Strengthening Cyber Resilience in ASEAN: Insights from the 9th ASEAN Ministerial Conference on Cybersecurity
On October 16, 2024, the 9th ASEAN Ministerial Conference on Cybersecurity (AMCC) convened as part of the Singapore International Cyber Week (SICW). This pivotal gathering saw Josephine Teo, Singapore’s Minister for Digital Development and Information, alongside representatives from ASEAN member states (AMS), reaffirm their commitment to enhancing cyber resilience across the region. The conference served as a platform for discussing collaborative efforts to address the growing challenges posed by cyber threats and to promote a secure digital environment.
The Role of AMCC in Regional Cybersecurity
Since its inception, the AMCC has emerged as a crucial non-formal regional platform, uniting relevant ASEAN Ministers of Telecommunications and Cybersecurity. The conference has made significant strides in fostering discussions on various aspects of regional cybersecurity cooperation. Key initiatives include capacity-building programs facilitated by the ASEAN-Singapore Cybersecurity Centre of Excellence (ASCCE) in Singapore and the ASEAN-Japan Cybersecurity Capacity Building Centre (AJCCBC) in Thailand. These programs aim to enhance the capabilities of AMS in combating cyber threats and ensuring a robust cybersecurity framework.
The active participation of AMS and their dialogue partners at the AMCC underscores the importance of maintaining a cyberspace that is open, safe, secure, stable, accessible, interoperable, peaceful, and resilient. This collaborative spirit is vital for addressing the complexities of cybersecurity in an increasingly interconnected world.
Launch of the ASEAN Regional Computer Emergency Response Team (CERT)
A significant highlight of the AMCC was Minister Josephine Teo’s announcement regarding the launch of the physical facility for the ASEAN Regional Computer Emergency Response Team (CERT). Since October 2022, Singapore has been working closely with AMS to draft an Operational Framework that outlines the CERT’s purpose, scope, composition, partners, functions, and operational mechanisms. This framework received endorsement from AMS at the 3rd ASEAN Digital Ministers Meeting (ADGMIN) in February 2023.
In a landmark decision, AMS agreed for Singapore to fund and host the ASEAN Regional CERT for a decade, with an investment of USD 10.1 million. This facility, co-located at the ASCCE in Singapore, will serve as a hub for information sharing on cyber threats and attacks, as well as online scams. It will also provide a dedicated space for in-person activities such as cyber exercises, workshops, and capacity-building programs, fostering collaboration among AMS.
The ASEAN Regional CERT Taskforce
The inaugural meeting of the ASEAN Regional CERT Taskforce took place on August 16, 2024, in Singapore, chaired by Malaysia. This taskforce is responsible for guiding the efforts of the ASEAN Regional CERT and is led by a rotating coordinator based on the AMS’ ASEAN Network Security Action Council (ANSAC) chairmanship term. During this meeting, the taskforce discussed the implementation of eight key functions, including:
- Facilitating coordination and information sharing between AMS National CERTs.
- Developing and maintaining an ASEAN Point of Contact (POC) network of cybersecurity experts and organizations.
- Hosting ASEAN cybersecurity conferences, meetings, and training for AMS National CERTs.
- Conducting regional cybersecurity exercises and partnering with international organizations to support ASEAN’s cybersecurity objectives.
- Developing partnerships with industry and academia to enhance cybersecurity capabilities.
- Supporting AMS National CERT capacity-building and the exchange of best practices.
- Conducting cybersecurity awareness campaigns in coordination with other ASEAN Sectoral Bodies.
These initiatives are designed to create a cohesive and collaborative cybersecurity environment across the region.
Implementation of the Norms Implementation Checklist
A rules-based international order in cyberspace is essential for ensuring a secure and stable digital landscape. In line with this, the Cyber Security Agency of Singapore (CSA) and the United Nations (UN) Office for Disarmament Affairs launched the Norms Implementation Checklist (NIC) initiative in 2020. This initiative aims to support ASEAN’s commitment to the 11 norms of responsible State behavior in cyberspace, as outlined in the 2015 consensus report of the UN Group of Governmental Experts (UNGGE).
The NIC comprises actionable items categorized into five pillars: policy, operation, technical, legal, and diplomacy. It also outlines suggested capacity-building activities for States to consider in implementing these norms. Singapore, as a co-lead of the norms implementation efforts in ASEAN, organized a workshop in August 2024 to finalize the NIC. This checklist is the first of its kind in the region and serves as a valuable reference for AMS and beyond, promoting collective efforts to build a safer cyberspace.
Conclusion
The 9th ASEAN Ministerial Conference on Cybersecurity marked a significant step forward in the region’s commitment to enhancing cyber resilience. With the establishment of the ASEAN Regional CERT and the implementation of the Norms Implementation Checklist, ASEAN member states are poised to strengthen their collaborative efforts in addressing cybersecurity challenges. As the digital landscape continues to evolve, the importance of a united front in cybersecurity cannot be overstated. The initiatives discussed at the AMCC will not only bolster the region’s defenses against cyber threats but also foster a culture of cooperation and shared responsibility among AMS, ensuring a secure and resilient cyberspace for all.