Ladies and Gentlemen,
Members of the Media,
1. Welcome and thank you for joining us this afternoon. I am delighted to have United Nations Under-Secretary General Mr Fabrizio Hochschild and Deputy Secretary-General of the ASEAN Political Security Community Dr Hoang Anh Tuan here with me today.
2. Let me start by saying that we have had a very good set of meetings over the last two days, both in the context of the Singapore International Cyber Week (SICW) and also the ASEAN Ministerial Conference on Cybersecurity (AMCC). The attendance at this year’s SICW has been strong. There has been a total of 10,000 participants, which is significantly higher than last year, which was about 8,000. Participation has also been wide, drawing from more than 60 countries. We have also achieved a strong representation across both the public and the private sectors.
3. In my view — and I think this is broadly acknowledged in the conversations I have had with many other participants in this event—this strong participation and active dialogue that we have had over the past two days is a reflection of two key insights. First, the importance that the global community is attaching to the issue of cybersecurity. Second, it is about the recognition of SICW as a valuable platform in the global cyber dialogue and in particular, the importance of ASEAN and the engagement with ASEAN Ministers in the context of cybersecurity.
4. If I can make the transition to the next point which is on the AMCC itself—ASEAN Ministers had a very good discussion on cybersecurity matters. The importance and impetus that we are giving to cybersecurity stems from the recognition that cybersecurity is key, and undergirds our digital economy ambitions for the region. The region is already growing significantly in terms of its digital economy, and the prospects for growth are even brighter. We are already seeing the emergence of many tech companies at the level of startups, for instance. We are seeing very vibrant startup activities. We are also seeing significant numbers of unicorns and other larger fast growing companies emerging. This is a demonstration of the potential of the digital economy for ASEAN, and in that context, cybersecurity takes on a particular significance because it ensures that we can continue to have a trusted, reliable digital space in which the digital economy can operate and one in which participants can transact with confidence.
5. ASEAN Member States and Ministers recognise that we have to move forward beyond where we were last year in order to sustain the momentum, and also to move in tandem with the needs of our digital economy. Last year, we agreed to subscribe in- principle to the 11 norms that were put forward by the UN Group of Governmental Experts (UNGGE) in 2015. It is noteworthy that ASEAN is the first and only regional grouping to do so, and we did so because we recognised that this was an important part of building trust and confidence in cyber space globally. Even though we have not quite worked out how to translate these into actionable items, we wanted to signal to the world that ASEAN was prepared to lead in this aspect.
6. This year, we have built on that momentum and there are three areas in particular where we have had significant movement. The first is in cyber capacity building. It has been broadly acknowledged that in order to fulfill our digital economy ambitions and to ensure cyber security, capacity building is key. In that regard, there have been several efforts. The ASEAN-Singapore Cybersecurity Centre of Excellence (ASCCE) is an important initiative. We launched it today and the intent is to use that as a key platform through which we will raise our capabilities as a region in the space of cybersecurity. There are other initiatives in the region, including the ASEAN-Japan Cyber Security Capacity Building Centre that is in Bangkok. Significantly, in this ASCCE, we are also embarking on a partnership with the United Nations, to train senior executives through a fellowship. Once again, this is an example of how we are working together with international partners to raise our capabilities in this space. In future, we also intend to look deeper and study how we can also work with the private sector. I will come back to this point later.
7. The second major outcome from the meeting with ASEAN Ministers is in the decision that we want to establish a cross-sectoral coordination committee. The significance of this is that the subject matter of cybersecurity within the ASEAN context is being discussed in different tracks. To some extent, this is also a reflection of how it is being pursued within individual ASEAN countries. However, what we want to do at the ASEAN level, is to find a common thread that will help us have key points of contact across each ASEAN nation and for us to be able to have a coordinated response to cyber security issues. This is an important initiative because it is about recognising the fact that cyber security challenge is a transboundary one, and that it is one where we need a response that cuts across nations as well as a willingness for us to work together in order to secure cyber space.
8. The third aspect of the outcomes from the ASEAN Ministers’ Meeting pertains to the conversation on norms. I mentioned earlier how there are 11 UNGGE norms, which are significant because they go towards building trust and confidence in cyber space. However, it is key that we translate these norms into practical steps going forward because otherwise, these would remain as principles. In ASEAN’s context, we have decided that we want to do further work in taking at least some of these norms into a practical set of actions that we would like to implement. In doing that, we want to ensure that we take into account the diversity that we have within ASEAN and, in particular, individual countries’ considerations—be it around their circumstances, their capacity and other considerations.
9. So what we intend to do is that we have decided to establish a working level committee under the AMCC to further explore this, identify key areas of action, and to report back to the AMCC in one year’s time—in other words, by next year’s AMCC. And in particular, we have also asked them to look into specific aspects. For example, CERT to CERT cooperation, how we can protect and strengthen our Critical information infrastructure and also mutual assistance when it comes to dealing with cybersecurity threats. Ultimately, our goal is to report these actions and decisions to our leaders, because the whole sequence of activities we are embarking on now is a result of our leaders’ decision that this is an important area of work that requires ASEAN to take concrete steps on, and this group of Ministers were tasked to develop a response.
10. More broadly, I want to make the point that SICW has managed to engender a very successful and meaningful regional and international dialogue on the topic of cyber security. We have, as you can tell, partners from the United Nations as well as our dialogue partners who are present here, as well as many other countries around the world. The UN Under-Secretary-General and Special Adviser is here, so too are the Chairmen of two important processes in the UN—the UNGGE and the UN Open-Ended Working Group (OEWG)—which are both working on cybersecurity initiatives. Their presence is a recognition of both the global significance of a forum like SICW, and also the important role that ASEAN can play in this global discourse on cyber security. This is important because as a group and as a region, we are embarking on many initiatives. This is an opportunity, on one hand, for our deliberations and thinking to inform the multilateral work that is taking place in international organisations; and on the other, to inform the work that we are doing based on the considerations of these international dialogues and conversations.
11. I want to make a comment on the role of the private sector too. Cybersecurity is a space which is characterised by the fact that a significant proportion of, and by some estimates, more than 90 per cent of the Critical Information Infrastructure is actually in the ownership of the private sector. The private sector has in fact been investing heavily in building its cyber capacity. Whilst Governments are working at the national level, at the Government-to-Government level and also working with international organisations, we have capabilities that are also developing in the private sector. This is an opportunity for us to work together – between the public and private sector – and to make common cause because ultimately, we all benefit from having a secure cyberspace. If we want to ensure that this very important public good is preserved and enhanced, we will need a collaborative approach not just among nations, but also between the public and private sectors. This is an area which we want to further work on, and in particular, our ASCCE will be looking at how we can work with the private sector to learn from each other in the area of capacity building and bring best practices on both sides to the fore so that we can jointly develop a very strong cybersecurity framework.
12. To conclude, I would like to emphasise that there has been growing recognition that cybersecurity is a global commons challenge, where the benefits of doing it right and the consequences of not getting it right would apply to all of us. Our interests are deeply intertwined and it is necessary and valuable that we work together as a team—whether it is at the national level, the international level and also within ASEAN to strengthen cybersecurity. In this effort, Singapore and ASEAN—in collaboration with our international and dialogue partners—can make a meaningful contribution and difference to the lives of our citizens, in our own countries, in the region, and also to make an important contribution to the global community.