ASEAN ministers stress cooperation to reduce cyber threats
A recent onslaught of cyber attacks across the Indo-Pacific is driving the 10 member states of the Association of Southeast Asian Nations (ASEAN) to work in unison to bolster cyber security. This was emphasized at the fourth ASEAN Ministerial Conference on Cybersecurity (AMCC) in Singapore on October 2, 2019, where ministers and officials responsible for cyber security drafted the ASEAN cyber security coordination mechanism paper and pledged support for cyber security centers in Singapore and Thailand.
“Cyber attackers continue to evolve and develop ever more sophisticated tools and techniques,” said S. Iswaran, Singaporean minister for communications and information, in his opening speech to AMCC participants. “They are no longer motivated merely by economic gains, but also seek to disrupt our critical information infrastructure. At the same time, cyber defenders have to secure an increasingly challenging terrain, including a growing attack surface and new technology domains such as IoT [internet of things] and 5G.”
A 2018 cyber security study by Cisco Systems revealed that a new cyber attack was detected every 10 seconds by companies in the Indo-Pacific. Two hundred organizations taking part in the study reported more than U.S. $1 billion in total annual losses due to cyber attacks. Recent attacks in the region recognized by CIO Magazineinclude: a breach in Toyota Motor Corp.’s servers in Thailand and Vietnam in March 2019; a server breach affecting more than 900,000 clients of the Philippine financial services firm Cebuana Lhuillier in January 2019; the personal data theft of 14,200 people diagnosed with HIV in Singapore in January 2019; and the exposure of the identity documents of 45,000 customers of True Corp., Thailand’s second-largest mobile network, in March 2018.
At the conference, ministers acknowledged the need to pool efforts across industry and government with a new cross-sectoral coordinating committee. They emphasized that the new mechanism should address current and pressing issues and “not duplicate existing ASEAN sectoral bodies’ work.”
Iswaran also announced the anticipated launch of the ASEAN-Singapore Cybersecurity Centre of Excellence (ASCCE) with a committed five-year budget of U.S. $22 million. The center joins the ASEAN-Japan Cybersecurity Capacity Building Centre in Thailand, he added, in efforts to build regionwide capabilities.
“The ASCCE will fulfill three main functions,” he said. “One, conduct research and provide training in areas on international law, cyber strategy, cyber conflict, legislation, cyber norms and other cyber security policy issues; two, provide CERT [community emergency response team]-related training as well as facilitate the exchange of open-source cyber threat and attack-related information and best practices; and three, conduct virtual cyber defense trainings and exercises.” CERTs are employed by national governments to handle computer security incidents. The working-level committee announced at the AMCC would be responsible for coordinating the cooperation of ASEAN CERTs, along with the “protection of critical information infrastructure and mutual assistance in cyber security.” It should address ways to receive and investigate reports of cyber attacks, said Gobind Singh Deo, Malaysia’s communications and multimedia minister, to ensure an “action-based response” that is “expeditious and effective.”
Iswaran closed the conference by underscoring the need for a collaborative effort to counter the growing global menace of cyber attacks.
“Our interests are deeply intertwined, and it is necessary and valuable that we work together as a team,” he said, “whether it is at the national level, the international level and also within ASEAN to strengthen cyber security.”
Tom Abke is aFORUM contributor reporting from Singapore.