The lack of cybersecurity capacity building frameworks in Asia

News item | 20-06-2016

Asian nations are experiencing rapid development of ICT and are dealing with various cyber security threats on government computer network and critical sectors. According to the FireEye Advanced Threat Report for the Asia Pacific, Advanced Persistent Threat (APT) activity was consistently high in South Korea, Taiwan, Hong Kong and Japan during the first six months of 2014 which contributed to more than 80% of the total APTs in the region. The region was 35% more likely to be targeted by advanced cyberattacks compared to the global average. A customized capacity building initiative for the region for Asia is therefore crucial. However a well-defined framework that focuses on Asian cybersecurity capacity building has yet to be developed.

Written by: Dr. Amirudin Abdul Wahab, Chief Executive Officer at Cybersecurity Malaysia, the National Cyber Security Centre under the Ministry of Science, Technology and Innovation (MOSTI) in Malaysia.

Cyber capacity building via ASEAN

The issues of capacity building have been addressed in several discussions at the ASEAN Regional Forum (ARF) level. The Council for Security Cooperation in Asia Pacific, through its Memorandum No. 20 entitled “Ensuring a Safer Cyber Security Environment” has recommended ARF to implement capacity building and technical assistance measures. It recommended that priority should be given to strengthen the cybersecurity crisis management in all states.

The ASEAN ICT Master Plan 2015 that was launched in 2011 provides a framework for the development of Information and Communication Technology (ICT) within the ASEAN region. It stated that the strategic thrust of human capacity development is to develop competent and skilled human capital in ICT. The development of ICT Skill Standards definition and certification in information system and network security has been initiated as one its prioritized projects. ASEAN has also established the ASEAN Network Security Action Council to establish a common framework for network security which includes capacity building and training programs for national CERTs.

Avenues for cooperation on cyber capacity building in Asia

Currently, a holistic cybersecurity capacity building initiative that can be deployed across the region within Asia is not available. The creation of an Asian platform for security cooperation should be an option to consider as Asian countries share common values, culture and norms which are appropriate in cybersecurity capacity building collaboration. Existing capacity building programs are not congruent and streamlined with the regional interests that share common cultural values and security interests. A holistic framework of cybersecurity professional certification is therefore required to address the needs in developing and nurturing expertise as well  as technical know-how in the cybersecurity human capital in the region as well as enabling private-public partnerships, multi-level collaboration and creating skills pathway for the growth of the cybersecurity industry.

The Global Accredited Cybersecurity Education

Malaysia has established the Global Accredited Cybersecurity Education (ACE) Scheme which is currently in the development stage. Interested parties can submit their interest to participate as development team member. The objectives of the Global ACE Scheme are as follows:

1. To create a world class competent work-force in cybersecurity;
2. To establish a professional certification programme that is recognized by the  government, private sector, industries and NGOs within the OIC countries;
3. To promote the development of cybersecurity professional programmes within the region;
4. To provide cybersecurity professionals with the right knowledge, skills, abilities and experience;
5. To ensure that accredited personnel are independently assessed and committed to a consistent and high quality service level;
6. To be the cybersecurity professional training centres/programme for OIC countries and ASEAN.

The development of skilled cybersecurity professionals cannot be attained overnight. It will take time to get the right people into this profession. To address the human capital gap requires a combination of strategic public-private collaboration and incentives from various parties such as scholarships, mentorships or internships to guaranteed employment. We need to create a knowledge generation capable of fending off the ever-evolving cybersecurity threats. Last but not least, we need to truly produce high-value and skilled digital citizens of the future that will keep our cyber space safe as we head into a new digital economy order.