Your Excellencies, Ministers, Colleagues
Deputy Secretary-General of ASEAN, H.E. Hoang Anh Tuan
Ladies and Gentlemen
1. Good morning to all of you. First, I want to extend a very warm welcome to the 4th ASEAN Ministerial Conference on Cybersecurity (AMCC). I am very glad that many friends and familiar faces are here today with us from our fellow ASEAN Member States (AMS) to Dialogue Partners. The fact that all AMS are present here today, as with previous AMCCs, is testament to our shared and continued commitment to strengthen cybersecurity in the region. I want to thank all of you for your continued support and contributions to the work of the AMCC.
Growing the ASEAN Digital Economy: Cybersecurity as a Key Enabler
2. Just to put our work in a broader context, Southeast Asia’s digital economy continues to grow at a remarkable pace. The Economic Research Institute for ASEAN and Asia (ERIA) has projected that the ASEAN digital economy will expand by more than six times, to an estimated US$200 billion within the next decade.1 I think some would argue that this is, in fact, a conservative estimate considering the pace at which technologies are being adopted by our citizens.
3. This is a dynamic and exciting time for ASEAN, rich with promise as we tap on opportunities in the digital economy, and strive for inclusive growth. The digital transformation of our economy will create jobs for our people and it will spur innovation and enable our businesses, especially our SMEs, to thrive.
4. As the digital economy grows in scale and complexity, cybersecurity becomes of utmost importance to provide the much needed and requisite assurance and trust in the digital technologies that permeate all sectors of the economy, and that we are increasingly adopting. So, our efforts to grow the ASEAN digital economy must be complemented by a robust approach to regional cybersecurity. This is why the work we are doing through the AMCC is very important.
ASEAN’s Progress in Cybersecurity
5. ASEAN has made significant strides in coordinating and strengthening our cybersecurity efforts.
6. At the first AMCC, we were at the early stages of our endeavour to strengthen regional cybersecurity. AMS recognised that cybersecurity was a crucial enabler, but also a challenging and complex problem, given its multi-disciplinary nature. We agreed to work towards closer cybersecurity cooperation, better coordinate our cyber capacity building efforts, and strengthen regional discussions on cybersecurity.
7. At the time of that meeting in October 2016, AMS were embarking on our cybersecurity efforts and ramping up our domestic initiatives. In Singapore, for example, the Singapore Cybersecurity Strategy was one day old, and the Cybersecurity Agency of Singapore (CSA) had just marked its first year anniversary.
8. We have all come a long way since then, not least because of the rapid changes in the global cybersecurity environment and the need for us to respond to it. In the short span of three years, ASEAN countries’ focus on cybersecurity has risen, with cybersecurity elevated to a national priority. At the same time, we have proactively reached out to broaden and deepen our regional linkages and efforts.
9. Through our collective resolve, we have levelled up ASEAN’s capabilities, and are better equipped and organised to respond to the cyber threat.
10. ASEAN’s efforts to ensure a secure and stable cyberspace remain critical, to unlock the full potential of ASEAN’s Digital Economy. There are existing efforts that we have to consolidate and build on, as well as new and emerging areas that require greater attention as we advance to the next phase in regional cybersecurity.
11. I would like to highlight three key areas of focus for ASEAN in the immediate future which we should take up in our discussions later. First, regional capacity building. Second, regional cooperation. Third, international conversations on cybersecurity. Let me elaborate on each of them.
Strengthening Regional Cyber Capacity Building and Cooperation
12. ASEAN has progressed in the first two areas of regional capacity building and cooperation, both of which are essential to address the growing cybersecurity threat.
13. Cyber attackers continue to evolve and develop ever more sophisticated tools and techniques. They are no longer motivated merely by economic gains, but also seek to disrupt our critical information infrastructure. At the same time, cyber defenders have to secure an increasingly challenging terrain, including a growing attack surface and new technology domains such as IoT and 5G.
14. Given our interconnectedness and the transboundary nature of cyber threats, we must strengthen our security and resilience as a region. In other words, we are in this together. It is in our common interest to strengthen our defences and safeguard our critical infrastructures.
Regional Cyber Capacity Building
15. In Singapore, we are resolutely committed to support regional cyber capacity building. To deepen our support, I am glad to announce today the launch of the ASEAN-Singapore Cybersecurity Centre of Excellence (ASCCE), which we will have the pleasure of jointly launching later today with ASEAN Ministers.
16. The ASCCE is an extension of the ASEAN Cyber Capacity Programme (ACCP) and it is in response to the positive and encouraging feedback from our AMS participants and some of the programmes that we run today. The ASCCE has been conceived as an open and inclusive platform, where all AMS, Dialogue Partners and stakeholders including industry, academia and international organisations are welcome to participate.
17. With a commitment of S$30 million over 5 years, the ASCCE will offer policy and technical programmes tailored for participants at varying levels of cyber proficiency.
18. The ASCCE will fulfil three main functions:
a. Conduct research and provide training in areas on international law, cyber strategy, cyber conflict, legislation, cyber norms and other cybersecurity policy issues;
b. Provide CERT-related training as well as facilitate the exchange of open-source cyber threat and attack-related information and best practices; and
c. Conduct virtual cyber defence trainings and exercises.
19. For a start, the ASCCE has partnered with Temasek Polytechnic in Singapore to have a Cyber Range Facility which will be operational from today. The main ASCCE training centre, located at the heart of the city, will be ready in the second quarter of 2020.
20. I am also happy to announce two new initiatives with the UN under the ASCCE.
a. Under the United Nations-Singapore Cyber Programme (UNSCP), the United Nations Office for Disarmament Affairs (UNODA) and Singapore will conduct a Senior Executive Cyber Fellowship, with the first run to be conducted next year. This fellowship will equip senior management level participants with inter-disciplinary cyber and technology expertise to support their work on national cybersecurity policy, strategy and operations. Each AMS will be invited to send a representative.
b. Singapore will also be conducting a workshop on the Implementation of Norms and Confidence Building Measures (CBMs) as a follow up to the July 2019 UNSCP Norms Awareness workshop.
21. We are heartened and encouraged by the strong support and interest in the ASCCE thus far from our ASEAN Partners and Dialogue Partners, and look forward to working with you to strengthen our region’s cyber capacity. In particular, this centre will also have to develop strong links with the private sector. As we have discussed in the course of the conference over the last day or so, much of the digital infrastructure and capabilities lie within the private sector. The private sector has invested much in developing its own capacity to deal with cyber threats. We need to find ways to harness private sector initiatives as part of this larger regional capacity building effort, so that we are able to not just benefit from Government to Government, or cooperation between Government and International Organisations, but also cooperation with private enterprises.
Regional Cyber Coordination
22. Regional cooperation goes hand in hand with capacity building, and helps to reinforce our collective efforts to be more efficient and effective.
23. On the technical cooperation front, as tasked by the ASEAN Network Security Action Council (ANSAC), Singapore undertook the feasibility study of establishing the ASEAN Computer Emergency Response Team (CERT). The finalised report will be submitted to TELMIN later this month for endorsement. We look forward to working with AMS on the establishment of the ASEAN CERT.
24. Given that cybersecurity is a cross-cutting issue, it is also important to ensure broader cooperation across all ASEAN Sectoral Bodies and pillars. In the ASEAN Leaders’ Statement on Cybersecurity Cooperation at the 32nd ASEAN Summit, ASEAN Ministers were tasked to consider and recommend feasible options of coordinating cyber policy, diplomacy, cooperation, technical and capacity building efforts across the various platforms.
25. Singapore has been working with AMS and the ASEAN Secretariat to put forward a proposal for the ASEAN Coordination Mechanism. We would like to thank all AMS, officials, for your ideas and suggestions, and we look forward to further discussion on the ASEAN Coordination Mechanism at the AMCC closed-door session later. Indeed, this was a major point of discussion at last year’s session, and I think this year we will have the opportunity to give it a tangible form and take the process forward.
Participation in International Discussions on Cybersecurity
26. Even as we work within ASEAN on regional capacity building and coordination, we must pay attention to a third focus area – international discussions on cybersecurity. ASEAN’s cybersecurity initiatives must inform, and be informed by, these international initiatives.
27. The UN Group of Governmental Experts (UNGGE), Open Ended Working Group (OEWG) and the Paris Peace Forum are key fora for discussions on international cyber norms and standards. These platforms are important in building international consensus and support for predictable modes of behaviour to ensure peace and stability.
28. These conversations have been gaining traction in recent years, and it is timely and essential for ASEAN to come together to participate in such discussions, to ensure that our region’s interests and operational context are taken into account, and that we are able to demonstrate ASEAN’s own thought leadership in many of these areas.
29. AMS subscribed in-principle to the eleven norms recommended in the 2015 UNGGE Report at last year’s AMCC. We have the distinction of being the first and only regional grouping to have done so, and ASEAN has been recognised for its progressive thinking amongst the international community, including at the UN. This was only possible because all of our AMS Ministers recognised the importance and gave it their full support. So we have a mindshare in the international discussions on cybersecurity norms and it is important that we build on that momentum.
30. To do so, ASEAN will discuss the implementation of the UNGGE norms in the region at today’s closed door session. AMS cyber experts have been discussing the eleven norms at various ASEAN capacity building workshops throughout the year. They have identified areas where progress has been made, as well as other areas in need of capacity building in order to successfully implement the norms. This will be another area that we have to discuss later this morning.
31. Given the ongoing UNGGE and OEWG processes, we have also arranged for an ASEAN dialogue with the UN delegation, comprising the Special Adviser for the United Nations 75th Anniversary and the follow-up to the High-Level Panel on Digital Cooperation Under-Secretary-General Fabrizio Hochschild, UNGGE Chair Ambassador Guilherme de Aguiar Patriota, and OEWG Chair Ambassador Jurg Lauber. The UN delegation will update us on the status of the UN cyber discussions, and we will have the opportunity to present our perspectives on priority areas for UN cyber discussions and suggestions on how to structure such discussions in the future.
32. In closing, I want to reaffirm the fact that ASEAN has made significant progress towards a secure and resilient cyberspace. This has been possible because of the spirit of collaboration among AMS and we are now in a much better position today to contend with the evolving cybersecurity threat. Looking ahead, it is critical that we sustain these efforts and renew momentum in the areas of capacity building, regional cooperation and international cyber discussions. In Singapore, we stand ready to work with all our ASEAN partners, to ensure a secure cyberspace that will help to unlock the full potential of the ASEAN digital economy for the benefit of our people and our businesses.
33. I look forward to our discussions at the AMCC, and I wish all of you a pleasant and fruitful time in Singapore. Thank you.
1 According to the Economic Research Institute for ASEAN and East Asia (ERIA), the ASEAN digital economy is expected to expand by 6.4 times to US$197 billion by 2025 from US$31 billion in 2015. (17 Jun 2019, “Strengthening ASEAN’s digital economy”, The ASEAN Post)