Strengthening our cyber defences

Singapore's weapon: cyber diplomacy

Republic taking the lead in cybercrime war by building alliances regionally and globally

Visitors at the official opening of the inaugural Singapore International Cyber Week held at the Suntec City Convention Centre on Oct 10, 2016. ST PHOTO: ALPHONSUS CHERN

What more can Singapore do in a digital world where dependence on technology trades security for greater efficiency and connectivity?

With more countries using technology as a component of military response, the first thing to do is to treat the threat as seriously as a conventional one.

To that end, Singapore has been deploying "cyber diplomacy" - building alliances with other countries, both to swop expertise, such as the latest in attack methods, and to regularly exercise and test its defences.

Singapore's Cyber Security Agency (CSA) has signed bilateral cyber agreements with five countries: France, the United Kingdom, India, the Netherlands and the United States.

The agreement with the US, signed in August, is the first cyber agreement between an Asean nation and the US. This opens the door to regular exchanges on cyber issues and effectively gives Singapore a voice when the larger countries try to shape global cyber norms, say experts.

"While Singapore benefits from accessing knowledge about cyber threats and mitigation responses from the US, Washington will equally gain deeper insights into the cyber threats experienced by Singapore and potentially the South-east Asian region," says US Army Lieutenant-Colonel Harry Hung, a visiting fellow with the S. Rajaratnam School of International Studies.

BUILDING ON OUR ASSETS

This and other recent efforts by the government show a cyber security approach that looks to leverage on the island's reputation as a global hub and a valued intermediary.

At the launch on Oct 10 of Singapore's cyber security strategy, a comprehensive document which maps the country's long-term approach to the issue, Prime Minister Lee Hsien Loong said the Government is sparing no effort to build a sizeable workforce of industry professionals here (See story on B4).

The four prongs of the strategy involve strengthening cyber defence of the country's critical infrastructure, developing a vibrant cyber security ecosystem by educating businesses and individuals, creating jobs by developing cyber security talent; and building international partnerships to better respond to cyber threats.

This means the republic wants to work closely with Asean countries to jointly secure the region's Internet space, an ambitious undertaking, given the uneven level of development across the 10 member states.

Singapore has put its money where its mouth is: At the first official gathering of Asean ministers in charge of cyber security, held a day after the launch of Singapore's strategy document, Minister in charge of Cyber Security Yaacob Ibrahim launched a $10 million fund to assist fellow Asean countries in building their cyber threat response capabilities.

Besides helping to train technical professionals in neighbouring countries, the funds will be used to train policymakers, prosecutors and other officials to help these countries formulate their cyber policies, says CSA chief executive David Koh.

This is long-term thinking: With Asean countries building their fibre networks and the region becoming more connected, cooperation is necessary so that no Asean member becomes the "weak link" that makes the community vulnerable, said Dr Yaacob.

"What we want to do is ensure that all the Asean member states pay attention so that they don't become that weakest link," he said.

The money will also go towards organising an annual Singapore International Cyber Week (SICW), the first edition of which closed on Oct 12, having drawn 5,000 attendees from almost 50 countries.

They included more than 100 experts in the field from governments, the private sector and academia, such as the United States Department of State's Coordinator for Cyber Issues, the United Kingdom's Cyber Ambassador and the Director-General of China's Bureau of Cybersecurity Coordination and Administration.

Dr Yaacob also hosted a number of bilateral meetings with key Asean cyber security principals on the sidelines of SICW.

THE PARTNER APPROACH

This is something Singapore has done well in the past: Identify a niche where there are few platforms for countries to meet and discuss an issue of growing importance, then become the pre-eminent forum for leaders to come together, in big groups and private sessions, to tackle thorny issues.

It is a model learnt from the Shangri-La Dialogue - an annual defence forum that attracts high-ranking military and political officials here from every country, and one of the world's top security gatherings.

Together with the annual Asean Cert Incident Drill, organised by CSA and into its 11th edition, the plan is for Singapore to "start the conversation" and to be useful to the region and the world as a hub for cyber security cooperation, says Mr Koh.

"Our perspective is cyber security is a team sport: no one country can do it by itself, and that's why Singapore is partnering with the other Asean member states," he says.

And in the same way that regional forums have given the collection of small states that is Asean a bigger voice in global matters, Singapore is hoping to take the lead in shaping the ongoing global conversation on acceptable behaviour in cyberspace.

"The world is shaping cyber norms, and we agree that we must have norms in cyberspace," said Dr Yaacob. "But how those norms are applicable to our region is something which we have to understand ourselves before they're being imposed by others."

But to become a global heavyweight in cyber matters, Singapore has to keep its own house in order.

This is where the remaining three prongs of the national cyber security strategy come in.

The strategy document lays out a plan to harden the republic's cyber defences, especially for critical infrastructure such as utilities and emergency services, and includes a new law to be introduced next year that will compel such operators to secure their systems and report breaches to the Government in a timely manner.

It spells out how the Government will step up public education to teach the public safe Internet-use practices to keep their devices clean and to keep the man in the street aware of common online scams.

And it also fleshes out how the Government intends to develop a home-grown cyber security fraternity - through heavy R&D investment, more scholarships for students looking to enter the sector, and opportunities for mid-career professionals in related fields to cross over.

The issue of cyber security is particularly important, given Singapore's push to become the world's first Smart Nation, where a vast array of sensors provide the Government with feedback used to shape policy and the day-to-day living of Singaporeans.

Such sensors also need to be secure, giving further impetus to the push for strong cyber security. For, as Mr Lee put it at the launch of the strategy document: "To be a Smart Nation, we must also be a safe nation."

Join ST's WhatsApp Channel and get the latest news and must-reads.

A version of this article appeared in the print edition of The Sunday Times on October 23, 2016, with the headline Singapore's weapon: cyber diplomacy. Subscribe