This is Part 3 of a 3 part series. Read Part 1 and Part 2 here.
Singapore recognises that threats to an open, secure, and peaceful cyberspace are increasingly sophisticated, transboundary, and asymmetric. As a small and highly connected State that has been the subject of several cyber-attacks, Singapore is strongly committed to the establishment of an international rules-based order in cyberspace. This will serve as a basis for trust and confidence between the Member States and enable economic and social progress. To reap the full benefits of digital technologies, the international community must develop a secure, trusted, and open cyberspace underpinned by international law.
On a podcast by the Centre for Strategic and International Studies (CSIS), co-hosts Jim Lewis and Chris Painter talked with David Koh, Chief Executive of the Cyber Security Agency of Singapore (CSA). They discussed how interoperable systems and an international rules-based consensus can help boost cybersecurity.
Mr Koh said that Singapore’s Prime Minister Lee Hsien Loong said that no country wants to have to choose sides. Countries have benefited from an open international economic system. Mr Koh added that Singapore has benefited significantly from this global trend by reaping the benefits of free-flowing trade and information, goods, and services. This has resulted in inter-connected supply chains which increases information and data flows. Mr Koh said that the ideal scenario is for countries to work together achieve an open, secure and interoperable internet.
Mr Koh also discussed the fact that Singapore welcomes the establishment of a UN Group of Governmental Experts (GGE) and the decision to convene an Open-Ended Working Group (OEWG). The CSA believes that the work of the GGE and the OEWG can and should be complementary in tackling issues like cyber resiliency. The major players need to promote interoperability and work together, in the spirit of consensus, mutual respect and mutual trust.
At the regional level, Singapore has worked with fellow Member States of the Association of Southeast Asian Nations (ASEAN) to issue the first ASEAN Leaders’ Statement on Cybersecurity Cooperation during the 32nd ASEAN Summit in April 2018. In the Statement, ASEAN Leaders reaffirmed the need for a rules-based international order in cyberspace. They also tasked relevant Ministers to identify a suitable mechanism or platform for coordinating cybersecurity policy, diplomacy, cooperation, technical and capacity building efforts across ASEAN, as well as a concrete list of voluntary, practical norms of State behaviour in cyberspace that ASEAN can also adopt.
At the national level, Singapore has made significant strides in strengthening the cybersecurity of its local systems and networks on three fronts – building resilient infrastructure, creating safer cyberspace, and developing a vibrant cybersecurity ecosystem.
Furthermore, Mr Koh said that to achieve true cyber resilience, there should be accountability and a rules-based international system. One example of an international rules-based framework is the United Nations Convention on the Law of the Sea (UNCLOS), also called the Law of the Sea Convention or the Law of the Sea where countries included in the treaty follow rules and regulations uniformly. Mr Koh said that a framework like the UNCLOS can be applied in cybersecurity to promote a rules-based international order in cyberspace.
Mr Koh said that the major challenge in cyberspace is the fact that the internet was not originally designed with security in mind, which translates to user anonymity. This anonymity may not be ideal especially when it comes to secure banking transactions, financial systems, and cybersecurity as a whole.
Mr Koh believes that accountability should be integrated into trying to achieve cyber resiliency, that is why the CSA is empowering organisations and governments to strengthen their cybersecurity posture, through readily available resources for the former and capacity building efforts for the latter. Mr Koh postulated that reducing anonymity can mitigate threats and crimes in the digital space.