New ASEAN committee to implement norms for countries’ behaviour in cyberspace
SINGAPORE: ASEAN is one step closer to implementing norms that form the basis for responsible state behaviour in cyberspace, as countries in the regional grouping agreed to set up a working-level committee on the matter.
The committee was announced by Singapore's Minister-in-charge of Cybersecurity S Iswaran on Wednesday (Oct 2), at a press conference during the 4th ASEAN Ministerial Conference on Cybersecurity (AMCC).
READ: US, Singapore to collaborate on cybersecurity for ASEAN
READ: Singapore to pump in S$30m for new regional cybersecurity training centre
In 2018, ASEAN countries agreed to subscribe in principle to 11 voluntary, non-binding norms on appropriate state behaviour in cyberspace.
The norms were recommended from the 2015 United Nations Group of Governmental Experts (UNGGE) report.
The new working-level committee also plans to develop a long-term regional action plan to ensure effective and practical implementation of the norms.
Mr Iswaran shared that the group will focus on three areas: How the countries’ Computer Emergency Response Teams (CERTs) - which are expert groups that handle computer security incidents - can cooperate; protection of critical information infrastructure; and mutual assistance in responding to cybersecurity threats.
The committee will comprise officials from several states, primarily those who have been working on AMCC matters, said Mr Iswaran, who is also Minister for Communications and Information.
It will have a year to study the issue, and propose its recommendations at next year’s conference.
READ: Singapore launches S$10m programme to help boost ASEAN cybersecurity know-how
READ: Rules-based order for cyberspace needed to foster trust, confidence: Iswaran
During the press conference, Mr Iswaran said the “universal challenge” that the committee will face is in translating norms into practical actionable steps.
“The caveat is that we are working across borders, and different member states have diverse considerations, either because of their legislation or policy framework.
"We've identified some specific areas like what I described, but how it is to be defined as actionable areas, and what specific steps you want to take, still needs a bit more work,” he said.
When pressed on the specifics of the committee’s deliverables, Mr Iswaran said he did not want to prejudge the work of the committee because it needed to come up with a set of proposals that all member states could subscribe to.
“It may well turn up then there may be other initiatives where on a voluntary basis, others can move forward on," he said. "But certainly … We want tangible, actionable ways forward.”
READ: Singapore’s growing cybersecurity sector gets boost with accreditation status
At the press conference, UN Under-Secretary General Fabrizio Hochschild commended ASEAN for subscribing to the 11 norms by the UNGGE.
Mr Hochschild was part of the UN delegation that took part in dialogue with ASEAN representatives at the conference. In his opening remarks, he said that the adoption of the norms by ASEAN laid the basis for improved security in the region.
"We very much hope for Singapore and ASEAN to continue leadership in this area at a time when geopolitics is back and not easy.
"We need leadership of this region, Singapore in particular, to help forge global understanding and enhance the security and stability of the cyber-sphere and even more, impact this part of the analogue world,” added Mr Hochschild.
Earlier in the day, Mr Iswaran also announced that a new regional cybersecurity training centre will be based in Singapore and operational from April next year.
The ASEAN-Singapore Cybersecurity Centre of Excellence (ASCCE) will spend over S$30 million over the next five years to help ASEAN member states develop their cybersecurity capabilities.
The ASCCE will be located in the city centre at North Bridge Road and will offer programmes like a fellowship for senior executives from May 2020.
Under the Senior Executives Cyber Fellowship, each ASEAN member state will be able to send one senior executive for the 10-day programme, which will focus on areas in cybersecurity management like strategy and international policy.
Gloss