The Ministry of
Digital Economy and Society (MDES) of Thailand and Ministry of Internal Affairs
and Communications (MIC) of Japan are partnering for the establishment
of a ASEAN-Japan Cybersecurity Capacity Building Centre (AJCCBC) in Thailand in
June. The Centre is expected to play the key role in mitigating cybercrime in
the region as well as getting ready for the establishment of ASEAN-CERT.

According to Bangkok
Post, at the ASEAN Telecommunications and IT Ministers meeting
(Telmin)  meeting in Cambodia in December 2017, Thailand was chosen to be
the hub of ASEAN cybersecurity training and tasked with improving the skills of security-related agencies of 10 countries.

The objective of the project is to develop cybersecurity
workforce particularly in governmental agencies and Critical Information
Infrastructure operators in ASEAN with the aim of enhancing cybersecurity
awareness, strengthening information security and data protection, and
promoting information sharing. All elements are essential for the development
of standardised Incident Reporting Framework across the region and the
establishment of ASEAN-CERT. This is in line with the ASEAN
ICT Master Plan 2020 Strategic Thrust 8: Information Security and
Assurance, which is directed towards creating a trusted ASEAN digital economy
and improving cyber emergency responses and collaboration.

The project has received funding from Japan (JAIF: Japan-ASEAN Integration Fund) and supports in terms of technical expertise to enable effective delivery of cyber training for ASEAN Member States. MDES has mandated the Electronic Transactions Development Agency or ETDA to be the lead agency on
this project, taking into consideration its extensive experience in
cybersecurity workforce development.

ETDA announced the
planned launch of 3 courses at the upcoming Centre to prepare the cybersecurity
workforce in ASEAN to face the rising threats of cyber-attacks.

The courses to be conducted are: 1) CYDER (Cyber
Defense Exercise with Recurrence) focuses on handling cybersecurity incidents. This
course has been adopted by the Government of Japan to train cybersecurity
personnel across the country during the past five years, with over 5,000
participants from more than 1,500 organizations; 2) Forensics deals
with digital evidence of cyber-attacks; and 3) Malware Analysis covers
the analysis of various types of malware according to the trend of cyber
threats.

All courses are designed to allow participants to learn the
theory as well as gain hands-on experience. Content of the courses will be
updated at least on an annual basis to keep up with the evolving cyber threat
landscape. The Centre aims to develop at least 700 cybersecurity personnel in
ASEAN in four years.

In addition to conducting the courses, the Centre will also organise
an annual Cyber SEA Game, a
regional cybersecurity contest to nurture young talent in the field. The
winning team will receive the opportunity to attend international competition
in Japan. During the initial 4 years of
this project, Japan will help ASEAN develop cybersecurity personnel and provide
essential knowledge transfer for the long-term management and sustainability of
this Centre.  

Dr. Pichet Durongkaveroj, Minister of MDES, said, “MDES
has been working in parallel with ASEAN and Japan. While Japan is preparing for
financial capital, Thailand is proceeding with the approval of project detail
that is under review by ASEAN and Japan. In the meantime, Thailand is getting
the people, process, and location ready to take immediate action upon approval
of the budget. This includes action plan, course curriculum, and other
logistics. We expect to officially launch the Centre this June and conduct the
first training for ASEAN altogether.”

Surangkana Wayuparb,
CEO of ETDA stated that the Centre is going to deliver
cybersecurity training every two months or at least six times a year targeting
government officials and Critical Information Infrastructure personnel.

The Thai Government’s
press release notes several advantages for Thailand having been selected the host
country. It offers an opportunity for Thailand to learn and adapt
international practices in cybersecurity workforce development to benefit the
country, while also building a network of cybersecurity experts in ASEAN for
better cooperation in the future.

According to the
press release, the future of this Centre is a matter of discussion for the
whole of ASEAN to discuss and decide.  Thailand will continue to promote and
support this Centre by exploring future partnership and sponsorship from other
sources such as ASEAN dialogue partners, private companies, and the ASEAN ICT
Fund.

ASEAN focusing on cybersecurity

Cybersecurity is a
key area of focus for ASEAN. Singapore is the chair of ASEAN for 2018. Singapore’s
Foreign Minister Dr Vivian Balakrishnan has emphasised
that ASEAN countries “need to step up, and to step up urgently, collaboration
on cybersecurity, because you can’t have a smarter world, you can’t have
e-commerce, you can’t have seamless digital transactions if you don’t have
cybersecurity. It’s the flip side of the coin.”

An ASEAN CERT
Incident Drill (ACID) is held annually. The latest
edition was held in Vietnam in September 2017, involving the ten members of
ASEAN as well as five dialogue partners – Australia, China, India, Japan, and
South Korea.

At the 2nd ASEAN
Ministerial Conference on Cybersecurity, it was revealed
that Singapore will set aside S$1.5 million of the ASEAN Cyber Capacity
Programme (ACCP) to build technical capability among incident responders and
operators in the ASEAN region. The
S$10 million ACCP was announced at
the Opening Ceremony of the inaugural ASEAN Ministerial Conference on
Cybersecurity during the first Singapore International Cyber Week in 2016.
Through a modular, multi-stakeholder and multi-disciplinary approach, the ACCP
seeks to develop technical, policy and strategy-building capabilities within
ASEAN Member States through workshops, seminars and conferences organised, in
collaboration with partners such as Government agencies, industry players and
Non-Governmental Organisations (NGOs), including the US Department of State,
the MITRE
Corporation, Cyber Law International and the ICT4Peace Foundation.

At the same
conference, ASEAN Member States expressed their
support for the development of basic, operational and voluntary norms of
behaviour to guide the use of ICTs in a responsible manner, in line with the 2015
Report of the UN Group of
Governmental Experts on Developments in the Field of Information and Telecommunications
in the Context of International Security.

The recent Sydney
Declaration at the inaugural ASEAN-Australia Summit also includes
a commitment to deepening cooperation on cyber security.