ASEAN-Japan Cybersecurity Capacity Building Centre to be launched in Thailand in June 2018
The Ministry of Digital Economy and Society (MDES) of Thailand and Ministry of Internal Affairs and Communications (MIC) of Japan are partnering for the establishment of a ASEAN-Japan Cybersecurity Capacity Building Centre (AJCCBC) in Thailand in June. The Centre is expected to play the key role in mitigating cybercrime in the region as well as getting ready for the establishment of ASEAN-CERT.
According to Bangkok Post, at the ASEAN Telecommunications and IT Ministers meeting (Telmin) meeting in Cambodia in December 2017, Thailand was chosen to be the hub of ASEAN cybersecurity training and tasked with improving the skills of security-related agencies of 10 countries.
The objective of the project is to develop cybersecurity workforce particularly in governmental agencies and Critical Information Infrastructure operators in ASEAN with the aim of enhancing cybersecurity awareness, strengthening information security and data protection, and promoting information sharing. All elements are essential for the development of standardised Incident Reporting Framework across the region and the establishment of ASEAN-CERT. This is in line with the ASEAN ICT Master Plan 2020 Strategic Thrust 8: Information Security and Assurance, which is directed towards creating a trusted ASEAN digital economy and improving cyber emergency responses and collaboration.
The project has received funding from Japan (JAIF: Japan-ASEAN Integration Fund) and supports in terms of technical expertise to enable effective delivery of cyber training for ASEAN Member States. MDES has mandated the Electronic Transactions Development Agency or ETDA to be the lead agency on this project, taking into consideration its extensive experience in cybersecurity workforce development.
ETDA announced the planned launch of 3 courses at the upcoming Centre to prepare the cybersecurity workforce in ASEAN to face the rising threats of cyber-attacks.
The courses to be conducted are: 1) CYDER (Cyber Defense Exercise with Recurrence) focuses on handling cybersecurity incidents. This course has been adopted by the Government of Japan to train cybersecurity personnel across the country during the past five years, with over 5,000 participants from more than 1,500 organizations; 2) Forensics deals with digital evidence of cyber-attacks; and 3) Malware Analysis covers the analysis of various types of malware according to the trend of cyber threats.
All courses are designed to allow participants to learn the theory as well as gain hands-on experience. Content of the courses will be updated at least on an annual basis to keep up with the evolving cyber threat landscape. The Centre aims to develop at least 700 cybersecurity personnel in ASEAN in four years.
In addition to conducting the courses, the Centre will also organise an annual Cyber SEA Game, a regional cybersecurity contest to nurture young talent in the field. The winning team will receive the opportunity to attend international competition in Japan. During the initial 4 years of this project, Japan will help ASEAN develop cybersecurity personnel and provide essential knowledge transfer for the long-term management and sustainability of this Centre.
Dr. Pichet Durongkaveroj, Minister of MDES, said, “MDES has been working in parallel with ASEAN and Japan. While Japan is preparing for financial capital, Thailand is proceeding with the approval of project detail that is under review by ASEAN and Japan. In the meantime, Thailand is getting the people, process, and location ready to take immediate action upon approval of the budget. This includes action plan, course curriculum, and other logistics. We expect to officially launch the Centre this June and conduct the first training for ASEAN altogether.”
Surangkana Wayuparb, CEO of ETDA stated that the Centre is going to deliver cybersecurity training every two months or at least six times a year targeting government officials and Critical Information Infrastructure personnel.
The Thai Government’s press release notes several advantages for Thailand having been selected the host country. It offers an opportunity for Thailand to learn and adapt international practices in cybersecurity workforce development to benefit the country, while also building a network of cybersecurity experts in ASEAN for better cooperation in the future.
According to the press release, the future of this Centre is a matter of discussion for the whole of ASEAN to discuss and decide. Thailand will continue to promote and support this Centre by exploring future partnership and sponsorship from other sources such as ASEAN dialogue partners, private companies, and the ASEAN ICT Fund.
ASEAN focusing on cybersecurity
Cybersecurity is a key area of focus for ASEAN. Singapore is the chair of ASEAN for 2018. Singapore’s Foreign Minister Dr Vivian Balakrishnan has emphasised that ASEAN countries “need to step up, and to step up urgently, collaboration on cybersecurity, because you can’t have a smarter world, you can’t have e-commerce, you can’t have seamless digital transactions if you don’t have cybersecurity. It’s the flip side of the coin.”
An ASEAN CERT Incident Drill (ACID) is held annually. The latest edition was held in Vietnam in September 2017, involving the ten members of ASEAN as well as five dialogue partners – Australia, China, India, Japan, and South Korea.
At the 2nd ASEAN Ministerial Conference on Cybersecurity, it was revealed that Singapore will set aside S$1.5 million of the ASEAN Cyber Capacity Programme (ACCP) to build technical capability among incident responders and operators in the ASEAN region. The S$10 million ACCP was announced at the Opening Ceremony of the inaugural ASEAN Ministerial Conference on Cybersecurity during the first Singapore International Cyber Week in 2016. Through a modular, multi-stakeholder and multi-disciplinary approach, the ACCP seeks to develop technical, policy and strategy-building capabilities within ASEAN Member States through workshops, seminars and conferences organised, in collaboration with partners such as Government agencies, industry players and Non-Governmental Organisations (NGOs), including the US Department of State, the MITRE Corporation, Cyber Law International and the ICT4Peace Foundation.
At the same conference, ASEAN Member States expressed their support for the development of basic, operational and voluntary norms of behaviour to guide the use of ICTs in a responsible manner, in line with the 2015 Report of the UN Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security.
The recent Sydney Declaration at the inaugural ASEAN-Australia Summit also includes a commitment to deepening cooperation on cyber security.