lolloj - Fotolia
Member states of the Association of Southeast Asian Nations (Asean) will cooperate more closely to combat cyber threats as part of the recently announced cyber security strategy of the Singapore government.
A regional ministerial conference was held in Singapore to discuss this on 11 October 2016.
“Countries today face a full spectrum of cyber threats – cyber crime, attacks, espionage and other malicious activities,” said Yaacob Ibrahim, Singapore’s minister in charge of cyber security. “We in Asean have not been immune.”
He referred to a joint Singtel and FireEye study that found Southeast Asian governments more likely to be the target of a cyber attack than other organisations in the region, and they could be subject to advanced persistent threats (APT).
Three areas of cooperation
Ibrahim proposed three areas for cooperation among Asean member states: cyber capacity building, cyber space awareness, and cyber norms.
“Singapore is committed to these ideas, and we are backing our words with resources and investment,” he said.
For fostering cyber security capacity building, he advised member states should carry on working closely on many initiatives, dealing with incident response, confidence building, and technical cyber capacity building.
The Asean Regional Forum is a useful dialogue platform on confidence building measures, and cyber security capacity-building workshops for Asean countries are run with the US. He also cited the annual Asean Cert incident drill (Acid), that helps computer emergency response teams (Certs) across the Asean region test and refine their cooperation and incident handling procedures.
To complement these efforts, he announced the launch of the US$10m Asean Cyber Capacity Programme (ACCP) to help fund various efforts to deepen cyber capacities across Asean. “The money will pay for resources, expertise and training, so we will be equipped to drive and take ownership of the cybersecurity agenda in our respective countries,” said Ibrahim.
- SMEs in the Asean region will be gateways to large enterprises for cyber criminals, unless they improve their security.
- Asean countries need legislation to motivate organisations to step up their cyber security activities.
- Security is a rising concern in the Asean region, with fears fuelled by events such as the recent hacking incident in Manila.
Since cyber space is borderless and connects Asean to the wider world, Ibrahim identified securing a safer common cyber space as an important area of cooperation.
“International law enforcement is one area where close cooperation is needed,” he said. “As Interpol’s global headquarters to combat cyber crime, the Interpol global complex for innovation (IGCI) in Singapore has coordinated several successful joint operations since its inauguration in 2015.
“By partnering Interpol, we can conduct more joint operations against cybercriminals, and enhance the collective safety and security in Asean,” he added.
The minister also referred to the CyberGreen initiative as a useful platform in this regard. Launched in 2014 by the Japan Cert, the CyberGreen project is a global initiative to create a resilient and healthy cyber ecosystem. It aims to research and aggregate open source information to measure and create awareness of the cyber health status of a country.
Singapore is a cornerstone sponsor of the global initiative. “Through this platform, our countries can work together to improve awareness, sharpen incident response, and secure Asean’s common cyber space,” said Ibrahim.
Facilitating exchanges on cyber norms
Ibrahim said Singapore wants to work with other Asean states and partners to develop a regional understanding of cyber norms, and arrive at an Asean position. “This perspective can be our joint contribution to global conversations,” added Ibrahim.
P. Ramakrishna, vice-president at CIO Academy Asia, said combatting cyber security threats is no longer confined to the actions of individual entities. “It requires the concerted will and cooperation of the entire digital community,” he said. “To achieve cyber safety, the sum of the parts must be greater than the whole. Countries such as Singapore can take the initiative to make this happen in the region.”
Andy Cocks, CTO at Dimension Data Asia-Pacific, said another focus point is developing cyber security talent in the region to reduce the shortage of skilled people.