Enhancing cybersecurity in ASEAN – Singapore announces three broad proposals at the ASEAN Ministerial Conference on Cybersecurity
Prime Minister Lee Hsien Loong announced on 10 October 2016 Singapore’s National Cybersecurity Strategy at the opening of the Singapore International Cyber Week (SICW). The Strategy underscores Singapore’s commitment to building a trusted and resilient cyber environment and the recognition that strong international partnerships are a crucial part of this vision. At the opening ceremony of the Ministerial Conference on Cybersecurity on 11 October 2016, Dr Yaacob Ibrahim, Minister for Communications and Information & Minister-in-Charge of Cybersecurity, announced Singapore’s proposals in three areas to enhancing cybersecurity in ASEAN:
Fostering ASEAN cyber capacity building
Singapore recognises that ASEAN Member States and Dialogue Partners have already been working closely on many initiatives dealing with incident response, confidence building, and technical cyber capacity building. For instance, the ASEAN Regional Forum has been a useful dialogue platform on confidence building measure. The United States and Singapore also recently conducted a cybersecurity capacity building workshop in August 2016. Some 30 participants got to learn about topics such as the development of cybersecurity strategies, incident management frameworks, and public outreach. For the annual ASEAN CERT Incident Drill, or ACID, the 11th edition was just completed in Singapore recently and the drill helps CERTs across ASEAN Member States to test and refine their cooperation and incident handling procedures.
Such events and meetings are important contributions demonstrating the strong foundation of cooperation in ASEAN. To complement these efforts, Singapore is pleased to launch a S$10 million ASEAN Cyber Capacity Programme (ACCP). The objective of ACCP is to help fund various efforts to deepen cyber capacities across ASEAN Member States. The money will pay for resources, expertise and training, so that ASEAN will be equipped to drive and take ownership of the cybersecurity in the respective countries. More specifically, the programme will provide the resources to broaden the scope of capacity building activities to better hone technical skills and incident response. It will also support discussion and consultancy work in areas such as the formation of national cybersecurity agencies, formulating cybersecurity strategies, and even legislation. The flexibility of the ACCP funding allows ASEAN to channel efforts to where they are most needed and can be most effective.
Creating cyberspace awareness and a safer cyber environment
Cyberspace is borderless and connects ASEAN beyond its geographical proximity as a region. In fact, malicious actors deliberately target the gaps between ASEAN’s borders and jurisdictions to exploit and target its Member States. ASEAN needs to work together, beyond its borders, to effectively secure this common space. One area where close cooperation is needed is international law enforcement. Singapore is honoured to host the INTERPOL Global Complex for Innovation (IGCI). As INTERPOL’s global headquarters to combat cybercrime, the IGCI has coordinated several successful joint operations since its inauguration in 2015.
Through the IGCI, INTERPOL gains a better understanding of Asian perspectives. This shapes its R&D and operational responses against transnational threats. While the IGCI has made a promising start, countries have to actively support the IGCI for its continued success and effectiveness. ASEAN can support the IGCI by, for example, seconding more ASEAN law enforcement officers to IGCI. By partnering INTERPOL, more joint operations can be conducted against cybercriminals and enhance the collective safety and security in ASEAN. Securing ASEAN’s cyberspace also requires Member States to have a better situational awareness of the overall cyber environment. This is key to improving ASEAN’s collective cyber hygiene, as prevention and remediation efforts can be better directed towards known vulnerable areas and places where there may be suspicious cyber activities.
CyberGreen is one global initiative that will aid ASEAN in securing their common cyberspace. The CyberGreen project aims to gives countries awareness of the state of cyber health and potential vulnerabilities within ASEAN’s borders. With this situational awareness, countries can then take preventive action to deal with potential cyber risk and vulnerabilities. Overtime, CyberGreen will develop robust cyber health metrics. These will allow practitioners and policy-makers to access how individual countries and ASEAN as a whole, are progressing on the cybersecurity front. Cyber incident responders can also better identify and remediate different classes of threats, based on actionable threat information provided by CyberGreen.
Singapore is a sponsor of this global initiative and have signed on to CyberGreen, as she recognises that ASEAN Member States including Singapore herself can benefit from CyberGreen. As as a start, because of Singapore’s sponsorship, all ASEAN Member States will be able to access CyberGreen through Singapore for free, and get a first cut report on the state of their own country’s cyber health status. Through this platform, ASEAN Member States can work together to improve the region’s cyber situational awareness, sharpen incident response, and therefore ASEAN’s common cyberspace.
Facilitating exchanges on cyber norms
Global discussions on cyber norms have kicked off in the last decade, catalysed by platforms such as the United Nations Group of Governmental Experts, or UNGGE. Malaysia was in the 2014-2015 UNGGE, and Indonesia is in the current Group. These conversations contribute to international peace and stability in cyberspace, and foster an environment of trust. Singapore notes that the 2015 report of the UNGGE made important recommendations on voluntary norms for States. Singapore is similarly supportive of having basic rules for behaviour in cyberspace. Such a set of regional cyber norms would ensure the safety and security of regional and international cyberspace, and by extension, contribute to the stability and economic progress of the ASEAN community.
While staying plugged in to the global conversations, ASEAN should also make sure that norms and behaviours are kept relevant and applicable to the region’s unique context and cultures. Singapore will be pleased to work with fellow Member States and Dialogue Partners to develop their own regional understanding of cyber norms, and arrive at an ASEAN position, which can be ASEAN’s joint contribution to global conversations.