[TFGI] Tell us about yourself and your role as the Regional Director for Southeast Asia, Global Forum on Cyber Expertise (GFCE).
I am Allan S. Cabanlong, an ASEAN Engineer and former Assistant Secretary for Cybersecurity at the Department of Information and Communications Technology (DICT) of the Republic of the Philippines. I have dedicated more than 20 years of my career to the field of cybersecurity.
To provide a brief introduction to the Global Forum on Cyber Expertise (GFCE), it is a global community committed to enhancing cyber capacity and expertise through collaborative efforts and innovation.
In my capacity as the Inaugural Regional Director for Southeast Asia within the GFCE, I serve as the representative of the GFCE Secretariat and lead the organisation’s initiatives in the region. This includes the reinforcement of information exchange, oversight of the distribution of GFCE products and best practices, facilitating access to GFCE’s “matchmaking” mechanism, and updating the Cybil Portal (the cyber capacity building knowledge portal).
Another significant responsibility I undertake is leading outreach engagements with GFCE’s four core stakeholder groups. This involves engaging with Southeast Asian forums and organisations, regional and international donors involved in cyber capacity investment projects and programs, and understanding the cyber capacity building needs, ambitions, and challenges of ASEAN member states. Additionally, I engage with regional and international implementers active in cyber capacity building activities across the Southeast Asian region.
Furthermore, I am tasked with providing strategic guidance to ensure the alignment of the ASEAN-Singapore Cybersecurity Center of Excellence (ASCCE) with the work of GFCE. This alignment aims to facilitate increased engagement with regional stakeholders regarding cyber capacity needs by bridging the GFCE community with the ASCCE and ASEAN stakeholders.
At present, my focus is on expanding GFCE’s network within the Southeast Asian region by fostering collaboration and knowledge sharing among countries and stakeholders to enhance cyber resilience in the region.
[TFGI] From your perspective, what are the most pressing global cybersecurity needs, and how can Southeast Asia contribute to addressing these challenges?
Major Southeast Asian countries like Singapore, the Philippines, Malaysia, Indonesia, Thailand, and Vietnam are rapidly undergoing digital transformation and increasing internet usage. However, this also expands the cyber threat landscape, especially for less digitally experienced users, who may become unsuspecting targets for cybercriminals. The cyberthreat landscape continues to evolve globally, and Southeast Asia’s rise as one of the fastest growing digital economies will only attract the attention of those who wish to exploit it.
Southeast Asia can address global cybersecurity challenges in multiple ways:
Robust cybersecurity infrastructure is vital alongside digital transformation. Southeast Asia must establish strong cybersecurity protocols in critical sectors like energy, transportation, and healthcare. Raising awareness of cybersecurity best practices is essential, requiring collaboration with civil society and industry.
Cyber threats transcend borders. Southeast Asian nations can actively participate in global initiatives like the Global Forum on Cyber Expertise (GFCE) to share best practices, collaborate on international cybersecurity standards, and promote peaceful behavior in cyberspace through cyber diplomacy efforts.
Effective global measures against cybercrime demand collaboration. Southeast Asia can enhance its legal frameworks, law enforcement capabilities, and cooperate with international agencies to make a valuable contribution to this endeavor.
Thus, investing in secure infrastructure, capacity building, international cooperation, and promoting awareness are essential steps for Southeast Asia to contribute significantly to global cybersecurity. Collaborative efforts with other regions can create a safer digital environment for all. Together, we can make the digital world a safer place.
[TFGI] What are some of the unique challenges and opportunities that Southeast Asia faces as a region in cybersecurity?
The cybersecurity landscape in Southeast Asia is uniquely complex, marked by diverse challenges and opportunities. The region spans a spectrum of economies, from highly developed nations like Singapore to emerging economies like Cambodia and Myanmar. This economic diversity can result in disparities in cybersecurity capabilities and vulnerabilities, with some countries better prepared to counter cyber threats. Additionally, the region’s cultural and linguistic diversity can pose obstacles to regional cooperation and information sharing. Overcoming language barriers and fostering a sense of regional unity is crucial for effective cybersecurity measures.
Regional Cooperation to Bridge Resource Gaps: Disparities in technology and internet accessibility, especially between urban and rural areas, are apparent in the region. This can lead to an uneven distribution of cybersecurity resources that requires attention. As some Southeast Asian countries undergo rapid digital transformation, there is a risk that cybersecurity efforts may lag behind, potentially exposing critical systems and infrastructure to vulnerabilities. Nevertheless, Southeast Asia must bolster its regional cybersecurity cooperation through organisations like ASEAN. Sharing information, best practices, and expertise is pivotal for collectively strengthening the region’s cybersecurity posture. Southeast Asia’s collaborative platforms, like ASEAN’s cybersecurity initiatives, provide valuable lessons for other regions. Here addressing common cybersecurity challenges necessitates building trust and cooperation at a regional level.
Fostering Innovation Adoption: Southeast Asia’s young and tech-savvy population can lead the charge in advancing innovation in cybersecurity. ASEAN should harness the energy of its youth to develop innovative cybersecurity solutions and raise awareness about cybersecurity. Given the region’s economic growth, increased investment in cybersecurity infrastructure, education, and research is imperative. The geographical proximity of many Southeast Asian countries offers opportunities for cross-border collaboration in tackling transnational cyber threats.
Emphasising Tailored Cybersecurity Strategies and Capacity Building: Southeast Asian nations have embraced tailored cybersecurity approaches that cater to their specific needs and challenges. This approach serves as an exemplary model for other regions, emphasisiing the importance of not adopting one-size-fits-all solutions. Southeast Asia has successfully forged public-private partnerships in cybersecurity initiatives, serving as a model for engaging both government and industry in addressing cyber threats. The region has also invested in cybersecurity capacity building, including training programs and awareness campaigns. These efforts can inspire other countries to prioritise cybersecurity education and workforce development.
Southeast Asia’s cybersecurity landscape, shaped by its diversity and rapid development, presents both challenges and opportunities. Regional cooperation, innovation adoption, and context-specific cybersecurity approaches are vital for Southeast Asia’s contribution to the global cybersecurity landscape, offering valuable lessons for other regions facing similar challenges.
[TFGI] How is Southeast Asia prepared to tackle AI-driven cyber threats, and what advice can you offer to nations seeking effective risk mitigation?
In Southeast Asia, like many other regions, artificial intelligence (AI) is both a boon and a challenge for cybersecurity. Here’s my advice:
- Investing in AI for Cybersecurity: Southeast Asian nations must acknowledge the opportunities and challenges AI presents in cybersecurity. To harness its potential, investing in AI talent and fostering a thriving community of experts is essential. Utilising AI-powered cybersecurity tools for threat detection, incident response, and risk assessment is crucial. This involves supporting educational programs, research collaborations with academia, and partnerships with private enterprises.
- Promoting Cooperative Ecosystems: To fortify defenses against AI-driven cyber threats, Southeast Asian countries should cultivate cooperative relationships between government entities, private enterprises, and academia through public-private partnerships. This collaborative approach includes sharing threat intelligence, best practices, and resources. Platforms like ASEAN can facilitate these exchanges. Simultaneously, it’s vital to establish adaptive cybersecurity guidelines capable of countering evolving AI-driven threats while safeguarding personal and sensitive data through robust data protection laws.
- Guiding Ethical AI Use: Recognising AI’s dual nature, Southeast Asian countries should establish and adhere to ethical AI guidelines. The forthcoming “ASEAN Guide on AI Governance and Ethics,” set to release in early 2024, represents significant progress in this regard. Regular evaluation of AI-powered cybersecurity measures and adaptive strategies is essential to stay ahead of evolving threats and prevent malicious activities.
- Emphasising Cyber Threat Intelligence: Prioritising the acquisition and dissemination of cyber threat intelligence, both locally and globally, is essential for Southeast Asian nations. Establishing partnerships and building trust with international cybersecurity organisations are key to staying ahead of emerging threats. To make valuable contributions to countering AI-based risks, active engagement in global forums and organisations focusing on AI and cybersecurity, such as the United Nations and international standards bodies, is necessary.
- Educating and Training: Users play a pivotal role in cybersecurity as it only takes one to be the weakest link, so integrating cybersecurity education and training programs into the curriculum and continuing education initiatives is imperative to cultivate a skilled workforce capable of defending against AI-powered cyber threats. Here the promotion of good cyber hygiene practices, such as software updates, strong passwords, and phishing awareness, is crucial.
Overall, it is important to recognise that AI can be used positively or negatively, depending on the user. Therefore, instead of fearing AI, we should focus on preempting AI-driven cyber threats and working together effectively to counter them. AI is akin to a double-edged sword, and by implementing these strategies, Southeast Asia can better navigate the cybersecurity landscape.
About the Global Forum on Cyber Expertise (GFCE)
The Global Forum on Cyber Expertise (GFCE) is a diverse community of over 180 members and partners from around the world, working to enhance global cyber capacity and expertise. It serves as a practical and adaptable platform for international collaboration, aiming to reduce duplication of efforts and create an open, free, peaceful, and secure digital world.
GFCE members include governments, international organisations, NGOs, civil society, private companies, the technical community, and academia. It uses various tools and initiatives to achieve its goals, including:
- Working groups on cybersecurity policy, strategy, crime, standards, incident management, critical infrastructure protection, and culture and skills
- The Cybil Knowledge Portal, a repository of cyber capacity building resources
- The Clearing House function, which matches cyber capacity needs with support
- The Global CCB Research Agenda, which identifies and fills knowledge gaps
- Practical GFCE initiatives, such as training programs and conferences
In 2017, the GFCE community endorsed the Delhi Communiqué, which prioritises five themes for global cyber capacity building. The Communiqué has been endorsed by all GFCE members and reaffirms their shared commitment to strengthening cyber capacity and expertise globally.
GFCE has four regional hubs (Africa, Latin America, Pacific, and Southeast Asia) and a secretariat in The Hague, Netherlands.