Ladies and gentlemen
Welcome to the 2nd ASEAN Ministerial Conference on Cybersecurity. Thank you for your excellent contributions at the inaugural AMCC last year, and for supporting the Singapore International Cyber Week again.
Commemorating 50 Years of Collaboration and Cooperation
2 This year, we commemorate the Golden Jubilee for ASEAN - 50 years of collaboration and cooperation. There is much to celebrate – ASEAN is a credible international organisation, which has contributed to a safe regional security environment. ASEAN is charting a clear path forward, with closer integration under the ASEAN Economic Community, and practical cooperation in new areas.
3 ASEAN’s achievements seem all the more remarkable when we take ourselves back 50 years, to 1967. Then, we were all separately battling security challenges that threatened regional security and stability. Five of us came together to mount a combined defence against these common security threats, and thankfully, we succeeded. The stable security environment that emerged over time then provided the pre-condition for all of us to grow our economies, to better our peoples’ lives. Over time, as our economies flourished, we added five more members, who were keen to be part of the Southeast Asian growth story. Hence, by addressing a security concern, we enabled broader growth and cooperation to take place. This experience of the past half century holds useful lessons for us as we chart the next fifty years for ASEAN.
Importance of Cybersecurity in the Digital Economy
4 We are at the cusp of a very exciting time, with tremendous opportunities. The digital economy is one key growth area for ASEAN. A recent research revealed that the ASEAN digital economy is expected to grow to about US $200 billion (S$277 billion) over the next 10 years, with e-commerce accounting for US$88 billion. Along with technological advancement and automation, new jobs and industries will be created.
5 Just as we had addressed security imperatives in the past, ASEAN will need to address cybersecurity challenges to reap the full dividends of our future digital economy. We have moved into an era of increasingly complex cyber threats. Cyber threats affect every facet of our increasingly digital lives. But in the economic domain, cyber-attacks have been responsible for significant economic losses too. The recent hacks in HBO and Sony caused valuable loss of intellectual property. Ransomware campaigns like GoldenEye disrupted companies’ operations, and caused significant economic losses.
6 There is therefore much work to do to strengthen cybersecurity as a key foundation for the digital economy. Given the tremendous potential for digitalisation in ASEAN, there is a leading role that ASEAN can play to ensure our region’s future success.
7 As such, it is important that each of us continue to do our part and work collectively as a community. Building on the ASEAN Cybersecurity Cooperation Strategy endorsed by the ASEAN Telecommunications and Information Technology Ministers’ meeting last year, I would like to suggest three areas in which we could ensure a secure and resilient cyberspace.
Domestically Pursuing a Holistic Cybersecurity Approach
8 First, we need to keep our own houses in order. That means achieving good cybersecurity domestically, so that we are better able to contribute to the regional effort. This means ensuring that our own Critical Information Infrastructures (CIIs) are resilient from cyber-attacks, and that we have the relevant capabilities and skills to maintain a decent standard of cybersecurity at home. Please let me elaborate using Singapore’s efforts on this front.
i Building Resilient CIIs
9 Singapore has taken steps to strengthen the cyber resilience of the critical information infrastructures (CIIs) and supranational CIIs that provide essential services critical for the smooth running of our country as well as services through Singapore for the rest of the world. For example, for trade, finance and logistics.
10 To test our operational readiness to combat cyber threats and identify areas that require levelling up of cyber security capabilities, we conduct annual joint cybersecurity exercises across critical sectors. One such exercise is Exercise Cyber Star, which is a national-level, multi-sector exercise conducted in July this year. It involved more than 200 participants comprising sector leads and private and public sector CII owners from all 11 designated CII sectors in Singapore.
11 Following the launch of our cybersecurity strategy last year, we will introduce a cybersecurity bill in parliament next year. The bill requires our CII owners to take responsibility for securing their systems, facilitates information sharing, and empowers Cyber Security Agency of Singapore or CSA and sector regulators to work closely with affected parties to resolve cybersecurity incidents in a timely manner. In developing the Bill, we have consulted various stakeholders, including sector leads, potential CII owners, as well as the wider industry and public. We even extended the public consultation period in response to the interest in the bill. We are currently studying the suggestions and feedback that were provided, many of which were constructive and useful.
ii Growing a Vibrant Cybersecurity Ecosystem
12 In addition, Singapore is developing a sustainable pool of skilled practitioners and solutions to improve cybersecurity.
13 Globally, we are confronted with a pressing problem of a shortage of cybersecurity professionals and the government cannot grow the cybersecurity workforce and the ecosystem alone. Joint collaborations between the government and companies, professional bodies and associations serve as gateways to attract advanced cybersecurity companies with highly skilled practitioners. We are stepping up efforts to develop relevant expertise and nurture a future-ready workforce to meet emerging and underserved cybersecurity needs.
14 On that note, I am pleased to share with you that, in Singapore, the CSA will be signing a MOU with ISACA (Information Systems Audit and Control Association), a leading professional body with members in 188 countries. The MOU will facilitate a collaboration on cybersecurity capability and workforce development. CSA’s collaboration with ISACA and other professional bodies will help to enhance the pool of competent professionals and strengthen Communities of Practice that comprise like-minded Cybersecurity professionals.
15 CSA and the Infocomm Media Development Authority (IMDA) have also established partnerships with PwC Singapore and PCS Security as part of the Cyber Security Associates and Technologists (CSAT) programme. This is part of the Tech Skills Accelerator (TeSA) initiative to train and up skill professionals with ICT or engineering disciplines to take on cybersecurity job roles through company-led training.
16 Some of our ASEAN members have also stepped up efforts to re-organise and better position themselves to strengthen the resilience of their critical information infrastructures and to nurture a vibrant ecosystem. One good example is Indonesia. It recently established its national cyber agency. The new National Cyber and Cipher Agency (Badan Siber dan Sandi Negara, BSSN) combines the capabilities of the Indonesia Security Incident Response Team on Internet Infrastructure (ID-SIRTII) and the State Cipher Agency under one roof to bolster and better coordinate Indonesia’s efforts in cybersecurity. This move will help strengthen the defence of Indonesia’s critical infrastructures.
17 Malaysia has also taken steps to enhance its cybersecurity talent pool. The Malaysian Digital Economy Corporation (MDEC) signed an agreement in December 2016 with the UK’s Protection Group International (PGI) to set up a cybersecurity academy – the UK-APAC Centre of Security Excellence – in Malaysia. This academy will introduce UK GCHQ-accredited cybersecurity courses that will help build a Malaysian cybersecurity workforce with the expertise to operate at a high international standard.
18 We should continue stepping up similar efforts within each of our countries, so that we can collectively create a safer and trusted cyberspace, and combat cyber threats with better capabilities.
Building Regional Capabilities with the Support of ASEAN Dialogue Partners
19 Second, we can also work together within and beyond ASEAN to minimize cyber risks by raising the level of regional capacity and cooperation in cybersecurity.
20 As part of the $10 million ASEAN Cyber Capacity Building Programme (ACCP) announced last year, Singapore had organized programmes spanning technological and policy domains with the support of ASEAN Member States and ASEAN Dialogue Partners.
21 In May this year, we successfully organized an ASEAN Cyber Norms Workshop to follow up on last year’s SICW discussion on cyber norms. The workshop also helped to heighten the awareness of ongoing global cyber norms discussions at platforms such as the United Nations Group of Governmental Experts (UNGGE). Here I wish to thank ASEAN member states for their strong support and enthusiastic participation.
22 I would like to also extend my appreciation to Australia for stepping forward to jointly organise with us a cyber-risk reduction workshop for ASEAN countries. We hope ASEAN member states will find this workshop useful, and we look forward to your participation.
23 Singapore is committed to foster close relationships with our ASEAN counterparts to build up regional cyber capacity, and will be deepening our support to this end. For the next three years, I am pleased to announce that Singapore will set aside $1.5 million of the ACCP to build technical capability among incident responders and operators in the ASEAN region.
24 Singapore will also be partnering the industry to run an ASEAN Cybersecurity Industrial Attachment Programme. This programme will offer training opportunity in Singapore for up to 18 candidates from ASEAN member states. The training will focus on security operations centre (SOC) operations and management, and other relevant technical areas of cybersecurity. Through this programme, participants will be able to advance their technical capabilities in effectively monitoring and responding to cyber threats.
25 Beyond scaling up capabilities, we can collectively develop and agree upon basic voluntary cyber norms in ASEAN. This will support the work of international organisations such as the United Nations, and more importantly, amplify ASEAN’s voice on international cyber discussions. With an agreement on cyber norms among nations, cybersecurity cooperation can be better achieved.
26 Singapore is supportive of having basic rules for behaviour in cyberspace and believes that ASEAN can work together to reach consensus on basic voluntary cyber norms for the region. Therefore, I would like to put forth a call for greater coordination among ASEAN on cyber policy and capacity building so that we can project a unified ASEAN voice internationally to protect and advance our regional perspectives.
Strengthening International Partnerships
27 Last but not least, we must go beyond ourselves and our region, and strengthen international partnerships. A coherent, coordinated global effort is key to a trusted and resilient cyber environment. This would facilitate a confident exchange of information among states and execution of joint operations to effectively respond to trans-boundary cyber threats such as the WannaCry attack in May this year.
28 A good example of such an operational cooperation was an Interpol-led operation that took place in early 2017. This operation brought together investigators from Singapore, Indonesia, Malaysia, Myanmar, Philippines, Thailand and Vietnam to share information on specific cybercrimes. Close to 9,000 malicious servers and hundreds of compromised websites, including government portals were identified in this Interpol-led operation. We should work towards further strengthening partnerships with similar regional and international organizations to identify and respond to trans-boundary threats in a timely, coordinated and coherent manner.
29 Just as ASEAN came together in the face of a security threat 50 years ago and created the pre-condition for all of us to do well, so too can we work closer together on cybersecurity to take full advantage of the fruits of digitalisation. Today’s conference will be another step forward to take stock, make plans and move forward as a united and cyber-resilient region. Singapore looks forward to partnering AMS and ASEAN Dialogue Partners in this joint effort. Hopefully we will succeed, and look back in 2067 to this day when our collective efforts to tackle cybersecurity paved the way for a sustained 50 years of growth and development in our region.
30 I look forward to the meaningful discussions at today’s conference, and I wish all of you a fruitful time in Singapore. Thank you.