Cybersecurity has come to the forefront as digitalisation is becoming widely adopted. As countries and cities are looking toward realising smart public services, governments across ASEAN have rolled out various initiatives to mitigate cyber incidents.
Cybersecurity Initiatives in ASEAN Mapped
(Source: Business and Data Resilience – ASEAN Report)
Today at AIBP Insights: Strengthening Digital Trust, the panel addressed the role of cybersecurity in enabling smart cities, and assuring identity, privacy and data security. Key areas of attention include Secure Data Integration for Smart Cities and Material Challenges in Cost and Talent.
AIBP Insights is a series of discussions held online which brings together a focus group of ASEAN stakeholders to discuss topics related to enterprise technology adoption in the region.
Yudhistira Nugraha, Director, Jakarta Smart City, Indonesia, showcased their project on Jaki, Jakarta’s Smart City 4.0 Ecosystem Platform, which has been shortlisted for the 2021 ASEAN Enterprise Innovation Awards. The showcase highlighted the focus on digital identity and digital security, and how Jaki will serve to enhance Health, Safety and Productivity in the new normal with technology, innovation and collaboration.
The Enterprise Innovation Awards was established in 2017 by AIBP with the key objective of giving recognition to organisations who have embarked on projects to digitally transform their business through the adoption of innovative technology. The awards are held annually for ASEAN countries; Indonesia, Malaysia, Philippines, Thailand and Vietnam.
Secure Data Integration for Smart Cities
Creating smart cities and smart public services involve an ecosystem of stakeholders – and with data being a key driver, ensuring data integration in a secure manner is a key challenge.
Dr. Chalee Vorakulpipat, Principal Researcher, Head of Information Security Research Team, National Electronics and Computer Technology Center (NECTEC), Thailand, believes that digitalisation begins with data governance and building awareness about data. In Thailand, data governance frameworks and guidelines provide direction for development. He also highlighted the challenge of using open data securely across all parties involved – even with good internal data governance, the entire system may end up being compromised by risks faced by 3rd party partners and vendors.
Cyberattacks can occur at any point. Sathish Murthy, Director, Systems Engineering, Cohesity ASEAN / India, shared that an attack occurs every 7 seconds. He also mentioned that CIOs are traditionally used to reacting to threats, and this thought process must evolve and keep up with the evolution of cyberattacks as well. The first question that organisations must reflect on is whether they are prepared for unusual attacks. In the event that a cyberthreat manages to infiltrate multiple layers of protection, organisations must act swiftly and recover from the attack.
To address cyberthreats, Dato’ Ts. Dr. Haji Amirudin Abdul Wahab, Chief Executive Officer, CyberSecurity Malaysia, shared how they launched SiberKASA to strengthen Malaysia’s self-reliance in cyberspace. He believes that one must always consider worst case scenarios, especially as incidents happen and nothing is 100% secure. In addition to responding to threats, detection capabilities must also be strengthened. More importantly, beyond security, considerations for resilience and minimising disruptions must cover all elements, namely people, process and technology.
Public sector organisations have different needs from private entities. As CK Mah, Regional Director, Southeast Asia, Menlo Security, mentioned, while private organisations have mainly commercial considerations, public organisations have government obligations which involve securing critical infrastructure. Jose Carlos P. Reyes, Director, Cybersecurity Bureau, Department of Information and Communications Technology, Philippines, agreed that cybersecurity today may be considered a matter of national security. He highlighted how the Philippines have developed a country-wide sectoral approach where, in line with broader guidelines, each sector develops guidelines specific to their needs. A key focus also lies in developing information sharing capacity in the country.
In Jakarta Smart City, Yudhistira mentioned how the threat to data is much greater for their ecosystem. As governments process more sensitive data, an important area to address is how lost data can be managed or recovered. This does not only involve using technology and innovation, but also organisational processes and people. He also mentioned how it is important to build data governance across the ASEAN region in a secure manner. Even with cybersecurity measures in place, unusual attacks are unpredictable. The organisation must be resilient in the face of such threats and attacks. To this, Sathish mentioned the importance of backing up their data, and how advanced technology like AI may be used to protect against unusual threats like ransomware attacks.
Dr. Chalee highlighted the importance of building digital trust across government agencies, since IT healthcare involves different people and different areas of cybersecurity. He brought up a key challenge in educating people to understand cybersecurity, the importance of confidentiality and data privacy.
Material Challenges in Cost and Talent
The panel also brought up issues faced, such as cost and talent, in strengthening digital trust.
Both Dato’ Ts. Dr. Amirudin and Carlos mentioned aligning cybersecurity education for institutes of higher learning with industry needs. Carlos also highlighted the issue of brain drain among cybersecurity professionals, which Dato’ Ts. Dr. Amirudin highlighted as a global phenomenon. Dato’ Ts. Dr. Amirudin also shared how Cybersecurity Malaysia works with local and international partners, aligning cybersecurity standards with international standards.
Today’s panel also addressed the recurring question around the financial costs involved. This is especially so for government agencies with tight budgets. Yudhistira mentioned that infrastructure is costly, and solution providers may consider such constraints in servicing potential clients in the public sector. Viewing cybersecurity entirely from the technological perspective, Carlos shared how government agencies should assess their risks, prioritise their needs and adopt the right solutions.
For Dato’ Ts. Dr. Amirudin, cybersecurity should not be perceived as an investment rather than as a cost, especially as cybersecurity is part and parcel today. He believes that this is more a business issue than an IT issue. More importantly, dealing with repercussions is more costly than investing in cybersecurity.
Stay tuned for more sessions coming up this month on Digitalisation for Smart Cities and Public services. The AIBP Insights series will continue this month, where we will host focus groups on enterprise digitalisation in ASEAN. Finalists of the 2021 ASEAN Enterprise Innovation Awards and will also be showcasing their innovation projects for their organisation.
Feel free to drop us a message if you would like to view the full session replay, or if you wish to find out more about upcoming focus groups!
2 November 2021