SINGAPORE - Nations have been urged to build bridges to share knowledge and opportunities, as dated technology and tight government controls could lead to a divided Internet.
Panellists at the Singapore International Cyber Week (SICW) anticipate the global Internet may be split into regional networks that are isolated and using incompatible technologies, typically due to political, commercial or technological differences.
A divided Internet – dubbed the “Splinternet” – can cause countries to lose economic opportunities and become prone to cyber-security threats, said Mr Olaf Kolkman, the principal of Internet technology, policy and advocacy for the Internet Society. The non-profit group seeks to promote the open development and use of the Internet for the benefit of all users.
“Splintering the Internet will have an effect on individual companies and enterprises and people’s security,” said Mr Kolkman during his keynote speech at a session on the Splinternet at Marina Bay Sands last Thursday. “The open, global, secure and trustworthy Internet is a driver for social and economic prosperity. If we lose the Internet, we lose that driver.”
An example of a divided Internet that was debated by the panellists was the Great Firewall of China, which blocks citizens’ access to selected foreign websites such as Facebook, Wikipedia and Google Search.
Policies that close off networks – like the blocking of social media or barring devices with different IP addresses – can lead to a potential Splinternet, said Mr Kolkman. For example, filtering IP addresses can prevent users from accessing online services they depend on.
Mr Kolkman said an open Internet infrastructure between countries lets people freely use devices like their laptop or phone across borders without any hassle, but such freedom cannot be taken for granted if more nations isolate their networks.
The Singapore economy relies heavily on the Internet, said Mr Kolkman, who estimated that it would lose some $200 million daily should the Internet shut down here – one of the extreme consequences of the Splinternet.
A divided Internet also poses security risks to governments, businesses and communities as important information is kept in silos, he said. If the Internet is fragmented, security service providers might not be able to see cyber-security threats, which can put individuals and companies at risk, he added.
Mr Kolkman urged leaders to consider the Internet collectively instead of thinking as individuals, and to avoid dividing the Internet.
The global Internet can also be divided by outdated technology, he added, citing the uneven migration of digital devices to Internet Protocol version 6 (IPV6) from its earlier iteration, IPV4, which ran low on IP addresses due to widespread usage. It is the underlying technology that makes it possible for devices to connect to the Web.
“IPV6 applications cannot easily talk to IPV4 applications. So in that sense, there is already a sort of splintering going on,” said Mr Kolkman.
Panellist Lee Dolsen, the region’s chief architect for IT security firm Zscaler, agreed the open Internet should be defended, adding that greater trust and partnership between the public and private sector can foster a safer Internet.
He cited Singapore’s national authentication system Singpass, whose users can access government applications on the Internet while tagged to a digital identity. Singpass was an example of a government creating a national digital identity platform that worked openly with private market apps, he said, adding that other nations would likely be keen to follow suit.
But unprecedented data breaches have also cast a shadow over the promise of the Internet, he said. After Singapore’s worst breach involving the personal data of 1.5 million SingHealth patients in 2018, an Internet surfing separation measure was temporarily introduced at all public healthcare clusters.
Trust between the public and private sectors was a common theme in many of the panel discussions on cyber-security issues during the three-day convention. In a separate session last Thursday at SICW, cyber-security experts discussed their experiences handling cyber attacks.
Mr Brandon Wales, executive director of the US Cybersecurity and Infrastructure Security Agency, said the United States built a system to quickly declassify national secrets when necessary, to convey important information from the government to the cyber-security community.
“We no longer have to wait a long time to work through the classification. We’re able to get the relevant information that’s going to be useful for network defenders out at an unclassified level,” he said.
The system led to sensitive information, such as the discovery of cyber attacks to thwart the 2020 US election, being quickly declassified and provided to the public within 36 hours, said Mr Wales.
Highly sensitive intelligence about Russia’s plans to attack Ukraine was told to a small, vetted community of industry partners – many key to the US’ critical infrastructure – in November 2021, he added.
“We’d built trust over time that these individuals would keep the important secrets that we have and that there was a shared sense of importance of doing so,” said Mr Wales.
Mr Wales said private sector partners often enrich the information shared by the authorities. In turn, both sides benefit from those insights, he added.
Panellist Daren Smith, managing director for international government at BAE Systems Digital Intelligence, said it was important to attribute the source of cyber attacks so the source of a threat is made clear.
He said in 2021, the British government and Microsoft worked closely to pinpoint “a national state actor” as the instigator of a cyber attack on the Microsoft Exchange servers that gave attackers access to user e-mails and passwords.
“There’s a common understanding where we can actually work collaboratively together, bring our best experts in the room, without non-disclosure agreements so we can just have a proper conversation about things that we can do to move the world forward,” he added.
For geopolitical reasons, not all nations may be willing to pinpoint the source of a cyber attack, but it is important to hold malicious actors accountable if their behaviour affects the global digital ecosystem, said Mr Wales.
“I think the United States will continue to lead and push on this issue because we have the geopolitical clout to do so,” he added.
“We hope that over time, other countries will realise that the cost of staying silent will outweigh the cost of speaking up.”