ASEAN members commit to a unified stand against cybercrime

Last week’s Singapore International Cyber Week (SICW) concluded with a promising commitment towards the fight against cybercrime in the city-state and across the wider ASEAN region.

The most hopeful of those initiatives was the agreement among ASEAN member states to strengthen cyber coordination and capacity-building efforts – a very much welcomed announcement taking into account the disparities that currently exist within the bloc in the cybersecurity arena.

S Iswaran, Singapore’s Minister for Communications and Information and Minister-in-charge of Cyber Security, said that ASEAN will work towards an international framework of guidelines on cybersecurity and boost the bloc’s cyber defences.

“Singapore and all the ASEAN member states subscribed to the fact that we need a rules-based cyber-security environment in order to foster confidence and build relationships that can engender mutual trust and effectively deal with challenges”, the minister said.

The declaration took place during the third ASEAN Ministerial Conference on Cybersecurity (AMCC), which was convened as part of the Cyber Security Agency of Singapore (CSA) organised SICW 2018.

The AMCC is a non-formal platform for leaders from ASEAN member states to discuss what can be done to bolster cybersecurity in the region.

ASEAN ministers noted that Singapore will propose a mechanism to enhance ASEAN cyber coordination which will be presented to the bloc’s leaders for consideration.

The AMCC reaffirmed the importance of a rules-based cyberspace as an enabler of economic progress and betterment of living standards, and agreed in-principle that international law, voluntary and non-binding norms of state behaviour, and practical confidence building measures are essential for stability and predictability in the cyberspace.

In this context, the AMCC agreed to subscribe in-principle to the 11 voluntary, non-binding norms recommended in the 2015 Report of the United Nations Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security (UNGGE), as well as to focus on regional capacity-building in implementing these norms.

New regional cybersecurity training centre

Another highlight from SICW 2018 was Singapore’s commitment to spend SGD30 million (c.USD22 million) over five years on fully funding the ASEAN-Singapore Cybersecurity Centre of Excellence (ASCCE), a multi-disciplinary facility under the auspices of the ASEAN Cyber Capacity Programme.

The ASCCE will help develop the cybersecurity capabilities of ASEAN member states, and it will fulfil three principal functions, including cyber think-tank and training centre, Computer Emergency Response Team (CERT) centre and cyber range training centre.

Iswaran emphasised the interest of international partners in collaborating with ASEAN to achieve ASCCE’s goals.

“To date, Australia, Canada, the European Union, the Republic of Korea, New Zealand, the United Kingdom (Britain) and the United States have indicated keen interest to work with us to develop and deliver programs under the ASCCE”, he said.

Other key announcements during this year’s SICW included the launch of a Government Bug Bounty programme, where international and local white-hat hackers will test selected, internet-facing Government systems and identify vulnerabilities, and the renewal of the partnership between Singapore and France with the signing of an extended Cybersecurity Cooperation Programme.

These steps demonstrate ASEAN’s commitment to tackle the impending threat posed by cybercrime and which recently affected the region in the form of serious data breaches.

A recent study by AT Kearney on the state of cybersecurity in ASEAN pointed out the severe risk which cyber threats could pose to the potential USD1 trillion that digital economy can add to ASEAN’s GDP over the next 10 years.

Some of the challenges identified in the report include low levels of cyber resilience and cyber readiness in most countries around the region, lack of a strategic mindset, policy preparedness and institutional oversight relating to cybersecurity.

In addition to this, because cyber threats are perceived to be an information technology (IT) issue rather than a business problem, regional businesses don’t have a comprehensive approach to cybersecurity. This underestimation leads to a significant under-investment in cybersecurity.

The same study recommended the implementation of a defence playbook addressing a four-point agenda, namely elevating cybersecurity on the regional policy agenda; securing a sustained commitment to cybersecurity; fortifying the ecosystem; and building the next wave of cybersecurity capability.