Southeast Asian nations have reiterated the need for multilateral collaboration to boost the region's cyberdefense, which now includes a physical CERT (Computer Emergency Response Team) site in Singapore.
The ASEAN Regional CERT was officially launched Wednesday during the 9th ASEAN Ministerial Conference on Cybersecurity, held alongside the Singapore International Cyber Week 2024. The ministerial conference gathers ministers of telecommunications and cybersecurity of the 10 Association of Southeast Asian Nations (ASEAN) member states, including Thailand, Indonesia, and the Philippines.
The new physical CERT will be funded by and hosted for up to 10 years in Singapore -- the current chair of the ASEAN Digital Ministers' Meeting. According to Singapore's Cyber Security Agency (CSA), the regional CERT's operational costs are expected to total $10.1 million over the decade.
Also: Can AI and automation properly manage the growing threats to the cybersecurity landscape?
A virtual ASEAN CERT was launched in October 2022, running as a platform for analysts and incident respondents from across member states.
Since then, Singapore has worked with ASEAN member states to establish the operational framework, which outlines the purpose and mechanism of the regional CERT. Among its objectives, the facility will further drive information sharing among ASEAN members on cyber threats and online scams.
The regional CERT operates on eight key functions, including developing and maintaining the region's point of contact network of cybersecurity experts and organizations and supporting member states' national CERT capacity building and exchange of best practices.
Also: 108 small nations band together to share AI lessons globally
It also serves as a dedicated space for in-person activities, such as cyber exercises and CERT-CERT cyber capacity-building programs, CSA said.
"The cyber threat landscape has continued to evolve, with ransomware attacks and other cybercriminal activities among the challenges that occupy the region's attention," said Minister for Digital Development Information Josephine Teo.
"New groups like RansomHub and Brain Cipher have burst onto the scene and quickly gained notoriety by engaging in 'big game hunting,' targeting and successfully breaching high-profile victims," said Teo, also Minister-in-charge of Smart Nation and Cybersecurity. "Government entities and services are prized targets because these groups stand to gain significant notoriety and payouts given the widespread public impact."
Also: AI is changing cybersecurity and businesses must wake up to the threat
She added that ASEAN faces such challenges as well, noting that the region's digital economy is projected to grow from $300 million to $1 trillion by 2030. It also has a collective population of almost 700 million, comprising a significant proportion of young, educated, online-savvy individuals and a growing middle class, she said.
Also, fast adopters of the latest technologies, ASEAN member states have to manage a greatly expanded attack surface area. "I am confident that if we stand together, we will be able to strengthen our cyber defenses and safeguard our digital future," Teo said.
In this aspect, the group has formally supported the ASEAN Norms Implementation Checklist, which she touted as the first of its kind.
Also: Cybersecurity professionals are turning to AI as more lose control of detection tools
"[This] builds upon wider UN (United Nations) efforts to implement voluntary non-binding norms of responsible State behavior in the use of ICTs," Teo said. "It identifies practical steps that relevant government agencies can consider when implementing the norm and corresponding capacity-building activities that can be adapted to meet the norm."
CSA and the UN Office for Disarmament Affairs launched the Norms Implementation Checklist initiative; following ASEAN's pledge to subscribe in principle to the 11 norms of responsible State behavior in cyberspace. These are from the 2015 consensus report of the UN Group of Governmental Experts.
Action actionable items for each norm are outlined across five pillars: policy, operation, technical, legal, and diplomacy.
Also: AI arm of Sony Research to help develop large language model with AI Singapore
No nation can tackle cybersecurity challenges in silos, said Teo. Cyber threats [are] borderless, [and] international cooperation is essential in [the] efforts to build a trusted cyberspace, she said. "Cyber diplomacy is essential, especially during such fraught times," she added.
During his address at the conference, Malaysia's Minister of Digital Gobind Singh Deo also underscored the importance of building trust not just in the devices users hold, but also within the ecosystem that encompasses platforms, apps, and services.
"Whenever you send a message on WhatsApp, order a Grab ride, or add to your cart on Shopee, you trust an intricate web of technology, expecting it to work seamlessly and securely, protecting you from risks at every step," Gobind said.
Also: OpenAI sees new Singapore office supporting its fast growth in the region
"The recent Crowdstrike outage is a textbook example of how this trust is easily lost. A single piece of code brought down networks of hospitals, banks, and airlines worldwide -- and this was caused by a non-malicious actor. Now imagine what malicious threat actors can do with an expanding attack surface, as the world's digital footprint grows," he said.
To build a trustworthy digital world, he urged the need to boost standards that make devices and apps safer. Valid digital certificates, for instance, ensure the security and trustworthiness of digital interactions, he said.
Potential risks from artificial intelligence (AI) and generative AI (gen AI) also need to be addressed.
Also: Microsoft wants to arm 2.5 million people in ASEAN with AI skills
Gobind noted that, in November, Malaysia will launch its National AI Office, which will develop the necessary safeguards and framework to drive the adoption of sustainable and ethical AI practices.
"This legislation and regulations form the bedrock of digital trust in Malaysia, but data protection and security are not ends in themselves," he said, adding that data should be secured to drive its use.
To facilitate this, his ministry will introduce a Data Sharing Bill to create a regulatory framework for sharing public sector data, he revealed.
Also: Non-cash transactions to hit 1.6T, with Asia leading adoption
The Malaysian government plans to further bridge together the various efforts under a new entity called the Digital Trust and Safety Commission, tasked with governing digital trust, security, and data governance in the country.
With Malaysia also taking over as ASEAN chair next year, Gobind echoed the region's "common purpose" to build a trusted digital ecosystem that benefits all member states.