This week, Singapore announced the setting up of a new cybersecurity body to boost the capabilities of Southeast Asian states in this realm. While the move is just the latest in a string of measures proposed by the city-state over the past few years, it nonetheless bears noting within the context of the significant challenges that the region faces in the cyber domain and Singapore’s leadership efforts in helping manage those in concert with regional partners.
As I have noted before in these pages, Singapore as a country and Southeast Asia as a region have been grapping with a growing cyber challenge as states try to balance the opportunities afforded by the digital economy – a significant driver of economic and technological progress – with the issues raised due to the increased sophistication of cyber threats in an increasingly networked world and their links to other challenges such as terrorism and fake news.
A string of cyberattacks has reinforced this point for Singapore in recent years. The latest attack, coming over the summer, targeted Singapore’s health system SingHealth, resulting in the accessing and copying of 1.5 million patients’ records and 160,000 outpatient dispensed medicine records, including those of Prime Minister Lee Hsien Loong.
Southeast Asian states have put in place a variety of national, bilateral, and regional arrangements, mechanisms, and forums over the past few years to manage challenges in the cyber realm. Singapore has been a leader in this effort, with the city-state not just focused on building up its own capabilities at home but also introducing more regional initiatives such as the ASEAN Cyber Capacity Program and the ASEAN Ministerial Conference on Cybersecurity (AMCC), now held on an annual basis.
That has continued on into 2018 as Singapore holds the annually rotating ASEAN chairmanship. Under Singapore’s chairmanship, with the tagline of “resilience and innovation,” areas in the cyber realm such as increasing capacity-building and shaping basic norms in cyberspace have been in focus, along with related issues such as e-commerce and the digital economy. And there have already been some notable developments, with a case in point being the adoption of an ASEAN Leaders’ Statement on Cybersecurity Cooperation reached at the 32nd ASEAN Summit.
On September 19, in another move in the capacity-building aspect of regional cyber collaboration, Singapore publicly announced the setting up of the so-called ASEAN-Singapore Cybersecurity Center of Excellence (ASCCE), a new body designed to help boost the cybersecurity capabilities of Southeast Asian states. ASCCE, which is an extension of ACCP, is meant to function as a multidisciplinary center for regional capacity-building, with a focus on three areas: conducting training and research; training national computer emergency response teams (CERTS); and promoting CERT-to-CERT open-source information sharing.
The setting up of ASCCE, which was announced in conjunction with the holding of the Third AMCC this week, comes as no surprise. It is the latest in a line of proposals that Singapore has put forth in the cyber realm, and in fact builds on several of them. It also embodies the comprehensive outlook that the city-state is trying to advance in the region with respect to cyber issues, which blends areas of focus such as capacity-building, norm development, and joint research and intelligence sharing.
The exact shape of the ASCCE, including its timeline as well as setup, will become clearer in the months that follow. S. Iswaran, Singapore’s minister for communications and information, said in his opening remarks at the Third AMCC that this would be launched sometime in 2019, and that it would include participation from outside actors as well including dialogue partners of ASEAN that have expressed interest such as Australia, the European Union, South Korea, and the United States.
As that picture becomes clearer, we will have a better sense of how this new body will fit alongside the existing regional institutions on cyber issues or with a cyber component, as well as how Southeast Asian states will be able to leverage the capacity, knowledge, and capital from partner countries and international organizations on issues such as funding and program development, organization, and execution. Those questions will tell us much more about the future evolution of the ASCCE and how it can help ASEAN navigate the opportunities and challenges in the cyber domain.