Published on 19 Oct 2022
Comprehensive Defence of our Cyberspace
Ladies and Gentlemen,
1. Good morning to all of you. Welcome to the Singapore International Cyber Week (“SICW”). I am happy to see the very large turn-out and many familiar faces with us today, especially those who have travelled from all over the world to join us. A warm welcome also to those who are joining us virtually, and we hope to see you soon in person as well.
Growing Importance of Cyberspace
2. The digital and cyber space has become ubiquitous, indispensable and so much a part of our lives today. COVID-19 has accelerated the adoption of digital technologies, making them a part of everything that we do, be it digital payments, shopping, chatting with friends, travelling or business. The emergence of the “metaverse”, heralds the merging of the virtual and the physical world.
3. Securing the digital domain and ensuring a trusted cyberspace will enable all of us to enjoy the fruits of the digital revolution, and its promise of economic progress and a better life. Because ultimately that’s the objective that all of us are pursuing.
4. However, precisely because the digital domain has become a more important and indispensable part of our everyday lives, threats in the digital domain have become much more serious and more challenging. Threats which start out in the digital domain can also quickly impact events in the physical world. The digital domain does not operate in a vacuum or in a separate reality. If a critical system is brought down by an attack, there could be severe effects on countries and the international system, organisations and businesses; financial losses; and threats to lives and livelihoods. Earlier this year, a ransomware attack on Costa Rica crippled essential services in the country, forcing the Costa Rican government to declare a state of national emergency. In February, a cyber-attack on the satellite communications provider Viasat caused disruptions across several countries in Europe.
6. Supranational systems – systems that transcend national borders – pose a special challenge in international cooperation. These are systems such as the SWIFT international payment network, booking systems for air travel, and the interconnected systems providing safety and routing information for aviation and maritime traffic. These systems serve many countries. A failure of any such system would result in chaos at the global level. However, while many states depend critically on them, their protection and supervision sometimes do not come under any international process. We need to have greater emphasis on ensuring clearer collective responsibility, and strengthen international cooperation to protect these systems and make sure that they work properly and securely.
7. One important platform for cooperation in cybersecurity is the UN, where countries large and small have a voice and can work together. The OEWG, or Open-ended Working Group on Security of and in the Use of ICTs 2021-2025, has made some progress in achieving a common understanding of the elements that make up the cyber stability framework. The current chair of the OEWG is Singapore’s Permanent Representative to the UN, and we hope to help advance the work in this important forum. There is also the UNGGE or Group of Governmental Experts. The sixth UNGGE and inaugural OEWG submitted their consensus reports last year. Both have done important work in reaffirming our global commitment to the cyber stability framework.
8. Singapore is committed to contributing to these international efforts in practical ways through capacity-building and confidence-building measures. In August this year, we worked with the UN Office of Disarmament Affairs (UNODA) to organise the inaugural UN-Singapore Cyber Fellowship for cyber ambassadors and heads of agencies from across the world. In the ASEAN region, close to 1,500 senior officials have been trained through the ASEAN-Singapore Cybersecurity Centre of Excellence (ASCCE). They have capacity-building programmes that have been running for the last 6 years. To expand on these efforts, Singapore will partner the Global Forum on Cyber Expertise (“GFCE”) to appoint a South-East Asia Liaison at the ASCCE. This is a whole bunch of names and organisations. So how do we get them to work together? This Liaison will be the focal point to connect the region more closely with the international capacity building community, to better match supply and demand in capacity-building, and to gradually align the work that all of us are doing.
b. Second, apart from our physical infrastructure, we also need to protect our soft national infrastructure. This includes for Singapore, our National Digital Identity system, which we call Singpass, that provides trusted credentials for digital identity verification; and our National Digital Payment system, or PayNOW, that provides the backbone for making and clearing digital payments nationally. The integrity and resilience of our soft infrastructure enables citizens and businesses to transact securely, confidently and conveniently online with one another and with Government.
To improve coordination with the CII sectors, CSA is developing a next-generation National Cyber Security Centre (“NCSC”), which will feature tighter integration with our CII owners and Sector Leads.
d. Fourth, beyond the CII sectors, all organisations – including businesses and research and educational institutions, will need to strengthen their own defences against cyber threats. One example of a threat affecting all organisations is that of ransomware. Ransomware criminals can be opportunistic and highly sophisticated. They take advantage of poor cybersecurity practices to gain access to their victims’ systems and data, bet on victimized organisations being more willing to pay the ransom and hide the attack than to report the crime, and take advantage of gaps between jurisdictions to evade law enforcement. To help companies and organisations deal with ransomware, Singapore set up an interagency Counter Ransomware Task Force (CRTF) earlier this year. The CRTF will bring businesses, Government, and international partners together to more effectively counter ransomware attacks.
The Government also helps enterprises strengthen their cybersecurity. For example, CSA launched the SG Cyber Safe Programme in 2021 with a cybersecurity certification programme, comprising the Cyber Essentials and Cyber Trust marks, to set standards and recognise enterprises that have good cyber practices.
e. Fifth, individuals, each of us, have a responsibility to adopt good cybersecurity practices and protect the systems and devices that they use. Personal devices, including the multitude of IoT devices, do not exist on their own. They are connected to other devices, systems and networks. With the introduction of 5G technology, we can expect a step jump in the number and types of devices to be connected in ever-larger networks. If individuals or these multitude of devices are compromised, they will not only bring harm to themselves, but could be exploited to penetrate and weaken the whole system or network.
Individuals need to be aware of cyber risks, be capable of protecting themselves, and be responsible for their own safety and security online. It was in this spirit that CSA launched the Cybersecurity Labelling Scheme (CLS) to help consumers identify smart devices that meet their cybersecurity needs. CSA intends to extend this labelling scheme to include medical devices. CSA will also be launching the Internet Hygiene Portal, which allows users to do “health-checks” to ascertain whether the websites that they visit have the necessary security protocols.
14. The digital commons and our digital systems and networks are interconnected. We are only as strong as our weakest link. That is why we need individuals, businesses and countries to work together, so that we can strengthen our collective defence and protect our cyberspace and digital systems more comprehensively.
18. Thank you for joining us today, and for your continued support for the SICW. I wish you an invigorating and productive conference. Thank you.