Keynote Speech by Mr Chua Kuan Seah, Deputy Chief Executive of the Cyber Security Agency of Singapore at the Israel Cyber Week on “Transforming Horizons: Navigating The Digital Frontier”

28 JUNE 2023, 0955HRS – 1005HRS

INTRODUCTION

1. Good morning to the distinguished guests present today. I am Kuan Seah, Deputy Chief Executive of the Cyber Security Agency of Singapore or CSA for short.

2. My thanks to Tel Aviv University and Chairman of the Israel Cyber Week, Professor Ben Israel for the invitation to speak at this prestigious event.

3. The digital space has become so much a part of our lives today. We have integrated it into everything that we do, whether for work or play. Like many others, Singapore sees the growing importance of leveraging the digital domain to advance our national security, promote our economic progress and improve the living standards of our citizens. 

4. Yet, as the topic today suggests, horizons are transforming, and the digital frontier is a place where change is the only constant. 

5. Exponential increases in the speed of data processing, digital technologies facilitating near instantaneous communication and connectivity across the globe, new emerging technologies such as AI, machine learning and cloud computing boosting automation and efficiency – the list goes on. 

6. The advancement of technological capabilities aside, we cannot ignore global developments that point toward increasing tensions in the digital domain. In the last few years, we have seen increased contestation between nations and the exclusion of countries from the international systems.

7. When change is so constant in an area that holds great economic, social and security importance, what we can depend on are robust and unchanging principles and tenets that will guide our navigation. 

8. Let me outline 3 key messages:

Cyber and digital security underpins trust in the digital realm

9. A key tenet that remains true even in the rapidly changing digital frontier is that cybersecurity underpins trust in the digital realm. Regardless of the technology at hand, digital adoption and participation requires trust and confidence in our digital systems. No matter how innovative a digital solution is, our citizens and businesses will not use the technology if there is a lack of trust.

10. Domestically, Singapore worked to establish our Cybersecurity Act in 2018 to strengthen the baseline protection of our Critical Information Infrastructure or CII against cyber-attacks. The Act provides a framework for the designation of CII and provides baseline standards for CII owners to adopt. This aims to build a baseline level of trust for our key systems.

11. We are currently reviewing the Cybersecurity Act given the cyber threat landscape and business environment has evolved quite a bit since 2018.

12. The Cybersecurity Act review looks into regulating systems beyond our CII, in recognition that we need to broaden our cybersecurity considerations in today’s technological landscape and our operating context. 

13. So, in this review, we are also looking at bringing new groups under the ambit of the Cybersecurity Act, such as entities that hold sensitive information or technology that would be of national security or public interest (e.g. our sovereign wealth fund), and digital infrastructure providers that are foundational to our core connectivity stack.

14. Our aim is to ensure that our legislative framework is fit-for-purpose and continues to provide a safe and secure environment for our digital way of life to flourish.

Build trust through objective standards for interoperability

15. It is also important that we develop technical and objective standards that promote interoperability. 

16. Having such standards does not just make our lives easier; it makes us safer. Singapore adopts a principled but pragmatic approach to this. We focus on technical objectivity and quality as opposed to values-based frameworks or ideology. 

17. Countries have differing systems of government stemming from unique historical and developmental paths. However, all countries have a common interest in technological advancement, economic development, and progress.

18. From the technical perspective, adopting common and interoperable technological standards makes it easier for us to defend our shared cyberspace. The attack surface is reduced when there is no need to defend multiple parallel systems.

19. In Singapore, we started by launching a voluntary Cybersecurity Labelling Scheme that aims to provide greater transparency for security of consumer IoT devices by rating smart devices according to their levels of cybersecurity provisions.

20. Under the scheme, smart devices are rated according to their cybersecurity provisions. The scheme is still relatively young, but since launched in 2020, we have labelled more than 250 products from leading global brands such as Google, Asus, TP-Link, D-Link, Linksys, Netgear, Nokia, and the list goes on. 

21. Singapore has partnered with Germany and Finland to mutually recognise each other’s cybersecurity labels. The mutual recognition will ease cross-border testing and certification cost burdens, and encourage more companies to develop safer smart devices. 

22. Singapore is also working with countries at the International Standards Organisation (ISO) to establish a universal labelling framework. 

23. As we often say in Singapore, we want to make cybersecurity a business advantage, not an onerous compulsory requirement. That is what we are trying to do with our own initiatives like the CLS.

Build trust through common understandings of responsible State behaviour in cyberspace

24. It is important that we commit to the strengthening of a rules-based multilateral order in cyberspace. 

25. Such trust and confidence are essential to fostering the international cooperation necessary for addressing the increasingly sophisticated and ever evolving cyber threats. Cyber threats are transnational, and must be mitigated to ensure the security and reliability of global communications systems and critical information infrastructure, which undergird our digital economy. This is pertinent for all countries, especially small and developing ones like Singapore.

26. Singapore currently chairs the United Nations Open-Ended Working Group on the Security of and in the use of ICTs, which advances the development and implementation of norms of responsible state behaviour in cyberspace. The inclusive nature of cyber discussions at the UN allows all States, whether large or small, to have a voice in decisions. 

27. Singapore is deeply committed to keeping discussions at the UN productive and focused on practical and concrete cooperation, so as to translate principles into action and implement common norms. 

28. That is why we spearhead activities such as cyber capacity building for UN Member States and the development of a Norms Implementation Checklist for States to reference. These are meant to strengthen all nations’ ability to effectively participate in and maintain the rules-based order in cyberspace.  

Conclusion

29. In closing, I would like to emphasise that it is in everyone’s interests to build a secure, stable and interoperable cyberspace. A secure, stable and interoperable cyberspace is our strongest hope in navigating a quickly shifting international digital environment – and will allow all of us to reap the benefits of digitalisation and improve economies and living standards of our citizens. 

30. I wish you a fruitful cyber week ahead.

31. Thank you.