You are here
Cooperating to counter cyber threats
COUNTRIES and governments all around the world are busy dealing with the scourge of cyber threats. These threats are difficult to detect, increasingly sophisticated, and both transboundary and asymmetric in nature.
South-east Asia - a region of some 630 million people - is one of the major targets of cyber attackers and hackers, and understandably so. The digital economy in the 10-member Association of Southeast Asian Nations (ASEAN) bloc has the potential to add US$1 trillion to gross domestic product (GDP) over the next 10 years.
However, it is worrying that, as reported by consultancy firm AT Kearney in 2017, ASEAN countries collectively spent just US$1.9 billion (or 0.06 per cent of their GDP) on cyber security. This is less than half the global average of 0.13 per cent.
Among the biggest threats to ASEAN's digital economy are cyber terrorism, cyber fraud and identity theft.
"Cyber risks could impede trust and resilience in the digital economy and prevent the region from realising its full digital potential. ASEAN countries have already been used as launchpads for attacks, either as vulnerable hotbeds of unsecured infrastructure or as well-connected hubs to initiate attacks," said AT Kearney in a January 2018 paper titled "Cybersecurity in ASEAN: An urgent call to action".
Singapore's Deputy Prime Minister and Coordinating Minister for National Security Teo Chee Hean said it is no longer a question of if, but when, cyber attacks will strike.
"They are becoming more common all over the world as we digitalise our societies and economies," he said at the opening of the third Singapore International Cyber Week in September 2018.
"Cyber attacks are also causing more serious harm, by disrupting essential services, blocking access to critical information and even shutting down government agencies. The threat faced by all countries is real."
The AT Kearney report also noted that as the cyber threat landscape continues to become more complex, the top 1,000 ASEAN companies could lose as much as US$750 billion in market capitalisation. This figure is derived from the erosion in market capitalisation for corporations that have been victims of major data breaches.
In September, Communications and Information Minister S Iswaran, speaking at the ASEAN Ministerial Conference on Cyber-Security (AMCC), noted that cyber incidents do more than simply cause the loss of billions of dollars.
"They also have a debilitating impact on our inter-connected critical infrastructure, economic activity, regional connectivity; they erode public trust in governments and this is fundamental," said Mr Iswaran, who is also Minister-in-charge of Cyber Security. "Hence, our pursuit of ASEAN's digital ambition must be undergirded by our commitment to strengthen cyber security in the region," he added.
"One cannot function without the other. Cyber security cannot be viewed or addressed from a single perspective. It is a threat that cuts across many domains, and therefore it requires a multi-disciplinary response."
ASEAN will work towards a rules-based international framework on cyber security, said Mr Iswaran, adding that all 10 ASEAN Member States agreed that this approach will give the region confidence to better deal with cyber threats.
The AMCC also agreed to subscribe in-principle to 11 voluntary norms recommended in the 2015 Report of the United Nations Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security.
Even as Singapore has invested heavily to tighten its defences against the advances of hackers, the country has not been spared, having suffered the worst cyber attack in its history just earlier this year.
In July, it was revealed that Singhealth - the country's largest group of healthcare institutions that includes Singapore General Hospital and KK Women's and Children's Hospital - had its IT systems hacked by an advanced persistent threat group from abroad. This resulted in the non-medical personal data of 1.5 million patients, including those of Prime Minister Lee Hsien Loong, being illegally accessed and copied.
There is a sense of urgency for Singapore and the rest of South-east Asia to build a resilient and innovative digital community together, said Mr Teo. He outlined three areas that governments had to invest in - cyber defence, cyber innovation and cyber partnerships.
As part of the united effort against cyber attacks, ASEAN countries will work together more to strengthen the region's efforts against online threats through a new regional cyber security centre called the ASEAN-Singapore Cybersecurity Centre of Excellence.
The Cyber Security Agency (CSA) is currently accepting proposals from cyber security companies, until Dec 18.
The aim is to unearth solutions for five large organisations - Ascendas-Singbridge, PacificLight Power, Singapore LNG Corporation, Singapore Press Holdings and SMRT Corporation - that have communicated their needs to CSA, through an Industry Call for Innovation. This Call for Innovation consolidates the cyber needs of these organisations into "challenge statements", that will be match-made with suitable industry solution providers.
The hope is that this will catalyse the industry's development of cutting-edge, innovative cyber security solutions, and their adoption by end-users.
Concurrently, CSA and the United Nations Office for Disarmament Affairs (UNODA) will roll out a Singapore-UN Cyber Programme (UNSCP).
The UNSCP will develop and run an annual Norms Awareness Workshop and a Cyber Policy Scenario Planning Workshop.
Director-level representatives for key domains - such as the national incident response agency, the foreign ministry, and the national cyber policy coordination - from each AMS will be invited to participate. The goal is to support each ASEAN Member State's efforts in the coordinated development of their national cyber security policy, strategy and operational practice. "The fight to secure our cyber space is particularly challenging as it is asymmetric. It is easy for malicious actors to hide their identity, carry out their attacks across borders, and cause severe disruptions in essential services that disproportionately impact millions," said Mr Teo.
"This is why it is important for us to work together - countries, governments, businesses and citizens - to pool our resources and strengthen our collective defences against this common threat."