Andrea Danti - Fotolia
Coordination is vital to ensure that Southeast Asia’s cyber security efforts are focused, effective and in synergy with one another, said ministers and senior officials at a recent cyber security event in Singapore.
Speaking at the opening plenary of Singapore International Cyber Week 2017, Teo Chee Hean, Singapore’s deputy prime minister and coordinating minister for national security, singled out the importance of international cooperation in securing critical information infrastructure (CII) that spans different countries.
These so-called “supranational CIIs” include global payment systems, port operations systems and air-traffic control systems.
H. Wiranto, Indonesia’s coordinating minister for political, legal and security affairs, agreed, noting that collaboration between states is the way to go.
“Cyber space, with its different subsystems, is such a complex phenomenon that practically no government in this world can control the cyber world on its own. Collaboration and partnership is the best path forward,” he said.
Need for cyber norms
Singapore’s minister for communications and information, Yaacob Ibrahim, said ASEAN needs to collectively develop and agree on basic voluntary cyber norms across member states. Cyber norms are basic rules for behaviour in cyber space.
The plan is to take reference from the norms set out in a 2015 United Nations report on ICT developments in the context of international security.
Rob Joyce, the US White House cyber security coordinator, said the international community has already moved towards consensus on adopting global cyber norms.
These include “not conducting cyber-enabled theft of intellectual property for commercial gain, not damaging or disrupting critical infrastructure, and cooperating to mitigate malicious cyber activity emanating from their territory” during peacetime.
However, more needs to be done to hold states accountable. “It is great that we are establishing norms, but we must improve the cost to going outside those norms,” he said.
Talent and regulatory gaps
Sherrel Roche, senior market analyst for services research at IDC Asia-Pacific, said besides lacking a strong regulatory regime, ASEAN faces a shortage of qualified cyber security professionals and limited capabilities of local professional security services suppliers.
This in turn drives the need for stronger regulatory compliance, cyber security breach notification requirements, as well as partnerships between governments, universities and security vendors to strengthen the cyber security ecosystem.
“While Singapore has a more mature regulatory environment in the region, the rest of the countries are playing catch-up and are also introducing new data protection laws based on the EU General Data Protection Regulation,” said Roche.
Meanwhile, more ASEAN countries are stepping up efforts to beef up their cyber defences and plug the talent gap.
For example, Indonesia has established a national cyber agency that combines the capabilities of the Indonesia Security Incident Response Team on Internet Infrastructure (ID-SIRTII) and the State Cipher Agency under one roof.
Malaysia is also enhancing its cyber security talent pool through an agreement between the Malaysian Digital Economy Corporation and the UK’s Protection Group International (PGI) to set up a cyber security academy.
In taking the lead on grooming cyber security talent across the region, Singapore will set aside S$1.5m for the ASEAN Cyber Capacity Building Programme to train cyber experts.
Additionally, it will partner the industry to run an industrial attachment programme for 18 candidates from ASEAN states, and set up an academy to train cyber security professionals in government and CII sectors.
Read more about cyber security in ASEAN
- The computer networks of two universities in Singapore were breached in April 2017 by hackers looking to steal information related to government or research.
- Threat intelligence feeds provide valuable information to help identify incidents quickly, but only if they are part of an intelligence-driven security programme.
- WannaCry’s spread in Asia-Pacific accounted for just 10% of detections worldwide, indicating the ransomware’s limited reach in the region.
- Singapore and Australia will conduct joint cyber security exercises, among a raft of measures to secure critical infrastructure and bolster cyber security know-how.