Strengthening ASEAN cyberspace with the computer emergency response team
- Josephine Teo, Singapore’s Minister for Communications and Information and Minister-in-charge of Smart Nation and Cybersecurity, provided an update on the next steps to establish the ASEAN Regional CERT
- The ASEAN Regional CERT is planned to be implemented in 2023–2024
In the wake of the uphill battle to secure widely used technologies against malicious cyber actors, the computer emergency response team (CERT) has a significant role in the prevention, detection, and response to an organization’s cybersecurity incidents.
The impact of cyberthreats on a global scale
The “bad hats” are continuously developing new tools, strategies, and procedures to target both recently discovered and existing vulnerabilities that are either poorly patched or unpatched at all, which in turn causes cyberattacks to increase in scope and severity.
“We were reminded of the serious, real-world implications of cyberattacks earlier this year when the Costa Rica government suffered a large-scale ransomware attack that disrupted multiple government services,” said Josephine Teo, Minister for Communications and Information and Minister-incharge of Smart Nation and Cybersecurity, at the ASEAN Conference on Cybersecurity.
Teo stated that this led to the declaration of a national emergency. Due to the inaccessibility of medical records, the general population was denied healthcare services. Trade flows ceased as the processing of cargo containers using pen and paper could not go quickly enough. Also, as government pay systems got frozen, livelihoods suffered.
Therefore, a strong global cybersecurity architecture is needed to solve these issues. In response to those cybersecurity challenges, Teo provided a quick update on this matter and the next steps in the establishment of the ASEAN Regional CERT at the conference.
Update on establishing the computer emergency response team
The establishment of an ASEAN Regional CERT was recommended as a key goal in the ASEAN ICT Masterplan 2020, which was unveiled at the 15th ASEAN Telecommunications and IT Ministers (TELMIN) meeting in November 2015. The ASEAN Cybersecurity Cooperation Strategy 2017-2020 further emphasized the necessity for robust regional coordination in CERT-CERT information sharing and exchange of best practices in the face of increasingly complex, transboundary cyberthreats. The creation of an ASEAN Regional CERT had been approved as one of the suggested deliverables in the strategy.
Following the agreement by the ASEAN Member States (AMS) to create an ASEAN Regional CERT, Singapore submitted the ASEAN Regional CERT Implementation Paper to the 2nd ASEAN Digital Ministers’ Meeting (ADGMIN) in January 2022 for approval, in conjunction with the ASEAN Secretariat and AMS.
Singapore will collaborate with the other AMS on the Operational Framework — which will establish the goal, scope, partners, functions, and procedure of the ASEAN Regional CERT, in order to move the implementation of the ASEAN Regional CERT ahead.
As decided at the 10th ASEAN Network Security Action Council in 2019 and detailed in the ASEAN CERT Implementation Paper, the ASEAN Regional CERT will perform eight tasks, including facilitating coordination and information sharing between AMS National-level CERTs, and establishing partnerships with businesses and academia.
By enabling stronger regional cybersecurity incident response coordination and Critical Information Infrastructure (CII) protection cooperation — including for cross-border CII like banking and finance, communications, aviation, and maritime — these functions will strengthen ASEAN’s overall cybersecurity posture and operational readiness in dealing with the rapidly evolving cyber landscape.
After the ASEAN Member States’ agreement on the operational framework this year and the financing model later, the ASEAN Regional CERT is planned to start operations in 2023–2024.
“Ultimately, we are all better served by having a strong global cybersecurity architecture that gives our people and businesses the confidence and trust to engage in the digital domain,” said Teo. “I hope that as one of the premier international cyber conferences, SICW will continue to be the platform where you meet friends and partners to share views on how to build and strengthen our global cybersecurity architecture together.”
- Semiconductor: Chip nationalism is a ‘blessing,’ SEMI CEO says
- Red Hat’s revolution: Speeding generative AI adoption in hybrid clouds
- How 5G can enhance agriculture and fisheries in Southeast Asia
- Navigating the intersection of sustainability and technology in Singapore
- Why the US should be concerned about China’s quantum developments