MISSION STATEMENT

CYBERSECURITY BUSINESS DEVELOPMENT MISSION TO

SINGAPORE & MALAYSIA

Date: Sept 30 – Oct 4, 2019
(to coincide with the Singapore International Cyber Week (SICW))

Mission Description

The purpose of the mission is to introduce U.S. firms and trade associations to Southeast Asia’s information and communication technology (ICT) security and critical infrastructure protection markets and to assist U.S. companies to find business partners to export their products and services to the region.

The mission is intended to include representatives from U.S. companies and U.S. trade associations with members that provide cybersecurity and critical infrastructure protection products and services.

The mission will visit Singapore and Malaysia where U.S. firms will have opportunities to develop their businesses in both markets.

Participating firms will gain market insights, make industry contacts, solidify business strategies, and advance specific projects, with the goal of increasing U.S. exports of products and services to Southeast Asia.

The mission will include customized one-on-one business appointments with pre-screened potential buyers, agents, distributors and joint venture partners; meetings with government officials and industry leaders; and networking events.

Commercial Setting

Cybersecurity ensures realization and control of vital security properties of an organization’s, as well as users’, intellectual, financial, and infrastructure assets against relevant security risks in the cyber environment. In addition, critical physical infrastructure systems (i.e., safety, security, electrical, water, energy, and traffic management systems) essentially interact with, and cannot be separated from, the critical information infrastructure. With the ascending growth and sophistication of cyber-attacks in recent years, strict compliance and unified security packages are in demand to protect the critical data, infrastructure, and safety of governments, military, public utilities, banking, financial services, ports, hospitals, and other businesses. The damaging effects of cyber-threats can be felt on many levels from the business to the individual and can spill over across borders. Therefore, authorities in Southeast Asia, such as Singapore, are currently dedicating an increasing amount of resources at the national level, as well as at the private sector level, in order to deal with these complex cyber threats. These resources have been well utilized as is evident from the innovations and demand for cyber defense equipment and service technologies. Recent events and well publicized cyber-attacks in the region have also heightened the importance of improving cybersecurity protection. Governments have made cybersecurity a policy priority, creating task forces and engaging with the United States Government (USG) to improve their defensive capabilities in the cybersecurity area.

Recognizing that national and economic security depends on the reliable functioning of critical infrastructure, the U.S. National Institute of Standards and Technology (NIST) released the Cybersecurity Framework consisting of standards, guidelines, and practices for reducing cyber risks to critical infrastructure in February 2014. The Framework, created through collaboration between industry and government, consists of standards, guidelines, and practices to promote the protection of critical infrastructure. The prioritized, flexible, repeatable, and cost-effective approach of the Framework helps owners and operators of critical infrastructure to manage cybersecurity-related risk.

While the Framework was created in the United States, it provides important standards that have been adopted by industries across the globe and lays the groundwork by which governments have formulated their own framework. Private sector stakeholders have made it clear that the global alignment of cyber security protocol is important to avoid confusion and duplication of effort, or even conflicting expectations in the global business environment. These needs have been reiterated by multi-national organizations. Many countries in Southeast Asia are currently considering adopting an approach that is compatible with the framework established by NIST. NIST has been holding discussions with several nations across the Southeast Asia region, such Singapore, making noteworthy internationalization progress in the cybersecurity field. The potential adoption of important sections of NIST’s Framework by industries such as healthcare, financial and critical infrastructure sectors across Southeast Asia can facilitate convergence, adoption and internationalization of a common set of IT operation and security controls, which provides market access opportunities in Singapore to U.S. firms with cyber security expertise and solutions.

Singapore

A report from A.T. Kearney recognized that the Association of Southeast Asian Nations (ASEAN) needs to significantly increase their spending on cybersecurity to protect the bloc’s growing digital economy1. It further stated that the 10-member bloc needs to spend about $171 billion collectively on cybersecurity between 2017 and 2025. If they do not, it can potentially cost the top 1,000 companies in ASEAN about $750 billion in market capitalization. In 2017, countries were estimated to have spent an average of 0.13% of their GDP on cybersecurity. However, the ASEAN as a bloc only collectively spent 0.06%, or $1.9 billion, of their GDP. Singapore was the only country in the region that spent more than the global average at 0.22% of its GDP.

Cybercrime is on the rise throughout Southeast Asia, with the region’s rapid development in terms of digital technologies making it a prime target for cybercriminals2. This risk is heightened as ASEAN member countries become more integrated via trade, capital flow and connectivity. According to the Asia Pacific Risk Centre, the global cost of data breaches is projected to reach US$2.1 trillion by 2019.

The frequency and gravity of cyber-attacks has prompted the Singaporean government to finalize its cybersecurity strategy. Their Cybersecurity Act will apply to organizations that are designated as operating ‘critical information infrastructure’ (CII) in Singapore3. Many organizations in energy, telecoms, water, health, banking, transport and media sectors could be impacted. There will be a number of requirements that CII owners will be subject to under this Act. These include a duty to report certain cybersecurity incidents to the commissioner of cybersecurity, and to disclose certain information to the commissioner regarding its CII, including on the “design, configuration and security” of that infrastructure. Additionally, CII owners could be subject to investigations from Singapore authorities regarding cybersecurity threats or incidents and forced to take remedial action where deficiencies in security measures are found. CII owners will also need to undertake periodic cybersecurity audits and risk assessments and could be further required to adhere to codes of practice or standards that the commissioner of cybersecurity has the power to issue under the new Act. With this new first dedicated cybersecurity framework in Singapore, it will bring demand for cybersecurity infrastructure that abides by these new requirements.

Singapore is one of the leading countries in the Association of Southeast Asian Nations region to act on the growing need for cybersecurity4. Singapore has established a fund of SGD 190 million for spending on cybersecurity research over the period from 2015 to 2020. The focus is on developing products which are easy to use, intuitive as well as secure by design. Security in an IoT environment is another major area of focus.

When announcing the Smart Nation initiative in September 2017, Singapore Prime Minister Lee Hsien Loong stressed the importance of cyber security being a central part of Singapore’s smart nation ecosystem which incorporates cyber security into nascent areas such as the Internet of Things (“IoT”) underpinning Singapore’s Smart Nation ambition5. A pillar of Singapore’s cybersecurity is to use the country’s status as an economic hub to attract world-class cybersecurity companies to base advanced operations, engineering, and research and development activities in Singapore. This increases the need for cutting-edge cybersecurity capabilities, infrastructure, and career pathways.

Singapore has been active in coordinating cybersecurity cooperation by organizing the annual ASEAN Ministerial Conference on Cybersecurity, the second of which was held in September 2017 in conjunction with Singapore’s International Cyber Week. Singapore has also codeveloped the ASEAN Cyber Capacity Program, an initiative to build capabilities across the region through tailored training programs, public-private partnerships, and discussions on policy and legislation. Since Singapore is one of the best ICT infrastructures in the world, it is therefore an ideal market for U.S. firms that seek to test cutting-edge cybersecurity technologies before deployment in other markets.

Other Products and Services

The foregoing analysis of the cybersecurity opportunities in Singapore is not intended to be exhaustive, but illustrative of the many opportunities available to U.S. businesses. Applications from companies selling products or services within the scope of this mission, but not specifically identified, will be considered and evaluated by the U.S. Department of Commerce. Companies whose products or services do not fit the scope of the mission may contact their local U.S. Export Assistance Center (USEAC) to learn about other business development missions and services that may provide more targeted export opportunities. Companies may call 1-800-872-8723, or go to http://help.export.gov/ to obtain such information. This information also may be found on the website: http://www.export.gov.

Malaysia

Cybersecurity is identified as a foundational safety net for the ICT sector and across all industries. Frost & Sullivan reported that the potential economic loss in Malaysia due to cybersecurity incidents is estimated US $12.2 billion. This is more than 4% of Malaysia’s total GDP of US$296 billion.6

The Malaysia government’s cybersecurity strategy aims to tackle the constant cyberthreats that follow the country’s digital transformation. To protect its industries, especially the banking sector, the government is actively scouting for cybersecurity solutions, advanced technologies and foreign expertise in the field in efforts to create a safer cyberspace. Malaysia's cybersecurity is third best globally and is ranked third among 193 countries in terms of its commitment to cybersecurity, according to the Global Cybersecurity Index (GCI) 2018.6 This is representative of Malaysia’s increased efforts in combating cyber-attacks. It is also reported that Malaysia’s creation of the Information Security Certification Body, a department in Cyber Security Malaysia, is one of the main reasons for its success in cybersecurity. Cyber Security Malaysia was launched in 2007 under the mandate of creating and sustaining a global cyberspace that is safe and conducive to wealth creation. Cyber Security Malaysia has been recognized for its security and innovation by being granted the Malaysia Trustmark for Private Sector, which proves the validity of an organization that is involved in e-business.

Last year, Malaysia underwent a change in political leadership. The United States Embassy has been meeting with all the high-level officials including the Central Bank (Bank Negara) on data localization and cyber security talks. Forums have been set for the private sector to meet with the public sector for cyber talks to set up fair policies.

MISSION GOALS

The purpose of this trade mission is to introduce U.S. firms to the rapidly expanding market for cybersecurity products and services in Southeast Asia. The mission will help participating firms and trade associations to gain market insights, make industry contacts, solidify business strategies, and advance specific projects, with the goal of increasing U.S. exports to Singapore. By participating in an official U.S. industry delegation, rather than traveling to Singapore on their own, U.S. companies will enhance their ability to secure meetings in those countries and gain greater exposure to the region.

MISSION SCENARIO

The business development mission is planned to coincide with the Singapore International Cyber Week (SICW) (https://www.sicw.sg/). The cybersecurity executive service will include one-on-one business appointments with pre-screened potential agents, distributors and joint venture partners; meetings with government officials, trade associations, and business groups; and a networking reception for companies and trade associations representing companies interested in expansion into Southeast Asian markets. Meetings will be offered with government authorities that can address questions about policies, tariff rates, incentives, regulations, projects, etc.

Proposed Timetable: See Tentative Mission Schedule

*Note: The final schedule and potential site visits will depend on the availability of host government and business officials, specific goals of mission participants, and ground transportation.

PARTICIPATION REQUIREMENTS

All parties interested in participating in the trade mission must complete and submit an application package for consideration by the DOC. All applicants will be evaluated on their ability to meet certain conditions and best satisfy the selection criteria as outlined below. A minimum of 15 and maximum of 20 firms and/or trade associations will be selected to participate in the mission from the applicant pool.

FEES AND EXPENSES

After a firm or trade association has been selected to participate on the mission, a payment to the Department of Commerce in the form of a participation fee is required. The participation fee for the Business Development Mission will be $3,850 for small, approximately $6,470 for medium-sized enterprises (SME); and approximately $7,780 for large firms or trade associations. The fee for each additional firm representative (large firm or SME/trade organization) is $870. Expenses for travel, lodging, meals, and incidentals will be the responsibility of each mission participant. Interpreter and driver services can be arranged for additional cost. Delegation members will be able to take advantage of U.S. Embassy rates for hotel rooms.

EXCLUSIONS

The mission fee does not include any personal travel expenses such as lodging, most meals, local ground transportation, and air transportation from the U.S. to the mission sites, between mission sites, and return to the United States. Singapore and Malaysia do not require business visas for U.S. citizens staying less than 90 days. Government fees and processing expenses to obtain such visas are also not included in the mission costs. However, the U.S. Department of Commerce will provide instructions to each participant on the procedures required to obtain necessary business visas.

CONDITIONS FOR PARTICIPATION

An applicant must submit a completed and signed mission application and supplemental application materials, including adequate information on the company’s products and/or services, primary market objectives, and goals for participation to the partner organization, the University of California – Irvine (UCI) Cybersecurity Policy & Research Institute (CPRI). If CPRI receives an incomplete application, CPRI may reject the application, request additional information, or take the lack of information into account when evaluating the applications.

Companies must provide certification that its products and/or services are being manufactured or produced in the United States or, if manufactured/produced outside of the United States, its products and/or services are marketed under the name of a U.S. firm and have U.S. content representing at least 51 percent of the value of the finished good or service. In the case of a trade association or trade organization, the applicant must certify that, for each company to be represented by the trade association or trade organization on the mission, the products and services the represented company seeks to export are either produced in the United States or, if not, marketed under the name of a U.S. firm and have at least fifty-one percent U.S. content.

The following criteria will be evaluated in selecting participants:

Suitability of the company’s (or in the case of a trade association/organization, represented companies’) products or services to the mission goals and the markets to be visited as part of this trade mission.

Company’s (or in the case of a trade association/organization, represented companies’) potential for business in each of the markets to be visited as part of this trade mission.

Consistency of the applicant’s (or in the case of a trade association/organization, represented companies’) goals and objectives with the stated scope of the mission.

Balance of company size and location may also be considered during the review process.

Referrals from political organizations and any documents containing references to partisan political activities (including political contributions) will be removed from an applicant’s submission and not considered during the selection process.

TIMELINE FOR RECRUITMENT AND APPLICATIONS

Mission recruitment will be conducted in an open and public manner, including posting on the Commerce Department trade mission calendar (http://export.gov/trademissions), posting on CPRI’s site, and other Internet web sites, email and social media campaigns to and by industry trade associations and other multiplier groups. Recruitment for the mission will begin immediately and conclude no later than August 1, 2019. All applications received subsequent to an evaluation date will be considered at the next evaluation. Applications received after August 1, 2019 will be considered only if space and scheduling constraints permit.

Contacts

Tatyana Aguirre
International Trade Specialist
U.S. Department of Commerce
Irvine, CA
Tel: 949-660-1410
Tatyana.Aguirre@trade.gov

Sweehoon Chia
Commercial Specialist
U.S. Embassy – Singapore
Sweehoon.Chia@trade.gov

Kisok Kumar
Commercial Assistant
U.S. Embassy – Malaysia
Kisok.Kumar@trade.gov

Bryan Cunningham
Executive Director
UCI Cybersecurity Policy & Research Institute
949-824-2720
b.cunningham@uci.edu

April Sather
CPRI Fellow
Cybersecurity Policy and Research Institute
949.824.2720
aesather@uci.edu

1 https://www.cnbc.com/2018/01/23/asean-need-to-increase-cybersecurity-spending-says-new-report.html

2 https://theaseanpost.com/article/southeast-asias-cybersecurity-emerging-concern

3 https://www.out-law.com/en/articles/2018/february/singapore-finalises-new-cybersecurity-act/

4 http://www.southeast-asia.atkearney.com/documents/766402/15958324/Cybersecurity+in+ASEAN%E2%80%94An+Urgent+Call+to+Action.pdf/ffd3e1ef-d44a-ac3a-9729-22afbec39364

5 https://www.fticonsulting-asia.com/~/media/Files/apac-files/insights/white-papers/singapore-cybersecurity.pdf

6 6 https://news.microsoft.com/en-my/2018/07/12/cybersecurity-threats-to-cost-organizations-in-malaysia-us12-2-billion-in- economic-losses/

https://www.thestar.com.my/news/nation/2017/07/06/malaysia-rank-high-cybersecurity-commitment


  Notice to Visitors!


  The link you have chosen will take you to a non-U.S. Government website.

  If the page does not appear in 5 seconds, please click this: outside web site

  Export.gov is managed by the International Trade Administration and external links are covered by its website  disclaimer statement.


  Notice to Visitors!


  The link you have chosen will take you to a non-U.S. Government website.

  If the page does not appear in 5 seconds, please click this: outside web site

  BuyUSA.gov is managed by the International Trade Administration and external links are covered by its website disclaimer statement.