11 Oct 2016
OPENING SPEECH BY DR YAACOB IBRAHIM, MINISTER FOR COMMUNICATIONS AND INFORMATION, MINISTER-IN-CHARGE OF CYBER SECURITY, AT THE ASEAN MINISTERIAL CONFERENCE ON CYBERSECURITY ON 11 OCT 2016, 9.00AM, SHANGRI-LA HOTEL
Secretary General of ASEAN, Mr Le Luong Minh
A very warm welcome to Singapore and the ASEAN Ministerial Conference on Cybersecurity. I would like to express my sincere appreciation for your support of this inaugural event. It is important that ASEAN starts this crucial conversation on cyber issues, so that we can, together, achieve a trusted and resilient cyberspace that can benefit all our countries and all our peoples.
2 Yesterday, Singapore launched our National Cybersecurity Strategy. The Strategy underscores Singapore’s commitment to building a trusted and resilient cyber environment, and like many participants amongst us, we recognise that strong international partnerships are a crucial part of this vision.
3 Countries today face a full spectrum of cyber threats – cybercrime, attacks, espionage and other malicious activities. We in ASEAN have not been immune to this. A joint Singtel-FireEye study found that Southeast Asian governments are more likely to be the target of a cyber attack than other organisations in the region, and advanced persistent threats (APT) remain one of our biggest threats. Attack targets could range from financial to data theft, reputational damage, and also disruption to our critical information infrastructure. These could harm our economies and societies. Furthermore, as our countries become more inter-connected, the impact of a cyber attack in one country may well spill over to another.
4 I think that all of us here are acutely aware of today’s landscape, and have taken steps to counter cyber threats. For Singapore, the Cyber Security Agency, or CSA, was also formed just a year and a half ago, to specifically address the cybersecurity threat, and to coordinate our efforts across government and among the various other stakeholders.
5 Our group is diverse, even in the way we organise our ministries and agencies overseeing cybersecurity. Many of us have met at other platforms, such as TELMIN and TELSOM, and I am heartened that all of us are gathered here today as ASEAN Member States looking to further our efforts against the global cybersecurity threat. I believe that this demonstrates our collective commitment to enhancing regional cooperation for cybersecurity, and I am glad to hear that our Indonesian and Malaysian counterparts spoke on this at yesterday’s keynote addresses as well. I would like to take this opportunity to share Singapore’s proposals for three areas that we can work on as, and for, ASEAN.
Fostering ASEAN cyber capacity building
6 First, to promote ASEAN cybersecurity capacity building. Singapore recognises that ASEAN Member States and Dialogue Partners have already been working closely on many initiatives dealing with incident response, confidence building, and technical cyber capacity building. For example, the ASEAN Regional Forum has been a useful dialogue platform on confidence building measures. The United States and Singapore also recently conducted a cybersecurity capacity building workshop for ASEAN countries in August this year. Some 30 participants got to hear about topics such as the development of cybersecurity strategies, incident management frameworks, and public outreach. For the annual ASEAN CERT Incident Drill, or ACID, we have just completed our 11th edition two weeks ago in Singapore. The drill helps CERTs across ASEAN Member States to test and refine their cooperation and incident handling procedures. This year’s focus was on Ransomware and cyber forensics, ensuring that our CERTs remain up-to-date and well-prepared to respond to the current threats.
7 All these are important contributions demonstrating our strong foundation of cooperation in ASEAN. To complement these efforts, Singapore is pleased to launch a S$10 million ASEAN Cyber Capacity Programme (ACCP).
8 The objective of this ACCP is to help fund various efforts to deepen cyber capacities across ASEAN Member States. The money will pay for resources, expertise and training, so that we will be equipped to drive and take ownership of the cybersecurity agenda in our respective countries. More specifically, the programme will provide the resources to broaden the scope of capacity building activities and better hone technical skills and incident response. It will also support discussion and consultancy work in areas such as the formation of national cybersecurity agencies, formulating cybersecurity strategies, and even legislation. The flexibility of the ACCP funding allows us to channel efforts to where they are most needed and can be most effective.
Securing a safer common cyberspace
9 Secondly, I would like to touch on some ways in which we could create a safer and trusted cyber environment. Cyberspace is borderless and connects ASEAN beyond our geographical proximity as a region. In fact, the malicious actors deliberately target the gaps between our borders and jurisdictions to exploit and target us. We need to work together, beyond our borders, to effectively secure this common space.
10 International law enforcement is one area where close cooperation is needed. Singapore is honoured to host the INTERPOL Global Complex for Innovation (IGCI). As INTERPOL’s global headquarters to combat cybercrime, the IGCI had coordinated several successful joint operations since its inauguration last year. Through the IGCI, INTERPOL gains a better understanding of Asian perspectives and expertise. This shapes its R&D and operational responses against transnational threats. While the IGCI has made a promising start, countries have to actively support the IGCI for its continued success and effectiveness. We can support the IGCI by, for example, seconding more ASEAN law enforcement officers to the IGCI. By partnering INTERPOL, we can conduct more joint operations against cybercriminals and enhance the collective safety and security in ASEAN.
11 Companies too have been stepping up in the fight against cybercrime. For example, Microsoft has just launched its Transparency Centre and Cybersecurity Centre in Singapore last week, as an expansion to its existing Cybercrime Satellite Centre. This combined Centre serves as Microsoft’s Asia-Pacific nerve point, bringing together Microsoft’s expertise with strong partnerships, to facilitate information sharing, generate awareness, and contribute to a safer cyberspace.
12 Securing our cyberspace also requires us to have a better situational awareness of our overall cyber environment. This is key to improving our collective cyber hygiene, as we can better direct our prevention and remediation efforts when we know where we are vulnerable and where there may be suspicious cyber activities.
13 CyberGreen is one global initiative that will aid us in securing our common cyberspace. The CyberGreen project aims to give countries awareness of the state of cyber health and potential vulnerabilities within our borders. With this situational awareness, countries can then take preventive action to deal with potential cyber risks and vulnerabilities. The better a country’s cyber health, the “greener” it will be. Over time, CyberGreen will develop robust cyber health metrics. These will allow practitioners and policy-makers like ourselves to assess how our countries, and ASEAN as a whole, are progressing on the cybersecurity front. Cyber incident responders can also better identify and remediate different classes of threats, based on actionable threat information provided by CyberGreen.
14 Singapore is excited to be a sponsor of this global initiative. We have signed on to CyberGreen, as we recognise that ASEAN Member States including ourselves can benefit from CyberGreen. As a start, because of our sponsorship, all ASEAN Member States will be able to access CyberGreen through Singapore for free, and get a first cut report on the state of their own country’s cyber health status. I would like to invite fellow ASEAN Member States to come on board, and join Singapore in CyberGreen. Through this platform, our countries can work together to improve our cyber situational awareness, sharpen incident response, and therefore secure ASEAN’s common cyberspace.
Facilitating exchanges on cyber norms
15 Finally, it is timely for ASEAN to start our dialogue on cyber norms. Global discussions on cyber norms have kicked off in the last decade, catalysed by platforms such as the United Nations Group of Governmental Experts, or UNGGE. The UNGGE is not unfamiliar to some of us. Malaysia was in the 2014-2015 UNGGE, and Indonesia is in the current Group. These conversations contribute to international peace and stability in cyberspace, and foster an environment of trust.
16 Singapore notes that the 2015 report of the UNGGE made important recommendations on voluntary norms for States. Singapore is similarly supportive of having basic rules for behaviour in cyberspace. Such a set of regional cyber norms would ensure the safety and security of regional and international cyberspace, and in extension, contribute to the stability and economic progress of the ASEAN community.
17 While staying plugged in to the global conversations, we should also make sure that norms and behaviours are kept relevant and applicable to our unique ASEAN context and cultures. Singapore will be pleased to work with fellow Member States and Dialogue Partners to develop our own regional understanding of cyber norms, and arrive at an ASEAN position. This ASEAN perspective can be our joint contribution to global conversations. We hope to commence these discussions later today when we meet together for dialogue.
18 Cyber capacity building, cyberspace awareness, and cyber norms. These are Singapore’s three suggestions to ASEAN for enhancing cybersecurity cooperation. Singapore is committed to these ideas, and we are backing our words with resources and investment. We have an opportunity to discuss some of these ideas today, and to further the coordination of our cybersecurity efforts. With consensus, agreement, and cooperation, we can make cyberspace a safer and secure place for all.
19 In closing, thank you once again for your support of the Singapore International Cyber Week. I look forward to the meaningful discussions at today’s conference, and hope you find your week in Singapore a fruitful one.
Factsheet on ACCP
Factsheet on CyberGreen