Singapore champions Asean CERT as region’s cyber armour

The Asean Regional Computer Emergency Response Team (CERT) has been officially established and acts as a virtual hub comprising incident analysts and respondents from all member states. It is believed to play a key role in strengthening the region’s cyber resilience amid an increasingly complex threat landscape.

It would deepen cooperation between ASEAN member-state CERTs and strengthen the region’s cybersecurity, said Communications and Information Minister Josephine Teo, speaking at the Asean ministerial conference in Singapore on Thursday.

Noting that the region has been conducting annual CERT incident drills since 2006 to increase the readiness of CERTs in each country, Teo said the establishment of the Asean CERT is an important step in building regional cyber resilience.

There are currently 10 ASEAN member states, including Singapore, Indonesia, Thailand, Malaysia and the Philippines. The region agreed in September 2018 on the need for a formal framework to coordinate cybersecurity efforts, outlining cyber diplomacy, policies and operations.

Analysts and incident responders in the regional CERT would ensure a timely exchange of information when there is a cybersecurity incident in one of the Member States, such as B. an attack on the supply chain.

The CERT served eight functions, including facilitating coordination and information sharing between national CERTs and developing partnerships with industry and academia stakeholders. These served to strengthen ASEAN’s readiness to deal with the changing cyber landscape through greater regional coordination of incident response and greater cooperation on critical information infrastructure (CII) protection. The latter would include cross-border CII such as aviation, shipping, and banking and finance.

“Regional CERT analysts would quickly share information from their own countries and jointly develop recommendations as needed,” Teo said. “We’re weaving a tighter web that will hopefully help prevent cyberattackers from getting through too easily.”

Also Read :  The new Pittsburgh Digital Equity Coalition is tackling the region's digital divide

She said that the regional CERT now needs to be operationalized, adding that Singapore has circulated a draft operational framework and is receiving feedback from member states.

This document describes the purpose, scope, functions, mechanism, composition and partners of the ASEAN Regional CERT. The facility is set to be in place by 2024 after member states agree on both the operational framework and the funding model.

For the Asean CERT to be effective, every member state would need to be on board and sharing information freely, said Alex Lei, senior vice president for Asia-Pacific Japan at security provider ProofPoint.

Although it was early to assess its effectiveness, establishing a multi-country CERT is a positive step forward, Lei said in an interview with ZDNET on the sidelines of the conference, held in conjunction with Singapore International Cyber ​​Week.

He noted that the cyber competitive landscape is “one-sided” with the “defenders” often operating in silos such as organizations and nations, while the attackers operate in a market that lacks national divisions. Ransomware attacks are also offered as a service and hacking tools are sold freely, he said, with all hackers working together.

Defenders, on the other hand, are concerned about their proprietary data, he added, but noted that this is starting to change now that there is more willingness to share intelligence about threats.

“For the Asean CERT to work, the free exchange of ideas and information is important, otherwise you lose the impact of what you see [in the threat landscape],” he said.

Teo also pointed to the need to implement “rules, norms and principles” for responsible government behavior in cyberspace. Asean, she said, remained the first and only regional group to subscribe in principle to the United Nations (UN) 11 voluntary, non-binding standards for responsible government behavior in the use of ICT.

Also Read :  IonQ Secures Contract to Provide Quantum Solutions to United States Air Force Research Lab

“All of us in ASEAN appreciate the importance of an open, secure, stable and interoperable cyberspace based on mutual trust and trust,” she said. “Developing the ‘rules of the road’ for cyberspace requires conscious and consistent effort. We must actively implement the 11 voluntary and non-binding standards.”

She noted that an action plan to put these principles into practice was approved last year, outlining concrete steps ASEAN members could take and specific areas they could focus on to drive capacity-building.

Importance of clarity and preparedness in incident response

Defining the steps to be taken is particularly important to better guide organizations in mitigating security risks and incidents, said Kunal Anand, CTO of Imperva, in an interview with ZDNET.

He found that organizations were overwhelmed by the deluge of tools, concepts, and frameworks being hurled at them by security vendors. Market participants also propagated different messages to address security risks, making it even more confusing for organizations, Anand said.

It could be difficult for companies to truly understand their risks, knowing what to invest in and who to hire, he said, noting that this should be addressed by providing companies with playbooks outlining clear steps suggest for protection.

Referring to Singapore’s CII Supply Chain Guidance, he noted that the document is currently non-prescriptive and offers little as a constructive playbook for companies to implement if they experienced a supply chain attack.

The CII Supply Chain Program Paper, published by the Cyber ​​Security Agency (CSA), aimed to mitigate supply chain risk through five key areas, including a toolkit for CII owners to identify and assess supply chain risk. For example, if there were another Log4j, CII operators would need to know how to respond to a supply chain vulnerability, what steps to take, and how to communicate and talk about it with their ecosystem, Anand said.

Also Read :  The StrykerX Is Loaded Up With Lasers and Drones

The paper instead took a general view and did not address specific steps companies should take to mitigate and address supply chain risks. He also pointed to the need to combine cybersecurity risks with financial risks. “We need to be more prescriptive so companies know where to start and what to do,” he said, adding that Singapore could codify core principles and measures in such playbooks.

However, he pointed out that the Asian nation is among the most advanced in terms of cybersecurity preparedness, with CSA claiming many safeguards and policies like the Supply Chain Paper to support local industry.

Sascha Giese, SolarWinds Head Geek, also stressed the need for companies to know exactly what to do in the event of a breach.

Asked about gaps that needed to be filled. Giese said companies are still not prepared for worst-case scenarios and their employees are not adequately trained on what to do in the event of a breach.

For example, conducting incident response drills would allow organizations to refine policies and steps their employees should take, including public statements the organization should make when a breach has occurred.

“Preparation is everything. You don’t just put a fire extinguisher by the door when there’s a fire,” he said. “That’s what’s still missing today, even in large companies.”



Leave a Reply

Your email address will not be published.