My ASEAN Ministerial colleagues
Ladies and gentlemen
- Good morning. A very warm welcome to the 8th ASEAN Ministerial Conference on Cybersecurity, or AMCC.
- It is a pleasure to address ASEAN colleagues again. Your presence here reaffirms our shared commitment, and I thank you for your support and valuable contributions to the work of the AMCC. I also want to express my appreciation to all our dialogue partners for being here.
- The theme for Indonesia’s ASEAN Chairmanship this year is “ASEAN Matters: Epicentrum of Growth”. Here, our message to the world is for them to recognise us and take note of the fact that this is where much growth is taking place, and therefore we matter to the world.
- Digitalisation and our digital economies will certainly be one key area of growth for ASEAN. However, cyber threats and risks pose formidable challenges to our digitalisation journey. So, to reap the full benefits of digital developments, we must work together to improve our collective cybersecurity.
- There are at least two priorities to make progress. The first is to strengthen cybersecurity cooperation and resilience regionally; and the second is to support the establishment of a rules-based multilateral order in cyberspace internationally.
- Let me talk about regional cooperation first. In fact, ASEAN has come a long way since the first AMCC in 2016.
- In 2017, we developed the ASEAN Cyber Cooperation Strategy to set out the roadmap for achieving a safe and secure ASEAN cyberspace. To keep pace with the changing landscape, the Strategy was updated in 2021, and is planned for a mid-term review in 2024. This makes sense because everything in the digital domain is changing so quickly. When we met last year, none of us have ever heard about ChatGPT!
- These efforts build on even earlier foundations and complementary initiatives. Since 2006, the ASEAN CERT Incident Drill (ACID) led by the Cyber Security Agency of Singapore (CSA) has taken place every year, even during Covid. Incidentally, ACID 2023 will be held at the sidelines of the SICW. Following the 2020 Solarwinds incident, we also established the ASEAN Computer Emergency Response Team (CERT) Information Sharing Mechanism to facilitate timely information exchanges. So far, in cybersecurity, coordination and communication among ASEAN Member States (AMS) is going well. We should build on the momentum to advance our cooperation even further. Allow me to propose three ways to do this.
- First, we should strengthen cyber incident response in ASEAN. Cyber threats do not respect borders. An attack can quickly spread across the world. It is therefore important for all our CERTs to work together to quickly share information and warn each other as early as possible. Last year, I shared with you our plans to establish the ASEAN Regional CERT. We are currently drafting the financial model that defines its structure and functions.
- Second, we should strive to develop standards. As we progress towards building Smart Cities and Industry 4.0, adopting baseline technology standards is vital to building confidence among businesses and users. One rapidly growing area is Internet of Things (IoT).
It has been estimated there could be some 50 billion IoT devices in use worldwide by 20301
Yet, many of these devices are developed without proper cybersecurity features. Why? Because developers tend to prioritise speed-to-market and cost. Even IoT devices with cybersecurity features can be vulnerable if they are not consistently patched. Imagine if smart home security systems are hacked by burglars or medical IoT devices are exploited to give incorrect readings. This is why Singapore introduced the Cybersecurity Labelling Scheme for IoT devices, to encourage greater awareness and the development of more secure products.
- CSA is actively working to establish mutual recognition arrangements with international partners, and is developing an international standard, ISO 27404, to define a Cybersecurity Labelling Framework. The ISO standard will facilitate take-up in more countries.
It is heartening to see growing interest in this area.
- Third, we should enhance capacity building. As we all know, cybersecurity is a team effort. We value the expertise from all AMS and recognise the need for strong regional ties to better address cross-border cyber incidents. For this reason, Singapore is keen to contribute to regional capacity building efforts. We will continue to take a practical, multi-disciplinary and multi-stakeholder approach and organise our programmes through the ASEAN-Singapore Cybersecurity Centre of Excellence (ASCCE).
- Yesterday at the Opening Ceremony of SICW, our Deputy Prime Minister Mr Heng Swee Keat announced that we are extending our funding commitment of $30 million to the ASCCE by another three years. We are also expanding the ASCCE programme, with the launch of the SG Cyber Leadership and Alumni Programme, which will now include participants from beyond ASEAN. This effort will enrich our programmes to address emergent threats, and better equip our officers with the expertise to strengthen our cybersecurity posture. It will also help build strong operational and technical relationships, which will in turn facilitate regional and international cooperation.
- We look forward to working with AMS and our ASEAN Dialogue Partners to develop and deliver these programmes.
- While national and regional efforts are very important, they will not be enough. It is, in fact, in our interest to cooperate internationally to establish a rules-based multilateral order in cyberspace.
- During the AMCC in 2018, the ASEAN Ministers subscribed in-principle to the eleven voluntary, non-binding norms for responsible behaviour in cyberspace, which were recommended by the 2015 UN Group of Governmental Experts (UNGGE). ASEAN was the first regional grouping, and remains the only regional grouping, to make this commitment to the norms.
- Presently, Singapore and Malaysia, together with other AMS, are putting together a norms implementation checklist as a non-binding reference for AMS. This serves to move us towards more practical and concrete steps in implementation.
- These discussions will also take place at the United Nations Open-ended Working Group on security of and in the use of ICTs (OEWG), which Singapore is honoured to chair. We thank all our ASEAN partners for your support and look forward to your active participation.
- Singapore recognises the UN as an inclusive platform where all countries have a voice. We therefore welcome the adoption of the OEWG’s 2nd Annual Progress Report (APR). The discussions leading up to it were not easy, which makes the adoption even more remarkable.
- Important initiatives such as the Global Points-of-Contract (POCs) directory will also be essential in facilitating coordination and communication between Member States, especially in times of crisis. Ambassador Burhan Gafoor, who chairs the OEWG, will be providing further updates later today.
- Let me conclude my remarks.
- I believe colleagues will agree that the AMCC’s accomplishments are the result of our shared commitment towards maintaining progress and advancing cooperation for a secure and resilient cyberspace.
- There are immense opportunities presented by technology and digital innovation, but these will only be possible within our countries and benefit our people and businesses if we can take good care of our cybersecurity. Our citizens are counting on us, and if we can meet their expectations, the ASEAN region will indeed be the epicentre of growth, paving the way towards a vibrant, sustainable, and resilient future.
- I look forward to your active participation at the AMCC, and I wish all of you a pleasant and fruitful time in Singapore.
1 IoT connected devices worldwide by 2030, Statista Research Development, 22 January 2021