CERTS From ASEAN Member States Gather In Singapore For The First Time To Participate In The ASEAN CERT Incident Drill (ACID)

1              To mark the 20th iteration of the ASEAN CERT Incident Drill (ACID), Singapore is organising its first physical iteration of ACID on 21 and 22 October 2025 in conjunction with Singapore International Cyber Week 2025. 36 incident responders from 10 ASEAN Member States (AMS)^[1], 5 ASEAN Dialogue Partners^[2] and Timor Leste will be participating in ACID.

2              An annual cyber drill hosted by Singapore, ACID is organised to test incident response procedures and strengthen cybersecurity preparedness and cooperation among AMS CERTs and Dialogue Partners. This year, ACID will be organised physically for the first time at the ASEAN-Singapore Cybersecurity Centre of Excellence (ASCCE) where the physical facility for the ASEAN Regional CERT is co-located. Themed ‘Securing Network Devices at the Edge’, the scenario for ACID focuses on cyber incidents affecting network edge devices, such as VPN appliances and secure remote access gateways, which often act as the first line of defence. As organisations increasingly rely on network edge devices, the drill will enable participants to learn practical techniques to secure these devices.

3              Participants will be using the ASEAN Regional CERT’s Information Sharing Mechanism (ISM) for the first time to facilitate threat intel sharing among countries. The ISM, commissioned in May 2025, functions as a centralised communication channel to facilitate cyber threat information sharing, technical exchanges, and cyber exercise coordination.

4              Ir. Dr. Megat Zuhairy Megat Tajuddin, Chief Executive of Malaysia’s National Cyber Security Agency and Overall Coordinator of the ASEAN Regional CERT Task Force, said, “As cyber threats grow increasingly transboundary, no nation can address them alone. The ASEAN CERT Incident Drill represents our collective commitment to strengthen regional cyber resilience through trust, preparedness, and operational cooperation. This year is especially meaningful as ACID is having its first physical iteration at the new ASEAN Regional CERT facility and marks the first use of the ASEAN Regional CERT Information Sharing Mechanism in an exercise setting since its operationalisation earlier this year. These milestones will pave the way forward in safeguarding our shared digital ecosystem.”

5              This year, participants will also take part in a Tabletop Exercise (TTX) exercise to manage cross-border cyber incidents, as well as a workshop on strengthening defences against Advanced Persistent Threats (APTs). The TTX will see participants work together to deal with a simulated scenario affecting multiple countries’ critical systems. The hands-on TTX provides an opportunity for participants to coordinate regional efforts in threat mitigation, remediation, recovery and takedown.

6              Given the rise in APT activity worldwide, a 1.5-hour workshop for strengthening defences against APTs by Hackthebox, titled “Upskilling Blue Teams: Defending Against APTs”, will be held to train participants to detect and respond to APT attacks. The workshop will give an overview of the APT cyber landscape and cybersecurity skillsets required for effective blue teams and provide case studies of recent incidents. The workshop will also include an interactive walkthrough on how to detect Tactics, Techniques and Procedures (TTPs), which are commonly used by APT actors to compromise a system.

^[1] Brunei, Cambodia, Indonesia, Laos, Malaysia, Myanmar, Philippines, Singapore, Thailand, Vietnam

^[2] Australia, China, India, Japan and Republic of Korea

About the Cyber Security Agency of Singapore

Established in 2015, the Cyber Security Agency of Singapore (CSA) seeks to keep Singapore’s cyberspace safe and secure to underpin our Nation Security, power a Digital Economy and protect our Digital Way of Life. It maintains an oversight of national cybersecurity functions and works with sector leads to protect Singapore’s Critical Information Infrastructure. CSA also engages with various stakeholders to heighten cyber security awareness, build a vibrant cybersecurity ecosystem supported by a robust workforce, pursue international partnerships, and drive regional cybersecurity capacity building programmes.

CSA is part of the Prime Minister’s Office and is managed by the Ministry of Digital Development and Information. For more news and information, please visit www.csa.gov.sg.