Efforts to establish effective mechanisms for AI and cybersecurity cooperation in Southeast Asia are underway, yet significant obstacles remain.
ASEAN recently launched its first regional cybersecurity response team. However, ongoing vulnerabilities, rapid technological advancements in artificial intelligence (AI), crippling attacks, and substantial losses to scammers continue to challenge the region’s governments.
According to
Singapore’s Ministry of Defence, cybercrime in Southeast Asia leapt by 82 per cent between 2021 and 2022. In 2023, disruptions at DBS and Citibank data centres affected 2.5 million payment transactions, despite both banks having elaborate
disaster recovery plans. More recently, a 2024 ransomware attack severely impacted
Indonesian government services.
A mounting problem
IBM's X-Force Threat Intelligence Index 2024 found that 85 per cent of global attacks on critical sectors could have been prevented by basic measures like patching and multi-factor authentication - a stark reminder of the importance of awareness.
This was emphasised during a recent session on AI and cybersecurity at the Lee Kuan Yew School of Public Policy’s (LKYSPP’s) Festival of Ideas 2024, where the roles of trust, public awareness, and regional cooperation were spotlighted. “All these things stress the trust that a user has in the system,” said Virpratap Vikram Singh, a research fellow from the International Institute for Strategic Studies (IISS).
“If someone locks you out of your system, you can't do your work. You feel like you can't trust that system,” he continues. “If you can't trust your systems, you start having a problem. If you can't trust the narrative that's being put out, that creates run-off effects, which can have huge consequences.”
Stability, strategies and solutions
Hosting the session, senior research fellow at LKYSPP,
Miguel Alberto Gomez, stated that stability was a key concern, with each new technology introducing further uncertainties: “The big question here is what does [AI and cybersecurity] mean for stability in the region? And how do we manage stability, with these technologies introducing so much uncertainty?”
The Singapore Police reported in their ‘Mid-Year Scams and Cybercrime Brief 2024’ a 16.3 per cent increase in cases reported in H1 2024, with losses reaching a record $385.6million. Scammers are often based outside Singapore, and in 86 percent of cases, persuasion - not hacking or ransomware - is the
most effective tool.
Highlighting the role of bilateral partnerships in promoting responsible cybersecurity practices within the region, the ASEAN Regional Computer Emergency Response Team was launched in October 2024 and will be led by Malaysia for the first two years.
This new emergency response team will be based at the ASEAN-Singapore Cybersecurity Centre of Excellence in Singapore. It provides capacity-building for fellow ASEAN member states, as well as research and training on cyber law and policy as part of the ASEAN Cybersecurity Cooperation Strategy, which seeks to harmonise regional cyber policies.
Equalising security
Several challenges remain as ASEAN member states grapple with varying levels of technological development, cybersecurity capabilities, and regulatory frameworks. Limited enforcement mechanisms exist, as many agreements and initiatives rely on voluntary compliance.
Karryl Trajano, a research fellow at the S. Rajaratnam School of International Studies (RSIS), highlighted the importance of public awareness in cybersecurity to defend against attacks. “In cognitive warfare, bad actors and rogue states can get into the cognition of people, […] we are now fighting in a domain where behaviour manipulation is possible on a massive scale,” Dr Trajano said. “We need to closely monitor public sentiment, public trust, (and) public perceptions to understand the daily narratives and identify disinformation.”
At the same session, Singapore’s Deputy Director of International Security and Emerging Technologies at the Ministry of Defence, Meng Shuen Chua, emphasised that a common understanding of rapidly developing capabilities in AI and cybersecurity would provide a “much more flexible way for us to appreciate what are the dangers and the boundaries that guide ethical behaviour.”
“
More than ever, multilateralism is needed. Nations must come together and identify the common principles of AI and cybersecurity that should guide global behaviour and protocols. Just as there are boundaries on the use of power, we must also set boundaries around the use of artificial intelligence,” he said.