This public, 90-minute session examined the prevalence of cyber threats in the Indo-Pacific region based on some of the high-profile cyber-attacks and data leaks, as well as advanced persistent threat campaigns. It assessed the growing prominence of information warfare, especially in the current pandemic. The session highlighted the most common tactics, techniques and procedures used by malicious actors, and the countermeasures that governments and the private sector have undertaken to fortify their cyber defenses in the emerging data-driven economy. This session then examined the role played by the US and Singapore in enhancing regional cybersecurity as well as clarify the points of convergence and divergence between Singapore and the US to improve future cooperation.

1. Cyber
Threats and
Cooperation
in the
Indo Pacific
Benjamin Ang
Senior Fellow, Cyber and
Homeland Defence /
Deputy Head, Centre of Excellence
for National Security (CENS)
S Rajaratnam School of
International Studies (RSIS)
Nanyang Technological University
Singapore
Twitter @benjaminang

2. Cyber threats in the
Indo-Pacific region
1. High-profile cyber-attacks and data leaks and
Advanced Persistent Threat campaigns
2. Information warfare tactics and countermeasures
3. Singapore’s role in enhancing regional cybersecurity
4. Convergence and divergence between Singapore
and the US

3. HIGH-PROFILE CYBER-ATTACKS
AND DATA LEAKS AND ADVANCED
PERSISTENT THREAT CAMPAIGNS

4. SingHealth breach
• 1.5 million patients' non-
medical personal data
stolen, incl PM
• “This was a deliberate,
targeted and well-planned
cyberattack. It was not the
work of casual hackers or
criminal gangs … we are
not able to reveal more
because of operational
security reasons.”
• Symantec attributed to APT

5. SingHealth Committee of Inquiry
• 22 days
• 37 witnesses
• 26 written
submissions
• 454-page report

6. The breach was detected by IT staff …

7. … and their manager told them not to
escalate further

8. Why?
What the manager said
• "I thought to myself: 'If I
report the matter, what do
I get?' If I report the
matter, I will simply get
more people chasing me
for more updates. If they
are chasing me for more
updates, I need to be
able to get more
information to provide
them."
What his boss said
• “If a security incident is
declared when it turns out
there is no security
incident, this may look
bad on the person who
made the declaration.”

9. More incidents in ASEAN 2018-2019
• Singapore
– 2,400 MINDEF/ SAF
personnel, by phishing a 3rd
party vendor
• Singapore
– 14,200 people diagnosed
with HIV, taken by ex-lover
of a doctor with access
• Thailand and Vietnam
– Toyota customer data, no
details given
• Philippines
– 82,150 customers of
Wendy’s
• Philippines
– 900,000 customers of
pawnshop Cebuana
• Thailand
– 45,000 customers of True
Corp mobile
• Malaysia
– 46 million mobile
subscribers’ data
» [source: CSO Online]

10. APTs and their targets in Asia
APT Target countries Target entities
FunnyDream (C) Malaysia, Philippines,
Thailand, Vietnam
High-level government
organisations; political parties
Platinum Indonesia, Malaysia,
Vietnam
Diplomatic and government
entities
Cycldek (C) Laos, Philippines, Thailand,
Vietnam
Government, defence, and energy
sectors
HoneyMyte Myanmar, Singapore,
Vietnam
Government organisations
Finspy Indonesia, Myanmar,
Vietnam
Individuals
PhantomLance Indonesia, Malaysia,
Vietnam
Entities
Zebrocy (R) Malaysia, Thailand Entities [source: Kaspersky]

11. INFORMATION WARFARE TACTICS
AND COUNTERMEASURES

12. Allegations of info ops
and foreign interference
• Facebook took down accounts from Iran, Israeli
company targeting SE Asia, and Russian campaign
targeting Thailand (2019)
• China accused US of supporting Hong Kong
protesters (2019)
• Australia accused China of influencing
businessmen, politicians, educational institutions
(2019)
• Taiwan briefed on China campaign to interfere with
elections (2018)
• Reuters reported China Radio International backed
33 stations (2015)

13. Operation Naval Gazing
(Philippines, 2020)
• Facebook announced it
took down a Chinese
disinformation campaign of
155 accounts, 11 pages,
nine groups and six
Instagram accounts with an
audience of at least
130,000 followers
• Generated millions of digital
interactions by promoting
politicians favorable to
China, including President
Rodrigo Duterte

14. Allegations of domestic info ops
• Indonesia’s political
parties use ‘buzzers’
on social media
• Philippines journalists
in conflict with
government – arrest
of Rappler editor
• Singapore – spike in
anonymous online
criticism during 2018
dispute with Malaysia

15. RSIS Framework for Countermeasures
(1) Understand the
Adversary’s objectives
(2) Assess the Defender’s
vulnerabilities
(3) Set clear goals for the
countermeasures
(4) Set up a task force for
strategic response
(5) Counter specific tactics
where needed

16. Some countermeasures and concerns
Countermeasure Concern
Restricting foreign funding of
political parties, politicians,
NGOs(?), edu institutions(?)
Suppression of criticism?
Education on critical thinking Mobile only populations?
Legislation Suppression of criticism?
Fact checkers Independence?
Self-policing by tech platforms Will they do enough?
Whose standards do they
follow?

17. SINGAPORE’S ROLE IN ENHANCING
REGIONAL CYBERSECURITY

18. Strengthen international partnerships
• Sign bilateral MOU’s
with Canada, France,
India, NL, USA etc
• Build capacity in
ASEAN with S$10m
(US$7.3m)
ASEAN Cyber
Capacity fund,
upgraded to S$30
million (US$21.9m)
4

19. Why build capacity in ASEAN?
• ASEAN needs Cyberspace, because Digital
Transformation can bring economic progress for all
Member States
• BUT Member States have different levels of cyber
maturity – see the ASPI and EU Cyber Direct reports
on Cyber Maturity in Asia Pacific region
• AND cyber attackers will attack ASEAN through the
weakest Member States e.g. through the ASEAN
Smart City Network

20. ASEAN Ministers Cybersecurity
Conference (AMCC) agreed …
• 2016: Agreed on value of
practical cybersecurity norms
of behaviour in ASEAN
• 2017: Supported development
of basic, operational and
voluntary norms
• 2018: Singapore would
propose a mechanism to
enhance ASEAN cyber
coordination
• 2019: Agreed to move forward
on a formal cybersecurity
coordination mechanism

21. 2020 AMCC announced:
• Singapore + United
Nations will draw up a
checklist of steps to
implement cyber norms
• e.g. legal frameworks
and sharing networks
• ASEAN will share its
experience and
knowledge with the UN

22. What next for ASEAN?
Capacity Building
Programmes
• ASEAN-Singapore Cyber
Centre of Excellence
• ASEAN-Japan
Cybersecurity Capacity
Building Centre in
Thailand
Confidence Building
Measures
• Joint training between
Member States to
improve communication
• Sharing cyber threat
information (between
CERTS)
• Contact list

23. Convergence and divergence between
Singapore and the US
Convergence
• Commitment to rules
based world order in
cyberspace – see
UNGGE and UNOEWG
• Bilateral MOU for
cooperation in
cybersecurity
• Top 5 trading partner
Divergence
• No US Ambassador since
2017
• Bilateral Trade between
China and Singapore:
S$135 billion (USD 100
billion) (top trading
partner)

24. Cyber
Threats and
Cooperation
in the
Indo Pacific
Benjamin Ang
Senior Fellow, Cyber and
Homeland Defence /
Deputy Head, Centre of Excellence
for National Security (CENS)
S Rajaratnam School of
International Studies (RSIS)
Nanyang Technological University
Singapore
Twitter @benjaminang