* [Blog](https://www.paloaltonetworks.com.au/blog)
* [Palo Alto Networks](https://www.paloaltonetworks.com.au/blog/corporate/)
* [CSO Perspective](https://www.paloaltonetworks.com.au/blog/category/cso-perspective/)
* Japan's Cybersecurity Cap...

# Japan's Cybersecurity Capacity-Building Support for ASEAN -- Shifting From What to Do to How to Do It

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.paloaltonetworks.com.au%2Fblog%2F2017%2F07%2Fcso-japans-cybersecurity-capacity-building-support-asean-shifting%2F)  
[](https://twitter.com/share?text=Japan%E2%80%99s+Cybersecurity+Capacity-Building+Support+for+ASEAN+%E2%80%93+Shifting+From+What+to+Do+to+How+to+Do+It&url=https%3A%2F%2Fwww.paloaltonetworks.com.au%2Fblog%2F2017%2F07%2Fcso-japans-cybersecurity-capacity-building-support-asean-shifting%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.paloaltonetworks.com.au%2Fblog%2F2017%2F07%2Fcso-japans-cybersecurity-capacity-building-support-asean-shifting%2F&title=Japan%E2%80%99s+Cybersecurity+Capacity-Building+Support+for+ASEAN+%E2%80%93+Shifting+From+What+to+Do+to+How+to+Do+It&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www.paloaltonetworks.com.au/blog/2017/07/cso-japans-cybersecurity-capacity-building-support-asean-shifting/&ts=markdown)  
\[\](mailto:?subject=Japan’s Cybersecurity Capacity-Building Support for ASEAN – Shifting From What to Do to How to Do It)  
Link copied  
By [Mihoko Matsubara](https://www.paloaltonetworks.com/blog/author/mihoko-matsubara/?ts=markdown "Posts by Mihoko Matsubara")  
Jul 26, 2017  
7 minutes  
[CSO Perspective](https://www.paloaltonetworks.com/blog/category/cso-perspective/?ts=markdown)  
[ASEAN](https://www.paloaltonetworks.com/blog/tag/asean/?ts=markdown)  
[Cybersecurity-Capacity-Building](https://www.paloaltonetworks.com/blog/tag/cybersecurity-capacity-building/?ts=markdown)  
[Japan](https://www.paloaltonetworks.com/blog/tag/japan/?ts=markdown)

This year marks the 50th anniversary of the Association of Southeast Asian Nations (ASEAN), which is expected to become [the world's fourth-largest economy by 2030](http://www.thejakartapost.com/seasia/2016/05/04/asean-to-become-worlds-4th-largest-economy-by-2030.html). As Information and Communications Technology (ICT) is integral to ASEAN's industrial platform, cybersecurity has become more crucial than ever. ASEAN held the first Ministerial Conference on Cybersecurity in October 2016. In his opening remarks, [Dr. Yaacob Ibrahim, Singapore's minister for communications and information and minister-in-charge of cybersecurity](https://www.csa.gov.sg/news/speeches/minister-yaacob-speech-for-amcc-2016), emphasized that ASEAN needs to promote cybersecurity technical capacity-building.

[ASEAN is a rapidly growing market](http://www.asean.emb-japan.go.jp/documents/20151028.pdf) with a population of 620 million, and its GDP has tripled over the last decade. ASEAN is also the second-largest trade partner for Japan (after China) at 14.7 percent. The association considers [Japan its third-largest external trade partner](http://www.asean.emb-japan.go.jp/documents/20151028.pdf) -- coming in at 9.1 percent -- after China and the European Union.

Given the borderless nature of cyberattacks, damages and consequences are not necessarily contained in one specific organization, sector or country. Thus, cybersecurity awareness-raising and capacity-building are essential to tackle the varied cybersecurity levels of ASEAN members.

To address this challenge, Japan made two important announcements in 2016. First, at the Japan-ASEAN Summit Meeting in September 2016, [Prime Minister Shinzo Abe](http://www.nisc.go.jp/conference/cs/dai10/pdf/10shiryou09.pdf) stated that Japan would continue to help ASEAN by crafting a policy for cybersecurity capacity-building support in line with the Basic Policy described below. The [ASEAN Chairman](http://www.meti.go.jp/policy/trade_policy/east_asia/dl/2016_ASEAN-JAPAN_19.pdf) expressed appreciation for Japan's determination for proactive support on behalf of ASEAN members at the summit. This marked the first time any Japanese Prime Minister had made such a commitment to ASEAN.

Second, the Japanese government issued the [Basic Policy to Support Cybersecurity Capacity-Building in Developing Countries](http://www.nisc.go.jp/conference/cs/dai10/pdf/10shiryou09.pdf) in October 2016. The Japanese government aims to reduce cybersecurity vulnerabilities globally to minimize risks; enhance security for the daily lives and business operations of its citizens, who depend on critical infrastructure in those developing countries; obtain understanding of Japan's basic principle of free information flow and rule of law from developing countries; and create infrastructure to develop the Japanese ICT industry in those countries.

The Basic Policy has three pillars: to enhance capabilities for incident response, such as building computer emergency response teams (CERTs); to help law enforcement to tackle cybercrime; and to obtain understanding and raise awareness of the importance of international norm and confidence-building in cyberspace via the United Nations Group of Governmental Experts. The Japanese government uses Official Development Assistance to provide cybersecurity devices and equipment, as well as training to use them, at a bilateral cooperation level. Furthermore, the Japanese government uses multilateral frameworks to offer training for cybercrime investigation and share expertise via the Japan-ASEAN Cybercrime Dialogue.

Japan and ASEAN hold an annual Information Security Policy Meeting at the Director-General level to discuss how to create a secure business environment and ensure information security. At [the first such meeting in February 2009](http://www.nisc.go.jp/conference/seisaku/dai21/pdf/21siryou09.pdf), both parties agreed that Japan would help ASEAN craft information security strategy to enhance its cybersecurity and share best practices between the public and private sectors. Over the last couple of years, the support has shifted from "what to do" to "how to do." At first, discussions focused on what it takes to craft cybersecurity policy. Since ASEAN countries have developed national CERTs, the agenda has now shifted to how to improve national cybersecurity capability.

In 2009, the [Japanese National Information Security Center](http://www.jssm.net/jssm/security_day/2011/20110226_1.pdf) (NISC, which is now called the National Center of Incident Readiness and Strategy for Cybersecurity) began annually hosting an ASEAN-Japan Government Network Security Workshop to discuss each government's information security efforts among division chiefs, and an ASEAN-Japan Government Information Security Training in 2010 to train working-level officials on how to craft information security policy and build operational capability. The Tokyo training in August 2010 consisted of two parts: a four-day policy-crafting course to share updates on each country's policy and joint awareness-raising campaigns; and a five-day operational hands-on course with case studies and a cyber exercise.

In November 2011, the [fourth ASEAN-Japan Information Security Policy Meeting](http://www.soumu.go.jp/main_content/000136358.pdf) (Japanese link) agreed to increase joint efforts to raise cybersecurity awareness. More specifically, Japan started to provide educational videos and brochures in each local language, provide training on information security management for government officials, and additionally began to send experts to seminars and training in ASEAN countries in 2012. The Japanese government provided ASEAN countries with [videos](http://www.youtube.com/user/NISCchannel), [brochures and posters](http://www.nisc.go.jp/security-site/campaign/asean.html).

In September 2013, Japan and ASEAN held the ASEAN-Japan Ministerial Policy Meeting on Cybersecurity Cooperation in Tokyo to commemorate the 40th anniversary of the Japan-ASEAN relationship. During the event, Japan and ASEAN agreed to collaborate on the Internet Traffic Monitoring Data Sharing Project (TSUBAME Project) to expand cooperation between CSIRTs (Computer Security Incident Response Teams). [JPCERT/CC](http://www.jpcert.or.jp/tsubame/) started the project in 2007, and it has 25 members from 21 regions -- mainly national CSIRTs -- as of September 2015.

Next, Japan agreed to keep providing capacity-building support: Proactive Response Against Cyberattacks Through International Collaborative Exchange (PRACTICE) and Japan-ASEAN Security PartnERship (JASPER). PRACTICE is a project between Japan and other countries to build a network to gather information on cyberattacks and malware, and to research and develop technologies to predict cyberattacks, enabling countries to respond quickly. JASPER comprises the PRACTICE project and infection alerts.

This year has already seen a good start between Japan and ASEAN. The Japan International Cooperation Agency has already provided cybersecurity training twice. The first training, for national CERT and government officials, aimed to increase cyber incident handling capabilities by providing understanding of the current threat landscape, best practices and a series of steps to take to respond to incidents, which consisted of cyber exercises in monitoring, analysis, incident handling and reporting. The second training focused on cybersecurity standardization and information security management, covering ISO/IEC27000 and the information security management system (ISMS). Students were ASEAN government officials, including those from Government CSIRT and national CERT. In this training, they were required to give a presentation to compare Japan and their home country, and subsequently provide recommendations for their governments.

The 10th ASEAN-Japan Information Security Policy Meeting will be held this fall. When the ninth meeting adopted the [new Guidelines to Protect Critical Infrastructure Between Japan and ASEAN](http://www.meti.go.jp/english/press/2016/1024_03.html) in October 2016, ASEAN countries began to use the guidelines as a reference to craft and implement their national critical information infrastructure policy (CIIP). The Japanese government issued cybersecurity guidelines for the electric power industry in 2016 and released [a new national cybersecurity strategy for CIIP](https://www.nisc.go.jp/active/infra/pdf/infra_rt4.pdf) in April 2017. CIIP will be a great area in which Japan and ASEAN can cooperate to help business operations and economic growth.

Japan's support to date has focused on policy and technical capacity-building, and there will be many more ideas to come. [The Japanese CIIP strategy](http://www.nisc.go.jp/active/infra/pdf/pubcom_ap4.pdf) shows that the Japanese government is keen to encourage business executives to invest in cybersecurity and have corporate governance in place, as well as to consider risk assessment and strategic business risk management as parts of their business strategies. This reflects the philosophy of the [Cybersecurity Guidelines for Business Leadership](http://www.meti.go.jp/policy/netsecurity/downloadfiles/CSM_Guideline_v1.1.pdf). The involvement of business executives is crucial to accelerate successful cybersecurity efforts from a top-down approach, rather than a time-consuming bottom-up approach -- especially with only three years left before the Tokyo Summer Olympic Games in 2020. That is why the Japanese Ministry of Economy, Trade and Industry launched the [Cybersecurity Center of Excellence](http://www.ipa.go.jp/icscoe/) (COE), which will offer a short-term course for C-level people to learn about cybersecurity and CIIP later this year.

Critical infrastructure is owned and operated by private companies in most cases. Japan's lessons learned from the Japanese guidelines and COE would be beneficial to share with ASEAN countries. It will help the Association implement the new Guidelines to Protect Critical Infrastructure Between Japan and ASEAN and urge business leaders to take proactive roles in CIIP and cybersecurity.

*** ** * ** ***

## Related Blogs

### [CSO Perspective](https://www.paloaltonetworks.com/blog/category/cso-perspective/?ts=markdown)

[#### Japan's New Cybersecurity Strategies Have the Right Priorities in Mind](https://www.paloaltonetworks.com.au/blog/2017/11/cso-japans-new-cybersecurity-strategies-right-priorities-mind/)

### [CSO Perspective](https://www.paloaltonetworks.com/blog/category/cso-perspective/?ts=markdown)

[#### Cybersecurity and Human Factors: Why Cybersecurity Is a Human Issue Rather Than a Technical Problem](https://www.paloaltonetworks.com.au/blog/2017/11/cso-cybersecurity-human-factors-cybersecurity-human-issue-rather-technical-problem/)

### [CSO Perspective](https://www.paloaltonetworks.com/blog/category/cso-perspective/?ts=markdown)

[#### Highlighting Japan-India Cybersecurity Cooperation in the "Confluence of the Two Seas"](https://www.paloaltonetworks.com.au/blog/2017/09/cso-highlighting-japan-india-cybersecurity-cooperation-confluence-two-seas/)

### [CSO Perspective](https://www.paloaltonetworks.com/blog/category/cso-perspective/?ts=markdown), [Events](https://www.paloaltonetworks.com/blog/category/events/?ts=markdown)

[#### Palo Alto Networks Day Japan 2017: Evolving Cybersecurity Efforts to Increase Trust in the Digital Age and Prevent Cyberattacks](https://www.paloaltonetworks.com.au/blog/2017/09/cso-palo-alto-networks-day-japan-2017-evolving-cybersecurity-efforts-increase-trust-digital-age-prevent-cyberattacks/)

### [CSO Perspective](https://www.paloaltonetworks.com/blog/category/cso-perspective/?ts=markdown)

[#### A Seat at the Table: How Countries Like Japan Can Be More Visible in Cybersecurity Discussions](https://www.paloaltonetworks.com.au/blog/2017/06/cso-a-seat-at-the-table-how-countries-like-japan-can-be-more-visible-in-cybersecurity-discussions/)

### [CSO Perspective](https://www.paloaltonetworks.com/blog/category/cso-perspective/?ts=markdown)

[#### How Japan Is Aiming to Close the Cybersecurity Skills Gap Before Tokyo 2020](https://www.paloaltonetworks.com.au/blog/2017/05/cso-japan-aiming-close-cybersecurity-skills-gap-tokyo-2020/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www.paloaltonetworks.com.au/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language