Robust and coordinated capacity building for a secure and resilient cyberspace

News item | 07-06-2017

Singapore’s approach to international cyber cooperation

To achieve a secure and resilient cyberspace, it is essential for countries to adopt a rules-based system with practical and implementable norms of behaviour. To this end, Singapore supports robust and coordinated cyber capacity building, and has launched the S$10 million ASEAN Cyber Capacity Programme (ACCP). The ACCP is a multi-disciplinary, modular, multi-national and multi-stakeholder initiative, and complements existing ASEAN cyber capacity building efforts. Singapore also sponsors the CyberGreen initiative and promotes the ASEAN CERT Maturity Framework, which contribute to capacity building efforts.

Written by: Mr. David Koh, Chief Executive, Cyber Security Agency of Singapore (CSA)

A rules-based system for cyberspace

Cyber is an enabler of economic progress and higher standards of living.  As a small state and an international economic hub in areas such as banking and finance, telecommunications, maritime and aviation, Singapore supports a rule-based cyberspace with well-defined practical and implementable voluntary norms of behaviour. As such, Singapore supports the work of the UN Group of Governmental Experts (UNGGE) on Developments in the Field of Information and Telecommunications in the Context of International Security, and other international platforms in discussing and developing voluntary norms of behaviour. Singapore stands ready to participate in these conversations and to contribute to them, in partnership with other ASEAN Member States.

Singapore’s approach to cyber capacity building

For cyberspace to be an effective force for economic progress, it must be governed by well-defined and practical norms of behaviour supported by robust confidence building measures (CBMs). In determining such norms and CBMs, states must be allowed to take into account their unique historical and social contexts, and geopolitical situations. When this happens, states can work together to protect their interests in cyberspace in the face of ever-evolving cyber threats.

The ability of individual states to implement these norms and CBMs depends on their domestic cyber capacity, not just in technical and operational areas, e.g. cyber incident response, but also in other areas such as cyber policy, strategy building, legislation and diplomacy. As individual states develop stronger cyber capacity, they will become more confident and secure in cyberspace. As a result, states will be able to further develop norms, which can possibly result in an international agreement in the long term. Cyber capacity building is therefore a key ingredient in ensuring the security and resilience of cyberspace. In this regard, Singapore welcomes initiatives such as those spearheaded by the Global Forum for Cyber Expertise (GFCE) to coordinate and enhance global cyber capacity building.

ASEAN Ministerial Conference on Cybersecurity (AMCC) 2016

Singapore’s ASEAN Cyber Capacity Programme (ACCP)

To highlight the importance of cyber capacity building, Singapore’s Minister-in-charge of Cybersecurity Dr. Yaacob Ibrahim announced the S$10 million ASEAN Cyber Capacity Programme (ACCP) during the inaugural Singapore International Cyber Week (SICW) in October 2016. The ACCP complements existing ASEAN cyber capacity building efforts, and has five key features:

  • Multi-disciplinary: It covers not only technical and operational areas, but also areas such as cyber policy, strategy building, legislation and diplomacy.
  • Modular and flexible: This will allow programmes to be tailored and be adapted to theneeds and different audiences, ensuring a targeted approach to capacity building.
  • Multi-national coordination: It is more effective for countries to pool resources for international and regional cyber capacity building efforts. This coordination avoids overlap and duplication of efforts. Since 2016, Singapore has started cooperating with trainers from the US, the Netherlands, UK, Japan and Australia as well as the various ASEAN Member States in capacity building efforts.
  • Multi-stakeholder: Singapore recognises the expertise and resources that industry, NGOs and academia can bring to cyber capacity building. The ACCP will involve these stakeholders to enhance the quality and breadth of our programmes.
  • Complementary: ACCP seeks to work with existing international and regional cyber capacity initiatives including the CyberGreen initiative, so as to minimize duplication and to benefit from a well-organized coordination of efforts.

Within the ACCP, Singapore plans to organize regular ASEAN Cyber Norms and ASEAN Cybersecurity Capacity Building workshops, in collaboration with the Singapore Cooperation Programme and Third Country Training Programme. As part of our contribution to continuing ASEAN and international cybersecurity discussions, Singapore will host the second Singapore International Cyber Week (SICW) from 18-21 September 2017. SICW will also comprise the second ASEAN Ministerial Conference on Cybersecurity (AMCC) and International Cyber Leaders’ Symposium (ICLS).

Supporting ASEAN cyber capacity building

Singapore promotes the ASEAN CERT maturity framework, which enhances ASEAN’s approach to levelling up incident response capabilities in a coordinated and targeted manner.  It can serve as a common reference to determine the maturity level of respective ASEAN Member States’ national CERTs, and systematically identify gap areas where appropriate training or capacity building effort can be directed to. A common framework will also enable mutual understanding and facilitate enhanced collaboration among CERT partners in times of need, thereby increasing the collective cybersecurity level of ASEAN. ASEAN can further bolster its cyber capacity through the ASEAN CERT Maturity Framework, in collaboration with Dialogue Partners and international organisations, in areas such as information sharing, threat awareness building, exchange of best practices, CERT-CERT cooperation and exercises. These build on existing efforts, like the ASEAN CERT Incident Drill (ACID), which Singapore has been hosting since 2006.

Singapore is a cornerstone sponsor of CyberGreen, a global initiative to create a resilient and healthy cyber ecosystem. CyberGreen has a well-established system to aggregate global open source information into an index for cyber health, which is amongst others available for ASEAN Member States to gauge their own cyber health status. The increased awareness will empower ASEAN Member States to take appropriate preventive actions, to better mitigate cyber risks. The Singapore Computer Emergency Response Team (SingCERT), under the Cyber Security Agency of Singapore (CSA), will collaborate with Cybergreen to identify and remediate different classes of threats, and develop response mechanisms required to counter those threats.

All in all, Singapore’s underlying approach to cyber cooperation is grounded in a rules-based system for cyberspace – one that is secure, resilient and highlighted by robust and coordinated capacity building. This is in close coordination with cyber norms and confidence building, to form a holistic model of international cyber engagement.

This article first appeared in the third issue of the Global Cyber Expertise Magazine – May 2017