The world’s first integrated cyber defence, cyber security, and emerging technology event, CYDES 2023, took place at the Malaysia International Trade and Exhibition Centre (MITEC) in Kuala Lumpur, Malaysia, highlighting the importance of addressing cyber-threat challenges and fostering collaboration within the ASEAN region.

Cybersecurity leaders across Asia concur that collaboration and breaking down silos among organisations and sectors are essential for success in tackling the complex and ever-evolving challenges of cybersecurity, ensuring the preservation of digital infrastructure.

David Koh, Commissioner of Cybersecurity and Chief Executive of the Cyber Security Agency (CSA) of Singapore, emphasised the importance of collaboration among different agencies to effectively address cybersecurity challenges, “Cyber is a team sport. We can’t do this by ourselves.”

For example, the Cyber Security Agency of Singapore works closely with the Ministry of Home Affairs, the Ministry of Defence, and the Ministry of Communications and Information to share critical information and coordinate responses to cyber threats.

However, to effectively combat cyber threats, government agencies require the cooperation and active involvement of businesses, academia, and civil society as valuable partners in the collective effort to strengthen cybersecurity measures.

According to David, in the rapidly evolving cyberspace landscape, private companies possess valuable intelligence, operational capabilities, and technical know-how that complement government efforts, making partnering with the private sector essential for robust cybersecurity measures.

This collaborative approach fosters a comprehensive and unified response, leveraging diverse expertise and resources to safeguard digital infrastructures and protect against evolving cyber threats.

“Governments must therefore collaborate with the private sector to enhance their cybersecurity posture,” David believes. “Public-Private Partnerships (PPPs) play a crucial role in fostering information sharing, promoting collaborative research and development, and driving innovation in cybersecurity, enabling governments and private companies to jointly address the ever-growing challenges of the digital era.”

The successful partnership between the Singaporean government and a private technology corporation during the response to the SolarWinds attack exemplifies how PPPs can leverage private sector expertise to obtain critical technical information and develop actionable indicators of compromise, enhancing the collective cybersecurity defence capabilities.

This is merely one instance in which PPPs can assist the public sector in enhancing its cybersecurity posture. Governments and companies can make the digital world safer for everyone by working together and safeguarding individuals, businesses and critical infrastructures in the digital frontier.

David highlighted the importance of adopting a new perspective, urging governments to share information with private businesses and embrace innovative ideas. This shift is challenging yet essential for effective cybersecurity in the digital world. By adjusting their approach and collaborating with private companies, governments can contribute to a safer digital environment for all.

Indeed, Public-Private Partnerships (PPPs) play a crucial role in cybersecurity, as they bridge the gap between the public and private sectors. By sharing information, expertise, and resources, these partnerships enhance the collective ability to detect, prevent, and respond to cyber threats effectively.

Moreover, PPPs facilitate the development of new technologies and innovative solutions, fostering a collaborative environment for tackling evolving cybersecurity challenges. Ultimately, such collaborations improve the coordination of cybersecurity efforts, leading to a more robust and secure global digital landscape and the world (digital and physical) a safer place for everyone.

Shamsul Bahri Hj Kamis, Interim Commissioner of Cyber Security Brunei (CSB), highlighted the need to examine current systems to harmonise cybersecurity in ASEAN. In 2017, ASEAN member states developed the ASEAN Cybersecurity Cooperation Strategy, outlining directions, objectives, and action plans to strengthen cybersecurity in the region.

The policy aims to tackle communication challenges arising from the multitude of sectoral groups within ASEAN working on cybersecurity. This is particularly challenging due to ASEAN’s consensus-based decision-making process, which can sometimes hinder progress.

However, various measures to address cybersecurity in ASEAN are already underway. The ASEAN Computer Emergency Response Team (CERT), which coordinates the response to cybersecurity incidents, and the ASEAN Cybersecurity Capacity Programme, which provides training and assistance to ASEAN member states in developing their cybersecurity capabilities, are two examples.

“To move forward, ASEAN must devise a strategy for more effectively sharing information and collaborating on addressing the most severe cyber threats,” Shamsul elaborates. “This will necessitate tight collaboration among governments, corporations and civil society.”

Shamsul believes that collaboration within ASEAN can create a secure and resilient digital environment for people and businesses. He stressed the need for shared awareness of the region’s risks and challenges, as well as a clear division of responsibilities among the various sectoral bodies.

Strengthening information sharing within ASEAN and with other nations, along with a focus on capacity building in member states, is essential as cybersecurity should be embraced as a shared responsibility by all stakeholders.

“By resolving these issues, ASEAN can make substantial strides towards regional cybersecurity harmonisation,” Shamsul is convinced.

Shariffah Rashidah Syed Othman, Acting Chief Executive of the National Cyber Security Agency of Malaysia (NACSA), agrees that cybersecurity is increasingly becoming a critical concern for governments and businesses globally, particularly in the ASEAN region, where the rapidly growing digital economy necessitates strong cybersecurity measures.

According to Shariffah, the cross-border nature of cyber threats is one of ASEAN’s greatest cybersecurity challenges. Cybercriminals can simply target victims in one country while operating from another. As a result, governments find it difficult to confront cyber threats on their own.

“By combining the resources and experience of governments and businesses, public-private partnerships can assist in addressing this challenge. Governments can provide regulatory and financial support, while businesses can share knowledge about cyber dangers and best practices,” Shariffah says.

Partnerships between the public and private sectors play a vital role in addressing the barrier of a lack of understanding of cyber risks in the ASEAN region. By collaborating, they can raise awareness of internet threats, educate businesses, and individuals on cybersecurity best practices, and collectively work towards creating a safer digital environment for all.

“ASEAN leaders must recognise that cybersecurity is a shared responsibility. Governments, businesses, and individuals must all work together to secure the region from cyber dangers,” Shariffah stressed.

The comprehensive strategy for enhancing cybersecurity in the region must encompass strengthened government cooperation, information sharing on cyber dangers, increased cyber risk awareness, improved critical infrastructure security, and robust protection of personal data. By addressing these crucial aspects collectively, ASEAN can build a more resilient and secure digital ecosystem for its residents and businesses.

Shariffah outlines several key advantages of public-private partnerships in cybersecurity, such as bridging the divide between technical and non-technical skills, fostering trust and collaboration between governments and enterprises, and facilitating the effective implementation of cybersecurity measures.

By leveraging these partnerships, ASEAN can enhance its cybersecurity capabilities, as governments and companies work together to create a safer and more secure digital environment for everyone in the region.

Shariffah advocates practising “cyber hygiene,” urging individuals to be vigilant about online risks and take proactive measures to protect themselves. This includes using strong passwords, regularly updating software, and exercising caution when sharing personal information on the internet. By promoting cyber hygiene, individuals can play an active role in safeguarding their digital security and contributing to a safer online environment for all.

She also stressed the importance of empathy in cybersecurity, highlighting the need to understand diverse perspectives and communicate in a language that is accessible to all. Recognising the different viewpoints held by individuals is crucial in addressing cybersecurity challenges effectively and fostering a collaborative and inclusive approach to cybersecurity initiatives.

“Cybersecurity is more than just a technical problem – it is a societal issue. Thus everyone needs to be included in the discussion. We can all live in a safer digital environment if we all work together,” Shariffah is convinced.

Indeed, understanding that cybersecurity is not solely a tech challenge but also a community one underscores the importance of involving all stakeholders. By acknowledging the broader societal implications of cybersecurity, public-private partnerships can effectively address challenges and implement comprehensive solutions that safeguard everyone in the digital landscape.

Cybersecurity for SMEs: A Workable Model

David Koh, Commissioner of Cybersecurity and Chief Executive of the Cyber Security Agency (CSA), knows the universal importance of cybersecurity for all organisations but understands there are challenges faced by small and medium-sized firms (SMEs). Due to limited resources and experience, SMEs may find it more difficult to implement effective cybersecurity measures.

The Cyber Security Agency (CSA) in Singapore has created a variety of programmes to assist SMEs in strengthening their cybersecurity posture. The Cyber Essentials mark, which offers a set of fundamental cybersecurity measures that all firms should follow, is one of these initiatives.

The Cyber Essentials mark four important areas including:

• Asset management: Includes cybersecurity awareness for its employees, and classifying and identifying each asset in your company, including its hardware, software, and data.
• Secure and Protect: This entails limiting who has access to and what they can do with the resources of your company.
• Update, backup, and Respond.

“SMEs can begin by adopting Cyber Essentials as a foundational step to strengthen their cybersecurity posture,” David advises. “However, these are just initial restrictions, and SMEs may need to implement additional measures based on their specific requirements and threats.”

If SMEs want to strengthen their cybersecurity posture, they should start with the Cyber Essentials,” David says. It’s crucial to keep in mind that these are merely fundamental, basic restrictions. Depending on their particular requirements and dangers, SMEs may need to implement additional steps, adding that CSA would be happy to share its framework with regional partners like Malaysia and Brunei.

Alongside the Cyber Essentials mark, the Cyber Security Agency (CSA) offers a range of tools to support SMEs in enhancing their cybersecurity. These resources encompass a cybersecurity training programme tailored for SMEs, a dedicated cybersecurity helpline, and a list of certified cybersecurity consultants who can guide SMEs in implementing the Cyber Essentials effectively.

By leveraging the CSA tools, SMEs can significantly bolster their cybersecurity defences and safeguard their businesses against online threats, ensuring the security and protection of their valuable assets and sensitive information.

In addition to CSA’s initiatives, SMEs can bolster their cybersecurity posture through various measures, including ensuring regular software updates, which often include vital security patches to safeguard against known vulnerabilities. Individuals can enhance their cybersecurity by using strong passwords and password management software, while organisations can educate their staff about cybersecurity threats.

Moreover, having a well-defined response plan for cyber incidents is essential for effective cybersecurity management.

“By adopting these measures, SMEs can protect themselves from cyber threats and maintain the security of their businesses,” David concluded.

Shamsul spoke about the Cyber Consortium, a regional programme established in 2021, aimed at bolstering the cybersecurity posture of Southeast Asian SMEs. Comprising academic institutions, IT partners, cybersecurity experts, companies, students, and government regulatory agencies, this collaboration focuses on enhancing cybersecurity resilience in the region.

The Cyber Consortium offers a comprehensive array of services to SMEs, including cybersecurity assessments, training and education, technical support for implementing security measures, and networking opportunities with other SMEs and cybersecurity experts, all aimed at strengthening their cybersecurity defences.

“It is a useful tool for SMEs trying to strengthen their cybersecurity posture. SMEs can get the assistance they need to safeguard their companies against cyber dangers by joining the consortium,” Shamsul believes.

Shariffa acknowledges the dynamic nature of the cybersecurity landscape, with evolving technologies and adaptable cyber threats posing challenges for enterprises and individuals to stay updated with the latest security measures.

“Malaysia’s government has made several efforts to assist businesses in improving their cybersecurity posture,” she reveals. “Funding a programme to assess SMEs’ cybersecurity; collaborating with the local sector to deliver managed security services to SMEs; and collaborating with telcos to impose basic cybersecurity hygiene on their services are all part of this.”

While the mentioned actions are valuable, there are further steps that businesses and individuals can take to bolster their protection against cyber threats. Staying vigilant and informed about the latest cybersecurity risks is crucial, involving keeping abreast of security news, reading security blogs, and participating in security conferences to stay well-prepared.

Adopting a layered security strategy is essential for businesses, involving the implementation of multiple security measures such as firewalls, antivirus software, and intrusion detection systems to provide comprehensive protection.

For individuals, safeguarding against cyber dangers includes using strong and unique passwords, being cautious while sharing personal information online, and remaining vigilant about potential phishing scams to ensure greater online safety.

Education plays a crucial role in strengthening cybersecurity. Businesses should invest in training their staff to recognise and respond to cybersecurity threats effectively. Additionally, having a well-defined incident response plan ensures a swift and organised reaction to cyber incidents, minimising potential damage.

Regularly testing security systems and conducting vulnerability assessments are essential practices to identify and address potential weaknesses in the network. Keeping software up to date with the latest patches and security updates is a fundamental measure to protect against known vulnerabilities and potential exploits.

“The cybersecurity landscape is continuously evolving, but by taking precautions, organisations and individuals may help keep themselves safe from cyber threats,” Shariffa ends. “Combining various efforts can significantly enhance the cybersecurity posture for both businesses and individuals.”

Trust Building in ASEAN Cybersecurity

David believes that focusing on shared goals is a powerful strategy to build trust and foster collaboration among diverse parties in the realm of cybersecurity. Establishing common objectives, such as protecting critical infrastructure from cyber threats, enables everyone involved to unite their efforts towards a collective purpose, leading to more effective and coordinated cybersecurity measures.

“By aligning interests and recognising mutual benefits, stakeholders can work together in harmony to strengthen cybersecurity and safeguard digital environments,” he says.

Sharing information is indeed a crucial approach to building trust and enhancing cybersecurity efforts among different organisations. While it may be challenging to exchange sensitive data, the benefits of sharing outweigh the risks. Timely and accurate information sharing enables organisations to recognise and respond to cyber threats more swiftly and effectively.

“Cybersecurity is a complex challenge, but we can conquer it if we all work together,” David says. “Organisations can construct a more secure and robust digital infrastructure by breaking down silos across organisations and industries and sharing information.”

David stressed the importance of teamwork in cybersecurity, akin to an international team sport requiring countries to cooperate and work together. Global collaboration with partners worldwide was highlighted, as well as, investing in education and training to raise awareness of cybersecurity risks, and developing new technologies to enhance defence against cyber threats.

“We can make the digital world a safer place for everyone if we all work together,” David is confident.

Shamsul appreciates the necessity of trust for effective cybersecurity collaboration, noting that countries lacking trust are less likely to exchange information or cooperate in responding to cyber threats.

Several initiatives are currently underway in ASEAN to strengthen trust and collaboration among member states. Some of these efforts include:

• The ASEAN Cybersecurity Capacity Building Centres in Thailand and Singapore
• The ASEAN Partners Search Information Sharing (APSIS) initiative
• The ASEAN Cybersecurity Cooperation Strategy, which calls for the establishment of an ASEAN Computer Emergency Response Team (CERT)

“These activities are assisting in the development of trust among ASEAN member states as well as the improvement of the region’s cybersecurity posture,” Shamsul explains. “However, more work remains to be done.”

Establishing a shared understanding of cybersecurity threats and risks presents a key challenge for effective collaboration among ASEAN member states. Different countries may have varying levels of awareness and perception of cyber dangers, making it crucial to bridge the knowledge gap and foster common ground for tackling cybersecurity issues.

Furthermore, ensuring the safe and secure sharing of information is paramount to building trust and promoting collaboration in cybersecurity efforts. Governments and organisations need robust and reliable mechanisms to exchange critical data and threat intelligence without compromising sensitive information or exposing vulnerabilities.

Despite the challenges faced in establishing shared understanding and secure information sharing, the progress made in enhancing cybersecurity collaboration among ASEAN member nations is encouraging. By continuing to work together and build trust, these countries have the potential to create a more secure and resilient digital future for the region.

Shamsul underscored the importance of a “tangible platform” for knowledge sharing, highlighting its role in fostering trust among ASEAN member states and ensuring the secure and confidential exchange of information. Having a reliable and accessible platform can serve as a foundation for effective collaboration, enabling countries to share valuable insights, best practices, and threat intelligence in real-time.

The National Trust Framework serves as a valuable resource for ASEAN countries seeking to enhance their cybersecurity posture, offering a comprehensive set of recommendations to safeguard critical infrastructure, personal data, and sensitive information.

By exploring this framework, ASEAN countries can save time and costs while building a strong cybersecurity architecture, avoiding the need to reinvent the wheel as the framework provides a solid foundation for their efforts.

“ASEAN countries, I believe, may collaborate to localise and harmonise the National Trust Framework,” said Shamsul. “It would enhance the regional cybersecurity architecture and would improve effectiveness and readiness of ASEAN countries against cyber threats.”

According to Shariffa, building effective human firewalls requires confidence in the commitment of individuals and organisations to cybersecurity, which involves open and willing information sharing about security procedures, ultimately fostering trust and creating a safer and more robust digital ecosystem for countries.

ASEAN countries are dedicated to enhancing regional cybersecurity through collaboration, acknowledging their diverse capacities and competencies. They are working on a flexible framework to facilitate cooperation at individual countries’ respective paces.

As a result, ASEAN cybersecurity mechanisms were established to:

• be a valuable resource for ASEAN countries. It will provide them with access to information and expertise that they may not have otherwise had.
• help to improve coordination between ASEAN countries. This will make it easier for them to share information and respond to cyber threats.
• assist in raising awareness of cybersecurity risks in the region to protect individuals and businesses from cyber-attacks.

Shariffa emphasised that the implementation of the mechanism will involve designating a unit within each ASEAN country. This agency will be responsible for collaborating with other ASEAN nations, sharing information on cyber threats and incidents, and providing technical support to other countries.

The creation of this mechanism represents a significant advancement in ASEAN’s efforts to improve cybersecurity. ASEAN countries can better protect themselves from cyber-attacks and build a more secure digital environment for all by working together.

“The creation of the ASEAN cybersecurity mechanism is a great step forward. It demonstrates the region’s dedication to enhancing cybersecurity,” Shariffa ends.

ASEAN’s Commitment to Improve Cybersecurity

David explained that ASEAN’s ministers have approved a plan to establish a regional Computer Emergency Response Team (CERT) for the region. The ASEAN CERT will serve as a platform for knowledge sharing and skill-building within the region, complementing the existing national CERTs and working collaboratively to enhance cybersecurity across ASEAN.

The ASEAN CERT will strengthen sharing information about cyber threats and incidents; coordinating CERT capacity building programmes in the region; coming up with and supporting best practices for cybersecurity; and educating people about cybersecurity risks and making them more aware of them.

“The ASEAN CERT is a move in the right direction for the region’s attempts to improve cybersecurity,” said David. “By working together, ASEAN countries can protect themselves better from online threats and make the internet safer for everyone.”

The ASEAN CERT will be a valuable resource for member countries, providing access to knowledge and information that may not have been readily available before. By fostering better collaboration and information sharing among the nations, the ASEAN CERT will enhance their collective ability to address cyber threats effectively and strengthen their cybersecurity posture as a united front.

By providing valuable insights into hacking risks, ASEAN CERT will empower individuals and businesses to better protect themselves from cyber-attacks, contributing to a safer digital environment for all. This initiative showcases the region’s commitment to improving cybersecurity and fostering a collective effort to address cyber threats effectively.

Shamsul shares that the ASEAN CERT will collaborate with both foreign and regional groups to advance ASEAN’s cybersecurity objectives and interests. Currently, there is no official platform for CERTs to communicate with one another, making it vital for ASEAN CERTs to foster collaboration, share knowledge, and exchange best practices.

“This collective effort will strengthen the region’s ability to address cyber threats effectively and establish a more secure digital landscape for all ASEAN member states,” he is confident.

The ASEAN CERT will establish partnerships with businesses and higher education institutions, appreciating the valuable information and expertise they possess to enhance cybersecurity. Collaborating with these sectors ensures access to the latest knowledge and skills, enabling ASEAN CERTs to effectively address emerging cyber threats and trends.

By fostering these alliances, the ASEAN CERT can stay at the forefront of cybersecurity advancements, making the region more resilient and better equipped to safeguard its digital landscape.

Shamsul concurs that the establishment of the ASEAN CERT marks a significant advancement in ASEAN’s efforts to enhance cybersecurity. Through collaboration with international and regional organisations, as well as industry and education sectors, the ASEAN CERT can play a crucial role in creating a safer digital environment for everyone in the region.

By fostering partnerships and sharing knowledge, the ASEAN CERT aims to bolster cybersecurity measures, effectively respond to cyber threats, and promote a more secure digital landscape in the ASEAN community.

Shariffa reiterated support for ASEAN initiatives like ASEAN CERT, highlighting that the Malaysian government is actively engaged in strengthening cybersecurity measures. They are currently working on a new Cybersecurity Bill aimed at granting the National Cyber Security Agency (NACSA) enhanced authority to safeguard the nation’s critical infrastructure from cyberattacks.

The proposed Cybersecurity Bill in Malaysia seeks to enforce robust security measures for critical national information infrastructure (CNII) owners and operators. By mandating appropriate security measures, the bill has the potential to significantly enhance Malaysia’s cybersecurity posture, bolstering the nation’s resilience against cyber threats and safeguarding its vital information assets.

Shariffa explains that the proposed Cybersecurity Bill aims to grant NACSA expanded investigative and response capabilities, while also imposing a requirement for CNII owners and operators to implement robust security measures.

This comprehensive approach would significantly bolster the protection of Malaysia’s critical infrastructure from cyberattacks, thereby reducing the risk of cyber espionage and enhancing the nation’s overall cybersecurity resilience.

Shariffa sees the proposed Cybersecurity Bill as a positive and transformative step that has the potential to make Malaysia a more secure nation in the digital age.

“With its comprehensive measures to strengthen cybersecurity, the bill can significantly enhance Malaysia’s resilience against cyber threats and safeguard the nation’s critical infrastructure and digital ecosystem,” she believes.

The CYDES 2023 event showcased the determination of ASEAN nations to address cybersecurity challenges and advance in this critical domain. With a focus on cooperation, a wealth of cybersecurity expertise and initiatives like the ASEAN CERT, the region is taking substantial steps towards enhancing its cybersecurity posture.

By continuing to invest in cybersecurity measures, fostering collaboration among member states, and leveraging their unique assets, ASEAN countries are well-positioned to create a safer and more secure digital environment for their residents and businesses in the ever-evolving digital age. Together, they can forge a path towards a more resilient and protected ASEAN region in the face of emerging cyber threats.