On Monday, another iteration of a regular drill among Southeast Asian states and their other Asian partners got underway in Vietnam. The drills, which are now in their 12th year, represent part of the subregion’s response to growing cyber challenges it has witnessed in recent years.
As I have noted before, there are a variety of bilateral and wider regional arrangements, mechanisms, and forums that Southeast Asians have in place to manage challenges in the cyber realm focused on areas like incident response, confidence-building, and cyber capacity-building. These range from the cybersecurity working group within the ASEAN Defense Ministers’ Meeting Plus to the new ASEAN Cyber Capacity Program introduced by Singapore last year (See: “Singapore Unveils New ASEAN Cyber Initiative”).
One of the examples of these mechanisms is the ASEAN Computer Emergency Response Team Incident Drill (ACID). The objective of ACID is to test and enhance incident response as well as broader cooperation and coordination among ASEAN CERTS as well as some of their key dialogue partners. Last year, ACID was focused on several areas including Ransomware and cyber forensics, in line with ongoing efforts to ensure that CERTS are up to date with current challenges in the cyber realm.
On September 11, another iteration of ACID kicked off in Vietnam involving the ten members of ASEAN as well as five dialogue partners – Australia, China, India, Japan, and South Korea. The focus of this iteration was on the dangers of insufficient authentication and poor access. During his remarks at the opening ceremony of ACID, Deputy Minister of Information and Communications Nguyen Thanh Hung said the focus would be on reinforcing coordination among actors as well as boosting skills in areas such as investigating incidents and analyzing malicious codes.
The ACID drill was held in Hanoi, Danang, and Ho Chi Minh City. Teams for the drill were divided by country. On the Vietnamese side, participants included not just Vietnamese government agencies, but also representatives from other entities like BKAV, Viettel, and VNPT Technology. The Vietnamese team was divided into a core team, charged with instructing participants in solving cases, and rehearsal teams that would conduct the investigation, analysis, and response.
As ACID got underway, Nguyen Khac Lich, the vice director of VNCERT – the agency that coordinates the cyber incident response and management – stressed the growing challenges that Vietnam faces in the cyber realm, as was made clear by the WannaCry ransomware attack in May 2017 that was one of the largest cyber attacks of its kind, with around 200,000 computers infected across 150 countries. VNCERT has reportedly detected millions of infected IP addresses and over 18,000 infected websites that spread malware on the Internet, including 88 state agency websites.