Get real about security in the virtual world

The setting-up of the Cyber Security Agency from April - to look after 10 critical sectors, including power, transport and telecommunications - indicates the seriousness with which Singapore is treating cyber threats.

They are a new frontier distinguished from older forms of security threats by the anonymity and the relative low cost of strikes. These allow attackers to believe that they can behave with impunity. Even as technologically advanced societies consolidate their economic activities more closely in the cyber world, the virtual domain has expanded for a range of criminals, from individual malcontents and amorphous groups of hacktivists to criminal syndicates, terrorists and even rogue states.

The international evidence of this threat is telling. The alleged North Korean cyber attack on Sony last year was a form of asymmetric warfare. Carried out by a political entity existing on the margins of the international system, it was symptomatic of acts of hostility which are difficult to punish. No less ominous was the ability of Cyber Caliphate, a group claiming affiliation to the terrorist Islamic State in Iraq and Syria, to attack the social media accounts of the US military's Central Command. Other malicious invasions of cyber privacy, such as the attacks on Microsoft and JPMorgan Chase, provided a raw demonstration of the reach of virtual vandals.

Singapore, which has to date suffered the defacement of government websites, has been lucky to escape a major hit that could compromise key infrastructure. However, it is important to take the warnings sounded in other places seriously. The key issue, as the authorities have said, is to possess the ability of central oversight given how vulnerabilities in one sector affect the entire

ecosystem. Indeed, the greater connectedness of computer systems today is itself a source of vulnerability. The new agency has its work cut out for it in plugging cyber-defence gaps.

A planned telecommunications network, meant solely for public-sector use, will help to shore up security, along with furthering Singapore's smart-nation agenda. On a broader scale, protecting the national cyber infrastructure calls for treating critical sectors as a single system around which a sound security cordon can be thrown.

The new Cyber Security Agency should play a crucial role in providing this defence. Its effectiveness will depend on the degree to which it can get its various stakeholders to cooperate energetically, stay on top of cutting-edge research, and encourage the public to take cyber security ever more seriously. This must be a national effort, like traditional military deterrence along the lines of Total Defence in which everyone has a role to play.