Strengthening ASEAN cyberspace with the computer emergency response team
- Josephine Teo, Singapore’s Minister for Communications and Information and Minister-in-charge of Smart Nation and Cybersecurity, provided an update on the next steps to establish the ASEAN Regional CERT
- The ASEAN Regional CERT is planned to be implemented in 2023–2024
In the wake of the uphill battle to secure widely used technologies against malicious cyber actors, the computer emergency response team (CERT) has a significant role in the prevention, detection, and response to an organization’s cybersecurity incidents.
The impact of cyberthreats on a global scale
The “bad hats” are continuously developing new tools, strategies, and procedures to target both recently discovered and existing vulnerabilities that are either poorly patched or unpatched at all, which in turn causes cyberattacks to increase in scope and severity.
“We were reminded of the serious, real-world implications of cyberattacks earlier this year when the Costa Rica government suffered a large-scale ransomware attack that disrupted multiple government services,” said Josephine Teo, Minister for Communications and Information and Minister-incharge of Smart Nation and Cybersecurity, at the ASEAN Conference on Cybersecurity.
Teo stated that this led to the declaration of a national emergency. Due to the inaccessibility of medical records, the general population was denied healthcare services. Trade flows ceased as the processing of cargo containers using pen and paper could not go quickly enough. Also, as government pay systems got frozen, livelihoods suffered.
Therefore, a strong global cybersecurity architecture is needed to solve these issues. In response to those cybersecurity challenges, Teo provided a quick update on this matter and the next steps in the establishment of the ASEAN Regional CERT at the conference.
Update on establishing the computer emergency response team
The establishment of an ASEAN Regional CERT was recommended as a key goal in the ASEAN ICT Masterplan 2020, which was unveiled at the 15th ASEAN Telecommunications and IT Ministers (TELMIN) meeting in November 2015. The ASEAN Cybersecurity Cooperation Strategy 2017-2020 further emphasized the necessity for robust regional coordination in CERT-CERT information sharing and exchange of best practices in the face of increasingly complex, transboundary cyberthreats. The creation of an ASEAN Regional CERT had been approved as one of the suggested deliverables in the strategy.
Following the agreement by the ASEAN Member States (AMS) to create an ASEAN Regional CERT, Singapore submitted the ASEAN Regional CERT Implementation Paper to the 2nd ASEAN Digital Ministers’ Meeting (ADGMIN) in January 2022 for approval, in conjunction with the ASEAN Secretariat and AMS.
Singapore will collaborate with the other AMS on the Operational Framework — which will establish the goal, scope, partners, functions, and procedure of the ASEAN Regional CERT, in order to move the implementation of the ASEAN Regional CERT ahead.
As decided at the 10th ASEAN Network Security Action Council in 2019 and detailed in the ASEAN CERT Implementation Paper, the ASEAN Regional CERT will perform eight tasks, including facilitating coordination and information sharing between AMS National-level CERTs, and establishing partnerships with businesses and academia.
By enabling stronger regional cybersecurity incident response coordination and Critical Information Infrastructure (CII) protection cooperation — including for cross-border CII like banking and finance, communications, aviation, and maritime — these functions will strengthen ASEAN’s overall cybersecurity posture and operational readiness in dealing with the rapidly evolving cyber landscape.
After the ASEAN Member States’ agreement on the operational framework this year and the financing model later, the ASEAN Regional CERT is planned to start operations in 2023–2024.
“Ultimately, we are all better served by having a strong global cybersecurity architecture that gives our people and businesses the confidence and trust to engage in the digital domain,” said Teo. “I hope that as one of the premier international cyber conferences, SICW will continue to be the platform where you meet friends and partners to share views on how to build and strengthen our global cybersecurity architecture together.”
READ MORE
- Data Strategies That Dictate Legacy Overhaul Methods for Established Banks
- Securing Data: A Guide to Navigating Australian Privacy Regulations
- Ethical Threads: Transforming Fashion with Trust and Transparency
- Top 5 Drivers Shaping IT Budgets This Financial Year
- Beyond Connectivity: How Wireless Site Surveys Enhance Tomorrow’s Business Network