Asean nations have agreed to establish a regional computer emergency response team (CERT) as part of steps to strengthen cooperation between member nations to evolve a joint cybersecurity strategy.
Announcing this, Singapore’s Minister for Communications and Information (MCI), Josephine Teo, said on Thursday, during the Asean Ministerial conference on cybersecurity, held as part of the Singapore International Cyber Week 2022 (SICW), that the region had made “significant strides” in strengthening its “collective cybersecurity”.
In this context, she mentioned that in January this year, the second Asean cybersecurity cooperation strategy was adopted during the second Asean Digital Ministers’ Meeting (ADGMIN).
Teo said Singapore “looks forward to working with our Asean partners to implement this strategy over the next few years”.
She added that the establishment of the CERT was a key initiative in the strategy.
“We have conducted the Asean CERT Incident Drill (ACID) annually since 2006, to strengthen the preparedness of our countries’ CERTs.
“Given the growing sophistication of cyberattacks, Asean Member States (AMS) recognise that we need to be even more intentional in strengthening regional CERT-to-CERT collaboration. AMS, therefore, agreed to establish an Asean regional CERT as part of the strategy adopted this yea,” Teo said.
Teo said the regional CERT has been envisioned as a virtual centre comprising analysts and incident responders from across the Asean region.
“They will work closely to ensure timely information sharing during an incident. For example, if a supply-chain attack was to occur, regional CERT analysts would rapidly share information from their respective countries and jointly develop advisories when needed,” Teo said.
Agreement with Germany
During the SICW, the Cyber Security Agency of Singapore (CSA) and Germany’s Federal Office for Information Security (BSI) signed a Mutual Recognition Arrangement (MRA) on the cybersecurity labels to be issued by both countries.
Speaking at the International IoT security roundtable 2022, Singapore’s senior minister of state at MCI, Janil Puthucheary said the mutual recognition would further promote the “harmonisation of standards, reduce duplicated testing and costs for manufacturers globally, and improve market access for consumer IoT manufacturers between Germany and Singapore”.
The MRA will first start with consumer devices, such as smart cameras, smart TVs, health trackers etc, and this list will grow over time as CSA and BSI work through the various product categories, he said.
The Minister said that in addition to signing these MRAs with countries with similar schemes, Singapore has been working with industry and government partners to put up a proposal to develop an international standard, ISO 27404, which defines a universal cybersecurity labelling framework (UCLF) for consumer IoT.
“The UCLF will serve as a guide for countries that are looking to implement and set up their own labelling schemes for consumer IoT. This will facilitate future MRAs across various countries, as existing standards would be harmonised through the UCLF,” Puthucheary said.