCSQ in the near future. In addition, a work plan for 2020-2022 was under
development and further information on this will also be shared soon.
25
13
18
12
Recommendations by Category
Digital Trade NSB Training Regional Cooperation Workshop Design
Page | 26
ASEAN–Australia Digital Trade Workshop 3 Report, 2019
Country Participant Organisation
Cambodia Mr Pen Tonat Institute of Standards of Cambodia
Mr Nhem Thoeun Institute of Standards of Cambodia
Mr Phav Lam Ministry of Post and Telecommunication
Mr Meas Linna ACLEDA BANK PLC
Indonesia Mr Rois Ricaro National Standardization Agency of Indonesia
Mr Rizky Mulya Akbar National Standardization Agency of Indonesia
Ms Ratih Aulia National Standardization Agency of Indonesia
Mr Kristianto Widiwardono National Standardization Agency of Indonesia
Mr Fitor Huda National Standardization Agency of Indonesia
Farisah Primarani National Standardization Agency of Indonesia
Mr Slamet Aji Pamungkas National Standardization Agency of Indonesia
Evan B National Standardization Agency of Indonesia
Mr Sutarwanto National Standardization Agency of Indonesia
Mr Ariyanto Hernowo National Standardization Agency of Indonesia
Ms Kartika Anggar Kusuma National Standardization Agency of Indonesia
Konny Sagala National Standardization Agency of Indonesia
Dr Zakiya National Standardization Agency of Indonesia
Mr Panji Ashari National Standardization Agency of Indonesia
Lao PDR Mr Phouthasak Baochanh Department of Standardisation and Metrology
Mr Bounthone Philavong Department of Standardisation and Metrology
Ms Vilaylack Onsiphanla Department of Standardisation and Metrology
Ms Amonechith Maniphonh TCE Service Center
Malaysia Ms Siti Mariam Mohd Din Department of Standardization Malaysia
Mr Mahadir Mohamed Department of Standards Malaysia
Dr Maslina Daud CyberSecurity Malaysia
Ms Norsalimi Shaleh CyberSecurity Malaysia
Myanmar Dr Soe Soe Khine National Standards and Quality Department
Dr War War Moe National Standards and Quality Department
Mr Myo Khing Win Department of Trade, Ministry of Commerce
Mr Ye Yint Win Myanmar Computer Federation
Philippines Ms Myra F. Magabilin Bureau of Philippine Standards
Mr Edgardo D. Del Rosario Bureau of Philippine Standards
Mr Angel Alvin R. Ruelos Bureau of Philippine Standards
Mr Jonathan Rudolph Y.
Ragsag
National Privacy Commission, Data Security and
Technology Standards Division
Thailand Mr Prakit Sangpar Advisor of Information Technology Industry Club
Mr Pranontha Titavanno National Digital Economy and Society Commission
Mr Ekapong Rimcharoen National Digital Economy and Society Commission
Mr Natchapol
Worakitpreeda
Office of ICT Standards, Electronic Transactions
Development Agency
Page | 27
ASEAN–Australia Digital Trade Workshop 3 Report, 2019
Viet Nam Mr Nguyen Hai Anh Directorate for Standards, Metrology and Quality,
STAMEQ
Mr Lai Manh Tuan National Agency of Cryptography and Information
Security
Ms Truong Hanh Hoa International Cooperation Department
STAMEQ
Australia Ms Clare Hobern Standards Australia
Ms Pamela Tarif Standards Australia
Ms Torrin Marquardt Standards Australia
ISO Ms Maya Ishikawa ISO
IEC Ms Suzanne Yap Geok Sim IEC
Speakers Ms Prerana Mehta AustCyber
Mr Nguyen Thanh Tuyen Cyber Security and Counter High-Tech Crime
Department, Ministry of Public Security
Dr Jed Horner Standards Australia
Mr Wong Onn Chee Infotect Security, Singapore
Mr Bondan Widiawan Cyber Security Agency for Indonesia
Mr Neil El Himam Indonesian National Tourism & Creative Economy
Agency
Dr Maslina Daud CyberSecurity Malaysia
Ms Norsalimi Shaleh CyberSecurity Malaysia
Observers Ms Lusia Herwahyu ASEAN Secretariat
Mr Yan Aryanto ASEAN Secretariat
Ms Bonnie Rivendell APEC, RMIT University
Ms Georgie Passalaris TRPC
Ms Sarah Lee TRPC
Recommended