CSCAP Study Group on International Law and Cyberspace


CSCAP Singapore

Introduction and significance of the study


Countries in the Asia-Pacific are rapidly digitising at every level of society. The development of a vibrant digital economy holds immense potential for this region. Cybersecurity is critical to the development of a trustworthy and reliable digital economy, and is therefore a key enabler of economic progress and betterment of living standards across the region. ASEAN supports ongoing work to promote practical, voluntary cyber norms of responsible state behaviour development of a rules-based cyberspace, confidence building measures (CBMs) in cyber and how international law applies to cyberspace during peacetime. These discussions constitute efforts that lead to the eventual development of a rules-based cyberspace that undergirds a thriving and trusted digital economy in this region.



ASEAN has made some progress on this issue with the recent issuing of the Leaders’ Statement on Cybersecurity Cooperation. Even as ASEAN Leaders have tasked relevant Ministers of all ASEAN Member States to make concrete progress on discussions pertaining to the adoption of practical, voluntary norms of State behaviour in cyberspace, taking reference from the recommendations set out in the 2015 UNGGE Report, and as the ARF Inter-Sessional Meeting on Security of and in the Use of ICTs consider proposals for robust confidence building measures, there is scope for a CSCAP Study Group to closely consider the vital issue of international law and cyberspace to help make these discussions more holistic and well-rounded.


Objectives of the study

The objectives of this study are three-fold. First, the study group will consider various perspectives on the application of international law to cyberspace – for peacetime.


Second, the study group will identify specific areas of focus for ASEAN-led platforms.


Third, the study group will frame questions by which these topics could be discussed.



Anticipated output

By the end of the CSCAP study group’s mandate, we anticipate that the study group will have the following output:


How does this proposed study group differ from previous studies undertaken by CSCAP in the past?

Previous CSCAP study groups have done substantial work on CBMs. At the CSCAP Cybersecurity Workshop in Semarang, Indonesia, in April 2017, it was noted that CBMs were already recommended in the 2015 work plan, but have faced obstacles in implementation since then. It was suggested that “progress ultimately depends on shared priorities, a shared vocabulary, a multi-stakeholder approach, and a readiness to tailor solutions to the particular needs of individual states.” The proposed study group seeks to explore these solutions and overcome the obstacles to implementing the 2015 work plan.


The proposed study group also builds upon these previous study groups, with the aim of delving into a critical aspect of a rules-based cyberspace – international law and its applicability to cyberspace. The work of this study group will contribute a valuable dimension to the ongoing ASEAN discussions on norms and confidence building measures.


How does this study group relate to the on-going concerns of ARF ISMs? (for extension of completed mandate only)

Pursuant to the ARF Statement on Cooperation in Ensuring Cybersecurity, the ARF completed a work plan in May 2015, and held a series of workshops and seminars in 2015 and 2016. The Co-chairs’ Summary Report from the ARF Seminar on Operationalizing Cyber Confidence Building Measures (Singapore 2015) reiterated that “Cyber norms and CBMs can contribute greatly to international security”. 

The group at the CSCAP Cybersecurity Workshop in Semarang, Indonesia, in April 2017 further agreed that “a valuable first step for any CBM project within the ARF would be inauguration of the ARF ICT Security ISM and/or ARF Study Group on Confidence Building Measures”. 

In this regard, the ARF Inter-Sessional Meeting on Security of and in the Use of ICTs (ISM-ICT) and Open Ended Study Group (OESG) were established in August 2017, with Japan, Malaysia and Singapore as co-chairs. The first meeting of the OESG was held in Tokyo, Japan in January 2018 and the second OESG meeting and first ISM-ICT meeting were held in Kuala Lumpur, Malaysia in April 2018. Five proposals for confidence building measures that the region can embark on were tabled and discussed at these meetings, and these proposals will be submitted to the Inter-Sessional Support Group and subsequently to the ARF SOM level for consideration.

The ASEAN Regional Forum Experts and Eminent Persons (ARF/EEP) Recommendations for ARF Initiatives on Promoting Cyber Security, adopted on 6 March 2018, also recommended that “ARF Participants should build on relevant work underway in the United Nations and discuss the norms, rules, and principles of responsible behavior of states, including how international law applies to the use of ICTs consistent with UN General Assembly Resolutions.”

A study group on international law and cyberspace would be a valuable complement to ASEAN discussions on norms and CBMs.

The proposed study group will foster constructive dialogue and consultation at the Track 1.5 level on political and security issues of common interest and concern to inform and complement the Track 1 discussions at the ARF ISM-ICT, OESG on Confidence Building Measures and other relevant platforms such as the ASEAN Ministerial Conference on Cybersecurity, and will make significant contributions to efforts towards confidence-building and preventive diplomacy.



Start: Summer 2018  End: Winter of late 2019 or early 2020

Download the study group proposal.


First Meering of the CSCAP Study group on International Law and Cyberspace, 26-27 February 2019, Singapore. 


The first CSCAP Study Group Meeting on International Law and Cyberspace in Singapore from 26 to 27 February 2019. This CSCAP Study Group is co-chaired by CSCAP Singapore, CSCAP Malaysia and CSCAP Japan, mirroring the co-chairs of the ASEAN Regional Forum Inter-Sessional Meeting on Security of and in the Use of Information and Communications Technology (ARF ISM-ICT). This Study Group also seeks to build on the work done in 2012 by a prior CSCAP Study Group on Cyber Security.

Read the Chair's full Report here.