Close this search box.

We are creating some awesome events for you. Kindly bear with us.

David Koh, Chief Executive, Cyber Security Agency on building cybersecurity capacities in Singapore and the ASEAN

This is Part 2 of a 3 part series. Read Part 1 and Part 3 here.

Cybersecurity has risen to the top of both national and international agendas. Government leaders from all over the world said that without cybersecurity there is no real national security. The boom of the digital economy and the digitalisation of businesses and society especially during the COVID-19 pandemic has now put the private sector at the centre of cybersecurity debates. Recent data mismanagements, or the revelations that social media sites compromised the data of millions of their users, highlight the central role that the private sector plays in cybersecurity. Undeniably, corporations are key players in the digital realm whether it is as distributors of malicious software, victims of cyber-attacks, or first responders to security breaches.

David Koh, Chief Executive, Cyber Security Agency of Singapore

In the issue of cyber insecurity, the question lingers; what is the role of the private sector in cybersecurity policies, and how can this co-exist with the traditional responsibilities of government? On a podcast by the Centre for Strategic and International Studies (CSIS), co-hosts Jim Lewis and Chris Painter talked with David Koh, Chief Executive of the Cyber Security Agency of Singapore (CSA). They discussed the integration between the private and public sectors in improving cybersecurity capacities.

Mr Koh recalled that he hosted one inter-sessional meeting which was attended by 100 States, 114 non-governmental stakeholders from the private sector, civil society academia, as well as the technical community. He said that he was fundamentally shocked as to how many people from all over the world, from many dimensions, were committed and so deeply involved and had such great ideas on cybersecurity. For him, this only shows that dealing with cyber requires a multi-stakeholder strategy. For example, most internet infrastructure is being controlled/managed by private industries. A partnership between both public and private sectors can help in trying to boost cyber resiliency policies and programmes.

Furthermore, a lot of the technologies coming out are from industries, academes, and civil societies. Therefore, a multi-stakeholder engagement is an ideal method to improve cyber resilience on a bigger scale. Mr Koh noted that at an intellectual level, everyone understands cyber so everyone must also be committed to trying to find viable solutions. He also emphasised that cybersecurity is the key factor in achieving an open and secured internet environment that can help boost domestic and international economies.

Mr Koh said that countries have different perspectives and angles about cybersecurity. Therefore, the UN OEWG gave both private and public sectors the platform to voice their varying ideas regarding cybersecurity. The forum also helped in terms of building the cyber capacities of ASEAN and other developing countries.

Mr Koh and the CSA view cyber capacity building as a collective effort. For the agency, cybersecurity is only as good as its weakest link. Therefore, Singapore has made it a point that they include ASEAN countries in this endeavour to fully improve cyber resiliency in the region. First, CSA is very interested in cybersecurity awareness-raising efforts in ASEAN. Secondly, CSA has a strong interest in facilitating the sharing of best practices and capacity building efforts in ASEAN. Likewise, non-member countries of the ASEAN can also do dialogue with the association so there will be a broader agreement that cyber resiliency is an urgent concern for everyone. The CSA believes that things will be much more effective if they are properly coordinated on a much larger scale.

To support cyber capacity-building efforts, Singapore launched the ASEAN-Singapore Cybersecurity Centre of Excellence (ASCCE), an extension of the ASEAN Cyber Capacity Programme (ACCP). It aims to build more secure and resilient cyberspace through capacity building programmes for ASEAN senior policy and technical officials with decision-making responsibilities. The ASCCE seeks to fulfil three principal functions:

  1. Conduct research and provide pieces of training in areas spanning international law, cyber strategy, legislation, cyber norms, and other cybersecurity policy issues
  2. Provide CERT-related technical training as well as facilitate the exchange of open-source cyber threat and attack-related information and best practices
  3. Conduct virtual cyber defence training and exercises

The ASCCE undertakes a modular, multi-disciplinary and multi-stakeholder approach to deliver these programmes. The ASCCE engages top cyber experts and trainers and collaborates with ASEAN member states, ASEAN dialogue partners and other international partners including Australia, Canada, the European Union, Japan, New Zealand, the Republic of Korea, the United Kingdom, and the United States, in designing and delivering cybersecurity capacity-building programmes.

The ASCCE delivers programmes in consultation with the International Advisory Panel (IAP) comprising senior representatives from key partner countries and international organisations. The ASCCE will also review and further develop its training curriculum with the support of the International Programme Committee (IPC), which comprises experts from participating countries and international organisations.

Mr Koh and the CSA continue to follow the four Ms when building cybersecurity capacities. First is a multi-disciplinary approach, where capacity-building programmes cover not only technical and operational subjects but policy topics as well for a holistic approach to cybersecurity. The second is multi-stakeholder, where it is recognised that governments need support from industries in the private sector. The third is modular where programmes should build upon and incrementally increase the difficulty level to develop the capacities and proficiencies of the participants and lastly is a matrix, where agencies like the CSA can measure the effectiveness of their campaigns over time.


Qlik’s vision is a data-literate world, where everyone can use data and analytics to improve decision-making and solve their most challenging problems. A private company, Qlik offers real-time data integration and analytics solutions, powered by Qlik Cloud, to close the gaps between data, insights and action. By transforming data into Active Intelligence, businesses can drive better decisions, improve revenue and profitability, and optimize customer relationships. Qlik serves more than 38,000 active customers in over 100 countries.


As a Titanium Black Partner of Dell Technologies, CTC Global Singapore boasts unparalleled access to resources.

Established in 1972, we bring 52 years of experience to the table, solidifying our position as a leading IT solutions provider in Singapore. With over 300 qualified IT professionals, we are dedicated to delivering integrated solutions that empower your organization in key areas such as Automation & AI, Cyber Security, App Modernization & Data Analytics, Enterprise Cloud Infrastructure, Workplace Modernization and Professional Services.

Renowned for our consulting expertise and delivering expert IT solutions, CTC Global Singapore has become the preferred IT outsourcing partner for businesses across Singapore.


Planview has one mission: to build the future of connected work. Our solutions enable organizations to connect the business from ideas to impact, empowering companies to accelerate the achievement of what matters most. Planview’s full spectrum of Portfolio Management and Work Management solutions creates an organizational focus on the strategic outcomes that matter and empowers teams to deliver their best work, no matter how they work. The comprehensive Planview platform and enterprise success model enables customers to deliver innovative, competitive products, services, and customer experiences. Headquartered in Austin, Texas, with locations around the world, Planview has more than 1,300 employees supporting 4,500 customers and 2.6 million users worldwide. For more information, visit


SIRIM is a premier industrial research and technology organisation in Malaysia, wholly-owned by the Minister​ of Finance Incorporated. With over forty years of experience and expertise, SIRIM is mandated as the machinery for research and technology development, and the national champion of quality. SIRIM has always played a major role in the development of the country’s private sector. By tapping into our expertise and knowledge base, we focus on developing new technologies and improvements in the manufacturing, technology and services sectors. We nurture Small Medium Enterprises (SME) growth with solutions for technology penetration and upgrading, making it an ideal technology partner for SMEs.


HashiCorp provides infrastructure automation software for multi-cloud environments, enabling enterprises to unlock a common cloud operating model to provision, secure, connect, and run any application on any infrastructure. HashiCorp tools allow organizations to deliver applications faster by helping enterprises transition from manual processes and ITIL practices to self-service automation and DevOps practices. 


IBM is a leading global hybrid cloud and AI, and business services provider. We help clients in more than 175 countries capitalize on insights from their data, streamline business processes, reduce costs and gain the competitive edge in their industries. Nearly 3,000 government and corporate entities in critical infrastructure areas such as financial services, telecommunications and healthcare rely on IBM’s hybrid cloud platform and Red Hat OpenShift to affect their digital transformations quickly, efficiently and securely. IBM’s breakthrough innovations in AI, quantum computing, industry-specific cloud solutions and business services deliver open and flexible options to our clients. All of this is backed by IBM’s legendary commitment to trust, transparency, responsibility, inclusivity and service.