Insights on Fostering Cyber Expertise in Southeast Asia

In celebration of CyberSecurity Awareness Month in October, the Tech For Good Institute interviewed Allan Salim Cabanlong, Regional Director for Southeast Asia of the Global Forum on Cyber Expertise (GFCE) to share his insights on the intricacies of Southeast Asia as a region is navigating cyber security threats and opportunities.

[TFGI] Tell us about yourself and your role as the Regional Director for Southeast Asia, Global Forum on Cyber Expertise (GFCE). 

I am Allan S. Cabanlong, an ASEAN Engineer and former Assistant Secretary for Cybersecurity at the Department of Information and Communications Technology (DICT) of the Republic of the Philippines. I have dedicated more than 20 years of my career to the field of cybersecurity.

To provide a brief introduction to the Global Forum on Cyber Expertise (GFCE), it is a global community committed to enhancing cyber capacity and expertise through collaborative efforts and innovation.

In my capacity as the Inaugural Regional Director for Southeast Asia within the GFCE, I serve as the representative of the GFCE Secretariat and lead the organisation’s initiatives in the region. This includes the reinforcement of information exchange, oversight of the distribution of GFCE products and best practices, facilitating access to GFCE’s “matchmaking” mechanism, and updating the Cybil Portal (the cyber capacity building knowledge portal).

Another significant responsibility I undertake is leading outreach engagements with GFCE’s four core stakeholder groups. This involves engaging with Southeast Asian forums and organisations, regional and international donors involved in cyber capacity investment projects and programs, and understanding the cyber capacity building needs, ambitions, and challenges of ASEAN member states. Additionally, I engage with regional and international implementers active in cyber capacity building activities across the Southeast Asian region.

Furthermore, I am tasked with providing strategic guidance to ensure the alignment of the ASEAN-Singapore Cybersecurity Center of Excellence (ASCCE) with the work of GFCE. This alignment aims to facilitate increased engagement with regional stakeholders regarding cyber capacity needs by bridging the GFCE community with the ASCCE and ASEAN stakeholders.

At present, my focus is on expanding GFCE’s network within the Southeast Asian region by fostering collaboration and knowledge sharing among countries and stakeholders to enhance cyber resilience in the region.

 

[TFGI] From your perspective, what are the most pressing global cybersecurity needs, and how can Southeast Asia contribute to addressing these challenges? 

Major Southeast Asian countries like Singapore, the Philippines, Malaysia, Indonesia, Thailand, and Vietnam are rapidly undergoing digital transformation and increasing internet usage. However, this also expands the cyber threat landscape, especially for less digitally experienced users, who may become unsuspecting targets for cybercriminals. The cyberthreat landscape continues to evolve globally, and Southeast Asia’s rise as one of the fastest growing digital economies will only attract the attention of those who wish to exploit it.

Southeast Asia can address global cybersecurity challenges in multiple ways:

Building a skilled cybersecurity workforce is crucial for national security and global expertise contribution. By supporting cybersecurity startups, research institutions, and innovation hubs, Southeast Asia can develop cutting-edge solutions benefiting both local communities and the world.

Robust cybersecurity infrastructure is vital alongside digital transformation. Southeast Asia must establish strong cybersecurity protocols in critical sectors like energy, transportation, and healthcare. Raising awareness of cybersecurity best practices is essential, requiring collaboration with civil society and industry.

Cyber threats transcend borders. Southeast Asian nations can actively participate in global initiatives like the Global Forum on Cyber Expertise (GFCE) to share best practices, collaborate on international cybersecurity standards, and promote peaceful behavior in cyberspace through cyber diplomacy efforts.

Effective global measures against cybercrime demand collaboration. Southeast Asia can enhance its legal frameworks, law enforcement capabilities, and cooperate with international agencies to make a valuable contribution to this endeavor.

Thus, investing in secure infrastructure, capacity building, international cooperation, and promoting awareness are essential steps for Southeast Asia to contribute significantly to global cybersecurity. Collaborative efforts with other regions can create a safer digital environment for all. Together, we can make the digital world a safer place.

 

[TFGI] What are some of the unique challenges and opportunities that Southeast Asia faces as a region in cybersecurity? 

The cybersecurity landscape in Southeast Asia is uniquely complex, marked by diverse challenges and opportunities. The region spans a spectrum of economies, from highly developed nations like Singapore to emerging economies like Cambodia and Myanmar. This economic diversity can result in disparities in cybersecurity capabilities and vulnerabilities, with some countries better prepared to counter cyber threats. Additionally, the region’s cultural and linguistic diversity can pose obstacles to regional cooperation and information sharing. Overcoming language barriers and fostering a sense of regional unity is crucial for effective cybersecurity measures.

Regional Cooperation to Bridge Resource Gaps: Disparities in technology and internet accessibility, especially between urban and rural areas, are apparent in the region. This can lead to an uneven distribution of cybersecurity resources that requires attention. As some Southeast Asian countries undergo rapid digital transformation, there is a risk that cybersecurity efforts may lag behind, potentially exposing critical systems and infrastructure to vulnerabilities. Nevertheless, Southeast Asia must bolster its regional cybersecurity cooperation through organisations like ASEAN. Sharing information, best practices, and expertise is pivotal for collectively strengthening the region’s cybersecurity posture. Southeast Asia’s collaborative platforms, like ASEAN’s cybersecurity initiatives, provide valuable lessons for other regions. Here addressing common cybersecurity challenges necessitates building trust and cooperation at a regional level.

Fostering Innovation Adoption: Southeast Asia’s young and tech-savvy population can lead the charge in advancing innovation in cybersecurity. ASEAN should harness the energy of its youth to develop innovative cybersecurity solutions and raise awareness about cybersecurity. Given the region’s economic growth, increased investment in cybersecurity infrastructure, education, and research is imperative. The geographical proximity of many Southeast Asian countries offers opportunities for cross-border collaboration in tackling transnational cyber threats.

Emphasising Tailored Cybersecurity Strategies and Capacity Building: Southeast Asian nations have embraced tailored cybersecurity approaches that cater to their specific needs and challenges. This approach serves as an exemplary model for other regions, emphasisiing the importance of not adopting one-size-fits-all solutions. Southeast Asia has successfully forged public-private partnerships in cybersecurity initiatives, serving as a model for engaging both government and industry in addressing cyber threats. The region has also invested in cybersecurity capacity building, including training programs and awareness campaigns. These efforts can inspire other countries to prioritise cybersecurity education and workforce development.

Southeast Asia’s cybersecurity landscape, shaped by its diversity and rapid development, presents both challenges and opportunities. Regional cooperation, innovation adoption, and context-specific cybersecurity approaches are vital for Southeast Asia’s contribution to the global cybersecurity landscape, offering valuable lessons for other regions facing similar challenges.

 

[TFGI] How is Southeast Asia prepared to tackle AI-driven cyber threats, and what advice can you offer to nations seeking effective risk mitigation?

In Southeast Asia, like many other regions, artificial intelligence (AI) is both a boon and a challenge for cybersecurity. Here’s my advice:

  1. Investing in AI for Cybersecurity: Southeast Asian nations must acknowledge the opportunities and challenges AI presents in cybersecurity. To harness its potential, investing in AI talent and fostering a thriving community of experts is essential. Utilising AI-powered cybersecurity tools for threat detection, incident response, and risk assessment is crucial. This involves supporting educational programs, research collaborations with academia, and partnerships with private enterprises.
  2. Promoting Cooperative Ecosystems: To fortify defenses against AI-driven cyber threats, Southeast Asian countries should cultivate cooperative relationships between government entities, private enterprises, and academia through public-private partnerships. This collaborative approach includes sharing threat intelligence, best practices, and resources. Platforms like ASEAN can facilitate these exchanges. Simultaneously, it’s vital to establish adaptive cybersecurity guidelines capable of countering evolving AI-driven threats while safeguarding personal and sensitive data through robust data protection laws.
  3. Guiding Ethical AI Use: Recognising AI’s dual nature, Southeast Asian countries should establish and adhere to ethical AI guidelines. The forthcoming “ASEAN Guide on AI Governance and Ethics,” set to release in early 2024, represents significant progress in this regard. Regular evaluation of AI-powered cybersecurity measures and adaptive strategies is essential to stay ahead of evolving threats and prevent malicious activities.
  4. Emphasising Cyber Threat Intelligence: Prioritising the acquisition and dissemination of cyber threat intelligence, both locally and globally, is essential for Southeast Asian nations. Establishing partnerships and building trust with international cybersecurity organisations are key to staying ahead of emerging threats. To make valuable contributions to countering AI-based risks, active engagement in global forums and organisations focusing on AI and cybersecurity, such as the United Nations and international standards bodies, is necessary.
  5. Educating and Training: Users play a pivotal role in cybersecurity as it only takes one to be the weakest link, so integrating cybersecurity education and training programs into the curriculum and continuing education initiatives is imperative to cultivate a skilled workforce capable of defending against AI-powered cyber threats.  Here the promotion of good cyber hygiene practices, such as software updates, strong passwords, and phishing awareness, is crucial.

Overall, it is  important to recognise that AI can be used positively or negatively, depending on the user. Therefore, instead of fearing AI, we should focus on preempting AI-driven cyber threats and working together effectively to counter them. AI is akin to a double-edged sword, and by implementing these strategies, Southeast Asia can better navigate the cybersecurity landscape. 

 

About the Global Forum on Cyber Expertise (GFCE) 

The Global Forum on Cyber Expertise (GFCE) is a diverse community of over 180 members and partners from around the world, working to enhance global cyber capacity and expertise. It serves as a practical and adaptable platform for international collaboration, aiming to reduce duplication of efforts and create an open, free, peaceful, and secure digital world.

GFCE members include governments, international organisations, NGOs, civil society, private companies, the technical community, and academia. It uses various tools and initiatives to achieve its goals, including:

  • Working groups on cybersecurity policy, strategy, crime, standards, incident management, critical infrastructure protection, and culture and skills
  • The Cybil Knowledge Portal, a repository of cyber capacity building resources
  • The Clearing House function, which matches cyber capacity needs with support
  • The Global CCB Research Agenda, which identifies and fills knowledge gaps
  • Practical GFCE initiatives, such as training programs and conferences

In 2017, the GFCE community endorsed the Delhi Communiqué, which prioritises five themes for global cyber capacity building. The Communiqué has been endorsed by all GFCE members and reaffirms their shared commitment to strengthening cyber capacity and expertise globally.

GFCE has four regional hubs (Africa, Latin America, Pacific, and Southeast Asia) and a secretariat in The Hague, Netherlands.

Download Report

Download Report

Latest Updates

Latest Updates​

Keep pace with the digital pulse of Southeast Asia!

Never miss an update or event!

Mouna Aouri

Programme Fellow

Mouna Aouri is an Institute Fellow at the Tech For Good Institute. As a social entrepreneur, impact investor, and engineer, her experience spans over two decades in the MENA region, South East Asia, and Japan. She is founder of Woomentum, a Singapore-based platform dedicated to supporting women entrepreneurs in APAC through skill development and access to growth capital through strategic collaborations with corporate entities, investors and government partners.

Dr Ming Tan

Founding Executive Director

Dr Ming Tan is founding Executive Director for the Tech for Good Institute, a non-profit founded to catalyse research and collaboration on social, economic and policy trends accelerated by the digital economy in Southeast Asia. She is concurrently a Senior Fellow at the Centre for Governance and Sustainability at the National University of Singapore and Advisor to the Founder of the COMO Group, a Singaporean portfolio of lifestyle companies operating in 15 countries worldwide.  Her research interests lie at the intersection of technology, business and society, including sustainability and innovation.

 

Ming was previously Managing Director of IPOS International, part of the Intellectual Property Office of Singapore, which supports Singapore’s future growth as a global innovation hub for intellectual property creation, commercialisation and management. Prior to joining the public sector, she was Head of Stewardship of the COMO Group and the founding Executive Director of COMO Foundation, a grantmaker focused on gender equity that has served over 47 million women and girls since 2003.

 

As a company director, she lends brand and strategic guidance to several companies within the COMO Group. Ming also serves as a Council Member of the Council for Board Diversity, on the boards of COMO Foundation and Singapore Network Information Centre (SGNIC), and on the Digital and Technology Advisory Panel for Esplanade–Theatres on the Bay, Singapore’s national performing arts centre.

 

In the non-profit, educational and government spheres, Ming is a director of COMO Foundation and Singapore Network Information Centre (SGNIC) and chairs the Asia Advisory board for Swiss hospitality business and management school EHL. She also serves on  the Council for Board Diversity and the Digital and Technology Advisory Panel for Esplanade–Theatres on the Bay, Singapore’s national performing arts centre.

 

Ming was educated in Singapore, the United States, and England. She obtained her bachelor’s and master’s degrees from Stanford University and her doctorate from Oxford.