Enhancing Cybersecurity Skills of Professionals in ASEAN

Cybercrime is one of the greatest threats not just for the individuals and for the private sector, but also for government and the ASEAN region as a whole.Cybersecurity Venturespredicts cybercrime will cost the world in excess of $10.5 trillion annually by 2025, up from $3 trillion in 2015. The ASEAN region is facing the same cybercrime trend that is set to rise exponentially according to the INTERPOL’s ASEAN Cyberthreat Assessment 2021 report. As cybercrimes increase, the need for a skilled cyber workforce has also surged. Unfortunately, the supply of skilled workforce does not keep up with the demand. Cybersecurity Ventures predicts that there will be a global shortage of an estimated three million cybersecurity professionals by 2021. Cybersecurity workforce shortage is a major issue in ASEAN. “We still lack hundreds of thousands (of cybersecurity experts), and to produce that many workforces, we are still far left behind,” Dr. Chaichana Mitrpant, the Chief Executive of the Electronic Transactions Development Agency of Thailand, reflects on the rationale for the establishment of theASEAN-Japan Cybersecurity Capacity Building Centre(AJCCBC) in 2018. He added that government and the private sector must invest more in skills growth and development to keep pace with more frequent and more sophisticated cybercrimes. The establishment of AJCCBC addressed the need for human resources development in the field of cybersecurity as highlighted at the 10th ASEAN-Japan Information Security Policy Meeting in 2017. The Government of Japan through the Japan-ASEAN Integration Fund (JAIF) has been supporting the establishment of AJCCBC and its activities. In addition to the financial contributions, AJCCBC has been receiving technical supports from the Ministry of Internal Affairs and Communication of Japan. Through a combination of software, laboratory, training courses and competition, AJCCBC has positioned itself as an important platform in the region to increase the capacity of cybersecurity experts and build close cross-border relations among the ASEAN Member States (AMS).

Japan and ASEAN are committed to enhance the skills of cybersecurity professionals in the region and as of today, nearly 600 participants from government, critical infrastructure officials and students participated in the Cyber Defense Exercise with Recurrence (CYDER) trainings and Cyber SEA Games since 2017. The CYDER trainings allowed the government and critical infrastructure officials to experience and learn the method of incident handling based on an actual cyberattack and other practical exercises. In addition, to enhance awareness of the need for expertise and recognition of talents on cybersecurity, the Cyber SEA Games were conducted regularly, providing the opportunities for students and young professionals to test their offensive and defensive security skills. Let’s hear the stories from two project beneficiaries on their remarkable experiences and notable takeaways from the CYDER training and Cyber SEA Game in 2020.

Atsawin Srisawat, System Administrator and Cybersecurity Administrator, National Intelligence Agency, Thailand

Atsawin has been working with the National Intelligence Agency of Thailand for about five years. As system administrator and cybersecurity administrator, dealing with cyberattacks has been the biggest challenge for him. “Cyberattacks can be committed from anywhere and they could come from Thailand or other countries with varying scenarios”, Atsawin explains the dynamics. Even though he received a number of trainings before, he found the three-day training conducted by AJCCBC really useful when responding to more advanced cyberattacks because he learned various scenarios from Japan and other AMS.

After participating in the CYDER training in February 2020, he gained knowledge on the methods of incident handling from several cybersecurity-related scenarios in Japan which are highly relevant to his work. “I also learned a lot about software tools from the Japanese expert, including open-source tools which I applied in my work now,” Atsawin recalled. With open-source tools, other government agencies in Thailand could easily use and modify their respective programming codes to secure their agencies’ systems and data. He further added that he was able to learn more about investigating a network traffic pattern that can provide insight into the source of an attack from network forensic course – one of the topics taught in the training. He also enthusiastically showed the manual he received from the training while describing that “the manual is really useful as it captures the concepts to protect against malwares.”

The training is consisted of three main programs i.e., lectures, practical exercises, and team discussions. He particularly enjoyed the group discussion as he was able to exchange information and establish a network with other AMS. Atsawin looks forward to seeing how the knowledge and network he gained from the training can trickle down to his agency in protecting systems and critical information infrastructures.

Chuen Yang Beh, Junior College Student, Hwa Chong Institution, Singapore

At his relatively young age of 17, Chuen Yang was able to pass the national-level test to participate in the Cyber SEA Game 2020. “The selection process was conducted by the Cyber Security Agency of Singapore and open to anyone below the age of 30 which made it really competitive,” he looked back to his time completing two challenges within two hours. The junior college student teamed up with another junior college student, a university student and a security engineer from his country and won the first place after competing against other AMS.

In the 2020 competition, the participants engaged in a Capture the Flag (CTF) competition design to enhance technical knowledge, skills and experience as well as teamwork. “Only a handful of organisations have the experience and capacity to hold a CTF competition due to its specific nature,” Chuen Yang said. He added that the Cyber SEA Game conducted by AJCCBC is a prominent event and undoubtedly effective not only in enhancing technical knowledge but also raising awareness of cybersecurity in ASEAN because it engaged participants from all AMS. 

“Before I entered the competition, I had limited training and I mostly learned from the local trainings that I attended”, he shared. Chuen Yang saw the Cyber SEA Game as an opportunity to learn because he was able to gain a massive amount of knowledge within a short period of time. His greatest takeaways from the competition are experience and creative thinking. “The competition forced me to think outside the box, and my team mates helped me a lot by sharing certain tricks that they saw before”, he further added. The CTF competition taught him to be more flexible in problem-solving and thinking. By doing the CTF competition, he learned substantially about cryptography, where he can extend the mathematics he has learnt in junior college. “There is also a communication dimension (from joining the competition in a group) because it taught me how to explain complex ideas to other people,” Chuen Yang candidly shared. The junior college student is currently preparing for his national examination and will pursue a higher education in mathematics or computer science. Chuen Yang believes some AMS are strong in cybersecurity and hopes the region can further share knowledge and benefit from each other through events like Cyber SEA Games. He also wishes for ASEAN to have an integrated mechanism in enhancing cybersecurity within the region.

Through JAIF, Japan has consistently supported AJCCBC in conducting feasibility study through “ASEAN-Japan Cybersecurity Cooperation Hub (Step 1)”, developing the Centre through “ASEAN-Japan Cybersecurity Capacity Building Centre (Step 2)” and sustaining the capacity development capacities through “ASEAN-Japan Cybersecurity Capacity Building Centre (Step 2-2)”. Step 2-2 of the project is currently ongoing and will be implemented until December 2022.