Secretary-General of ASEAN, Dato Lim Jock Hoi
Ladies and Gentlemen
A very good morning to all of you. First, I want to extend a very warm welcome to the 3rd ASEAN Ministerial Conference on Cybersecurity (AMCC). I would like to begin by thanking all ASEAN Member States (AMS) and Dialogue Partners for your continued support and contributions to AMCC. The fact that all AMS are present today is testament to our commitment to enhance regional cooperation for cybersecurity.
ASEAN’S CYBERSECURITY CHALLENGE
2 The cyber threat faced by ASEAN, and indeed the world, is increasingly sophisticated, transboundary and asymmetric in its nature.
3 In the past year, AMS – Singapore included – have experienced several cyber incidents. A couple of months ago, one of Singapore’s public healthcare IT systems was attacked, and the non-medical personal data of 1.5 million patients illegally accessed and copied.
4 Cyber incidents do not merely cause the loss of billions of dollars. They also have a debilitating impact on our inter-connected Critical Infrastructure, economic activity, regional connectivity; they erode public trust in governments and this is fundamental. Hence, our pursuit of ASEAN’s digital ambition must be undergirded by our commitment to strengthen cybersecurity in the region. The one cannot function without the other.
5 It is therefore fitting that the theme chosen for Singapore’s Chairmanship of ASEAN this year is “Resilience and Innovation”. It aptly captures the key dimensions of strengthening regional cybersecurity: to foster cyber resilience – which is to ensure strong defences and quick recovery from attacks; and also cyber innovation – nurturing ideas and a vibrant ecosystem, so that we keep pace with evolving threats.
TACKLING THE REGIONAL CYBER THREAT
6 Cybersecurity cannot be viewed or addressed from a single perspective. It is a threat that cuts across many domains, and therefore it requires a multi-disciplinary response.
7 Hence, it is not surprising that our cybersecurity community is a diverse one; that we organise our ministries and agencies in different ways to deal with cybersecurity; and that we also meet at various other platforms, such as TELMIN and TELSOM, to discuss similar cyber issues.
8 But regardless of this variegation in the landscape, it is imperative that we come together to forge a unified, holistic and multi-disciplinary effort to address the cyber threats facing the region. That is the impetus for the AMCC – to bring together ASEAN Ministers overseeing ICT and Ministers overseeing Cybersecurity, to enable a holistic, cross-cutting dialogue.
9 Over the last two years, the AMCC has achieved much progress with your support. The 2nd AMCC Chairman’s Statement was used in the 31st ASEAN Summit Chairman’s Statement. The Chairman’s Statement also formed the basis for the first-ever ASEAN Leaders’ Statement on Cybersecurity Cooperation.
FOCUS AREAS FOR AMCC 2018
10 The ASEAN Leaders’ Statement is a significant step that demonstrates our collective resolve as a region. Our leaders have asked that we accomplish two specific outcomes: better regional coordination among the various ASEAN sectorals, and recommendations for a set of voluntary, practical norms of State behaviour to be adopted, taking reference from the 2015 UNGGE report. These expectations dovetail into our theme of Resilience and Innovation as we explore how to strengthen cooperation and coordination, and build greater capacities across the region.
Strengthening regional cooperation and coordination
11 On regional cooperation and coordination, ASEAN sectorals are already starting to work together to share information and exchange best practices.
12 Platforms such as the ASEAN Network Security Action Council (ANSAC), and the newly formed ASEAN Regional Forum Inter-Sessional Meeting on Security of and in the Use of ICTs (ARF ISM-ICTs), have been useful to coordinate our cooperation activities and to facilitate sharing on cybersecurity efforts within and between regional platforms. Through the ASEAN Cybersecurity Cooperation Strategy, we have the ASEAN Computer Emergency Readiness Team (CERT) Maturity Framework, which provides a common blueprint to assess the maturity of our national CERTs, and coordinate capacity building across ASEAN.
13 What more can we do to bring the various ASEAN cybersecurity initiatives together as a coherent strategy? How can we achieve better coordination while the sectoral tracks operate freely within their specific domains? This is what we hope to discuss this morning and come up with proposals that can be followed up.
Fostering an international rules-based order for cyberspace.
14 On international norms, Singapore, together with its international and regional partners, remains firmly committed to an international rules-based order for cyberspace; built by applying the relevant international laws to cyberspace, adopting voluntary norms for State behaviour and implementing robust Confidence Building Measure.
15 A rules-based order is key because it gives all States, big or small, the confidence, predictability and stability that is essential for economic progress, job creation and technology adoption. Ultimately, this will help to enhance the lives of all our people. It is also important that the international community abides by the same rules, as our world grows ever more interdependent and interconnected.
16 We are heartened that AMS share this vision, and are grateful for your contributions to take the ASEAN conversation on norms; an important one that is progressive in its thinking and we are taking it forward. It was this very discussion among all AMS at the past two AMCCs, that culminated in the 2nd AMCC Chairman’s Statement and brought the issue of norms to the forefront.
17 We also appreciate AMS’ active participation at workshops, such as the ASEAN Cyber Norms Workshop hosted by Singapore in May last year and June this year; and the Workshop on International Law, Norms and Governance in Cyberspace hosted by Brunei in February this year.
18 It is vital that we, in ASEAN, make our voices heard. We are a dynamic region of 630 million people who are poised to reap the fruits of a digital economy. So we need to converge on a common understanding of cyber norms that are relevant and are applicable to the ASEAN context.
19 Following on from our agreement at AMCC 2017, today we will discuss which voluntary norms can be recommended for adoption in ASEAN, taking reference from the 2015 norms recommended by the UNGGE. Singapore is pleased to work with AMS and our Dialogue Partners to develop our regional position on cyber norms, and to bring this unique ASEAN perspective to global conversations.
Capacity building initiatives
20 Voluntary, non-binding norms are necessary but they are not sufficient to bring about a secure and stable rules-based cyberspace. It is important that countries also have the capacity to implement these norms.
21 The strong foundation of cooperation between AMS and our Dialogue Partners has enabled us to work closely on many initiatives for incident response, confidence building and technical cyber capacity building.
22 Under our ACCP, Dialogue Partners such as Australia and the US have worked with us on capacity building across both technical and policy areas. We also look forward to working with other Dialogue Partners such as Canada and China.
23 We have just completed the 13th edition of the annual ASEAN CERT Incident Drill (ACID) two weeks ago, involving CERTs from all AMS as well as Australia, China, India, Japan and the Republic of Korea. This year’s ACID focussed on cryptojacking, given the rise in hackers’ attempts to exploit vulnerabilities in content management systems and web servers for cryptocurrency mining. Amidst an ever-shifting threat landscape, ACID remains relevant to strengthen regional cybersecurity preparedness, reinforce regional coordination drills and enhance cybersecurity cooperation between AMS and Dialogue Partners.
24 To complement these efforts, Singapore launched the $10 million ASEAN Cyber Capacity Programme (ACCP) in 2016, to boost cybersecurity know-how across the region and keep pace with technological developments. We thank AMS for your strong support and participation in ACCP. Thus far, we have trained more than 140 director-level officials from AMS on topics ranging from cyber strategy development and legislation, to incident response. Under the ACCP’s Industrial Attachment Programme, every AMS has been invited to send two officers to Singapore for training in Security Operations Centre (SOC) set-up and management.
25 Singapore would also like to congratulate Thailand on the launch of the ASEAN-Japan Cybersecurity Capacity Building Centre in Bangkok, which will play a useful role in developing cybersecurity human resources in ASEAN. Singapore looks forward to participating in the Centre’s initiatives, and working with Thailand and our other ASEAN partners to jointly deliver ACCP training through this Centre.
ASCCE as an extension of ACCP
26 We in Singapore remain steadfast in its commitment to the regional effort to build up cyber capacity. To deepen our support, the Singapore-ASEAN Cybersecurity Centre of Excellence (ASCCE; or “Ace”) will be launched in 2019, as an extension of the ACCP. Throughout our various efforts, we must maintain ASEAN centrality, a strong spirit of collaboration among AMS; and we must be open and inclusive to all our Dialogue Partners. This is embodied in the setup of the ASCCE, where all AMS, Dialogue Partners and relevant stakeholders including industry partners and international organisations are welcome to participate.
27 The ASCCE will be a multidisciplinary centre for capacity building, with three main functions:
- First, to conduct training and research, in order to strengthen AMS’ strategy development, and advance ASEAN’s thinking on legislation and norms;
- Second, to build up and train national CERTS in the region, to enhance their technical expertise and cyber incident response skills;
- And third, to promote CERT-to-CERT open-source information sharing.
28 We have deliberately scoped the ASCCE to cover policy, strategy and legislation, as well as operations. It reflects our conviction in the importance of aligning cyber diplomacy efforts with operational issues. We believe that this alignment will facilitate coordination towards a unified ASEAN perspective, so that we can better secure our collective regional interests at international platforms.
29 To date, Australia, Canada, the European Union, the Republic of Korea, New Zealand, the United Kingdom and the United States have indicated keen interest to work with us to develop and deliver programmes under the ASCCE. We look forward to working with them and other interested parties to build cyber capacity for the region.
Singapore-UN Cyber Programme
30 We are also exploring how the ASCCE can function as a focal point to sustain and amplify the regional capacity building effort. CSA and the United Nations Office for Disarmament Affairs (UNODA) have already worked together to develop the UNODA flagship online training course on the use of ICTs in the context of international security. As a further step, I am pleased to announce that CSA and UNODA will be rolling out a Singapore-UN Cyber Programme (UNSCP). The UNSCP will develop and run an annual Norms Awareness Workshop and a Cyber Policy Scenario Planning Workshop. Director-level representatives for key domains – such as the national incident response agency, the foreign ministry, and the national cyber policy coordination – from each AMS will be invited to participate. By structuring the UNSCP in this way, we aim to support each AMS’ efforts in the coordinated development of their national cybersecurity policy, strategy and operational practice.
31 ASEAN has made a concerted effort to rise to the evolving cybersecurity challenge. We are much more coordinated than before, and each ASEAN Member State has also taken concrete steps to move forward.
32 Singapore, on its part, stands ready to work with our ASEAN partners to ensure a rules-based order for cyberspace, in order to preserve a meaningful stake in the ASEAN digital economy for our citizens. The 3rd AMCC is another important step in our collective journey towards a Trusted and Open Cyberspace. Thank you.