Singapore's cyber security chief says international norms, partnerships are key issues

Mr David Koh, chief executive of the Cyber Security Agency of Singapore, said cybersecurity is an existential issue for the Republic.
Mr David Koh, chief executive of the Cyber Security Agency of Singapore, said cybersecurity is an existential issue for the Republic.ST PHOTO: JASMINE CHOONG

WASHINGTON - Cybersecurity is an existential issue for Singapore, Mr David Koh, chief executive of the Cyber Security Agency of Singapore told the eighth annual International Conference on Cyber Engagement (ICCE) in a keynote address in Washington on April 23.

As a small, connected city-state, Singapore was committed to the rules-based international order and all the more so for cyberspace, he added.

The United Nations remained the best body to evolve the rules, he told the conference hosted by the Atlantic Council's Scowcroft Centre among others.

"Cyberspace should not be any different from the physical domains," Mr Koh said. "For instance, in the maritime domain, there are rules that govern how states should behave, such as through the United Nations Convention on the Law of the Sea."

"Similarly, in the aviation domain, we abide by rules set by the International Civil Aviation Organisation. These rules underpin our modern economies and security."

"We are sharply cognisant that a world where "might makes right" spells disaster for us, and other small states and perhaps middle powers," he said.

"The necessity and logic of developing rules or norms of behaviour in cyberspace is irrefutable. We need to develop such rules or norms expediently, reach an agreement for all states to abide by them, and fully adopt and implement them. The question is how we may get there."

Since 2004, the United Nations has convened six working groups - the UNGGE7 - to move the discussion forward and propose norms of behaviour that states are encouraged to adopt.

"Some in these circles have said that it is challenging for states to agree on consensual positions… and that perhaps the UN is not working the way it should be," Mr Koh said.

 
 
 
 

Singapore's view is that the UN as the only universal, inclusive and multilateral forum, remains the best place to broker an agreement across all states on the rules of the game in cyberspace, he said.

"We are competing at the global level in cybersecurity, and this is not a race that we can win alone," he stressed. "The threats are coming from all over the world, so it compels us to work closely with our regional and international partners."

Singapore sees cybersecurity as a key enabler for its Smart Nation drive. "We should look at cybersecurity like brakes on a car - we can only drive fast if we have good brakes. Without good brakes, how fast would we dare to go?" Mr Koh said.

"Ultimately, cybersecurity fosters trust in the ubiquitous technologies we use today. This trust is the invisible glue that holds our collective digital ambitions together. If we believe that our future prosperity and security will be dependent on the digital realm, then we must reach the conclusion that cybersecurity is an existential issue that undergirds and enables our future way of life."

Globally, this trust has increasingly come under siege from the many data breaches and cyber incidents reported in the past year, including in Singapore.

But the pace and scale of Singapore's digitalisation push will only become more intense under the Smart Nation initiative, which sets out a vision to harness digital and smart technologies to build a future Singapore, Mr Koh told the conference.

"In cyber, we are only as strong as the weakest link. It is important for the public and businesses to be more diligent about protecting their digital lives, assets and data, to improve our collective security in cyberspace," he said.

In 2017, Singapore was the largest foreign exchange centre in the Asia-Pacific Region, and third largest globally after London and New York. The tremors of a cyber-attack on Singapore's financial sector would be immediately felt in New York and London, Mr Koh said.

"Cybersecurity is a team sport, but one in which we face borderless and asymmetrical threats," he added. "The threats are coming from all over the world, so it compels us to work closely with our regional and international partners."

In another keynote address, Amy S. Hess, one of six FBI assistant directors and in effect the agency's cybersecurity chief, said "cyberattacks have become more and more prevalent... in every investigation."

Citing several instances of cyber crime by criminals often working on behalf of nation states, she stressed that "foreign partners are key to efforts against cybercrime."