Singapore and ASEAN Member States Deepen Commitment to Enhance Collective Cybersecurity in the Region

Mrs Josephine Teo, Minister for Digital Development and Information and Minister-in-charge of Smart Nation and Cybersecurity and representatives of the ASEAN Member States (AMS) reaffirmed their commitment to strengthen cyber resilience in the region during the 9^th ASEAN Ministerial Conference on Cybersecurity (AMCC). The Conference was held on 16 October as part of the Singapore International Cyber Week (SICW) 2024.

Since its inception, AMCC has served as an important non-formal regional platform that brings together relevant ASEAN Ministers of Telecommunications and/or Cybersecurity which has made significant progress in advancing cross-cutting and wide-ranging discussions on possible areas for ASEAN regional cybersecurity cooperation. This includes capacity building programmes under the ASEAN-Singapore Cybersecurity Centre of Excellence (ASCCE) in Singapore, and the ASEAN-Japan Cybersecurity Capacity Building Centre (AJCCBC) in Thailand. The active participation from AMS and its Dialogue Partner countries at the AMCC underlines the importance of maintaining an open, safe, secure, stable, accessible, interoperable, peaceful, and resilient cyberspace and the relevance of AMCC as a forum to facilitate collaborations.

Launch of the physical facility of ASEAN Regional CERT

At AMCC, Minister Josephine Teo announced the launch of the physical facility of the ASEAN Regional Computer Emergency Response Team (CERT). Since October 2022, Singapore has worked with AMS to draft the Operational Framework that outlines the purpose, scope, composition and partners, functions, and mechanism of the ASEAN Regional CERT. The Operational Framework was successfully endorsed by AMS at the 3^rd ADGMIN in February 2023. In February 2024, the AMS also agreed for Singapore to fund and host the physical facility of the ASEAN Regional CERT for up to 10 years. The operationalisation of the ASEAN Regional CERT will amount to USD 10.1 million for 10 years which will be funded by Singapore as the current ADGMIN Chair.

The ASEAN Regional CERT will be co-located at the ASCCE in Singapore and will significantly move forward information sharing among AMS on cyber threats and attacks as well as online scams. It will serve as a dedicated space for in-person activities e.g. cyber exercises, workshops and CERT-CERT cyber capacity building programmes to foster cohesive collaboration among the AMS. The ASEAN Regional CERT Taskforce, led by a rotating overall coordinator based on the AMS’ ASEAN Network Security Action Council (ANSAC) chairmanship term, will guide the efforts of the ASEAN Regional CERT.

The inaugural ASEAN Regional CERT Taskforce meeting was chaired by Malaysia and was held in Singapore on 16 August 2024. The Taskforce discussed the next steps to move forward on implementing the eight functions of the ASEAN Regional CERT as listed:

• Facilitate coordination and information sharing between AMS National CERTs.
• Develop and maintain an ASEAN Point of Contact (POC) network of cybersecurity experts and organisations.
• Host ASEAN cybersecurity conferences/meetings, and trainings for AMS National
• Facilitate and conduct regional cybersecurity exercises.
• Partner with other international and regional organisations in support of ASEAN cybersecurity interests and objectives.
• Develop partnerships with industry and academia.
• Support AMS National CERT capacity-building and exchange of best practices.
• Support the conduct of cybersecurity awareness campaigns in coordination with other ASEAN Sectoral Bodies related to cybersecurity and the ASEAN Cyber-Coordinating Committee.

Completion of Norms Implementation Checklist

A rules-based international order in cyberspace is essential for ensuring an open, secure, stable, and interoperable cyberspace for ASEAN region to reap socio-economic benefits in an increasingly digitalised landscape. CSA and the United Nations (UN) Office for Disarmament Affairs launched the Norms Implementation Checklist (NIC) initiative under the auspices of the UN-Singapore Cyber Programme in 2020 following ASEAN’s commitment to subscribe in principle to the 11 norms of responsible State behaviour in cyberspace from the 2015 consensus report of the UN Group of Governmental Experts (UNGGE). The completed NIC was presented to ASEAN Ministers at the 9th AMCC.

The NIC comprises a set of actions that all States can consider and follow to implement the UN norms of responsible State behaviour in cyberspace. The actionable items for each norm are separated into five pillars: policy, operation, technical, legal, and diplomacy. The NIC further outlines the suggested capacity-building activities for States to consider undertaking to support them in implementing the norms.

As co-lead of the norms implementation efforts in ASEAN, Singapore, in partnership with the National Cyber Security Agency of Malaysia, and with support from the UN Institute for Disarmament Research, organised a workshop in August for AMS to finalise the NIC.

The NIC is the first regional checklist of its kind and will serve as a reference not just for AMS but for countries beyond the region to support the collective efforts to build a safer and more secure cyberspace.