05 Oct 2021
Towards A More Secure Shared Digital Future
Ms Izumi Nakamitsu, Under-Secretary-General and High Representative for Disarmament Affairs of the United Nations
Mrs Josephine Teo, Minister for Communications and Information, and Minister-in-charge of Smart Nation and Cybersecurity,
My colleagues at the Ministry of Communications and Information:
Dr Janil Puthucheary, Senior Minister of State,
Mr Tan Kiat How, Minister of State, and
Ms Rahayu Mahzam, Parliamentary Secretary,
Ladies and Gentlemen,
1. Welcome to the 6th Singapore International Cyber Week (SICW). I am pleased that Singapore is hosting this event once again, though in a hybrid format. This has allowed us to maintain momentum and reach out to more people virtually. I am heartened that many of you are here, in person, with me in Singapore’s Marina Bay Sands, and we hope to welcome more of you soon in Singapore.
The Dilemmas of Digitalisation
2. COVID-19 is making a deep impact on our current and future lives.
3. COVID has accelerated the global digital revolution. Digital technology has helped us to overcome the isolation and dislocation of quarantine and lock-downs; and to ease into the “new normal” with telecommuting, video-calls, e-learning, online shopping and digital payment. The benefits and opportunities are tremendous, and so too the impact on businesses and jobs, and will have a permanent impact on the way we live our lives.
4. The digital industry is constantly re-inventing itself, thriving on innovation, and on moving fast.
5. It is becoming more inclusive. Every day, more people, companies and organisations, all over the world, are engaging in the digital space.
6. Tt is becoming more pervasive. Every day, new applications and services are introduced, extending into every sphere of our lives, whatever we are doing, wherever we are, 24/7.
7. And we can expect innovation to move at an even faster pace. 5G, the cloud, Internet of Things (IoT), data analytics, and AI will bring a new avalanche of devices, applications and services, taking digitalisation to a new level.
8. But connecting more people, bringing in new services, and rolling them out fast, bring added risks. They open up a wider attack surface, and raise the likelihood, impact and cost of a breach. Strategies to enhance security, on the other hand, are inherently aimed at stability, conservatism, and reducing risk. Instinctively, the two seem mutually exclusive. These are real dilemmas that all of us face.
9. Compounding all of these are the geopolitical tensions that are threatening to bifurcate the technology world, further increasing digital risks.
10. We cannot stop progress. It is not possible to press the “pause” button, create a cyber-secure environment that is integrated, inter-operable and foolproof, and then press the “play” button again. We are moving too fast in the real world.
11. How do we create the (i) Consensus; (ii) Collaboration; and (iii) Capabilities that we need, to bring ourselves closer to a more secure shared digital future?
12. First, difficult as it may seem, we should work to reach consensus on rules, norms, principles and standards. Given the borderless nature of the digital domain – some have likened it to a digital global commons – we need to aspire for global consensus. Singapore supports the creation of such a multilateral order in cyberspace. Countries need to work together to develop new governance principles, frameworks and standards for the digital commons to preserve trust and confidence, and for it to work well, safely and securely for all of us.
13. The inaugural United Nations (UN) Open-Ended Working Group, or OEWG, and the sixth Group of Governmental Experts, or GGE, have been working towards this. The UN Office of Disarmament Affairs led by Under-Secretary-General Izumi Nakamitsu is actively engaged in this process. Consensus-building is crucial to maintain an open, secure and interoperable digital domain. Singapore has participated in and made contributions to both the OEWG and GGE, which successfully concluded with the adoption of their consensus reports earlier this year. These were significant milestones toward developing the “rules of the road” for cyberspace.
14. As a GGE member, Singapore submitted our national contribution on the application of international law in cyberspace to the UN. These clarify our views on the actions that States can and cannot take in cyberspace to further strengthen the rules-based multilateral order. Our Permanent Representative to the UN, Ambassador Burhan Gafoor, has been elected as chair of the five-year OEWG on Security of and in the use of ICTs. We will strive to work closely with the international community towards an open, secure, and interoperable ICT environment.
15. At the regional level, in a significant achievement, ASEAN was the first regional grouping to subscribe in principle to the UN’s 11 voluntary, non-binding norms of responsible state behaviour in cyberspace in 2018. ASEAN is now working closely to implement these norms and translate principles into tangible outcomes. Regional cooperation is an important building block and stepping stone towards global consensus.
16. Singapore has also been contributing to the development of objective, technical standards. We launched the Cybersecurity Labelling Scheme for consumer IoT devices in 2020 that has seen good take up among local and multinational device manufacturers. The four-level rating system builds common understanding of the cybersecurity provisions of a particular product and provides confidence and choice to consumers. This positions cybersecurity as a feature of innovation, and not a drag.
17. We should work to converge on such standards internationally. Common or mutually recognised standards will benefit consumers and manufacturers globally, and reduce the cost of compliance, eradicate duplicative testing across borders, and facilitate market access. We welcome international partners, private companies and members of the public to join us in this effort.
18. Second, we need to collaborate to keep the digital domain safe and secure. Cyberspace transcends physical boundaries, and many systems span different countries and jurisdictions. Countries therefore need to collaborate closely to align our policy approaches to deal with and police cross-border cyber threats. We also need to collaborate at the operational level to respond to cyber threats rapidly and in a coordinated manner.
19. Since 2014, Singapore has hosted INTERPOL’s Global Complex for Innovation, which has coordinated several large-scale, successful operations against international cybercrime syndicates. In 2019, Singapore worked closely with INTERPOL, other law enforcement agencies and private sector partners to target Crypto-jacking in the ASEAN region. Over a period of six months, the operation reduced the number of devices infected with malicious script to mine cryptocurrency by almost 80%. Singapore also participated in an INTERPOL-led operation targeting illegal football gambling during the Euro 2020 tournament. Law enforcement agencies in 28 countries were involved, resulting in nearly 1,400 arrests across Asia and Europe.
20. Earlier this year, the Singapore Police Force also participated in Operation HAECHI-I. This was a transnational joint operation targeting five types of cyber-enabled financial crimes – voice phishing, love scams, investment fraud, sextortion and money laundering associated with illegal online gambling. More than 1,600 bank accounts linked to these crimes were frozen and a total of US$83 million intercepted. Over 585 individuals were arrested and investigated, and more than 890 cases solved. This is a testament to what we can achieve as a global community if we work together to keep cyber space safer and more secure for all our users.
21. Third, countries must invest in developing capabilities, so that we can do the hard work of creating a secure cyber space. Otherwise, the policies and principles we speak about will remain unimplemented. We must build up security capabilities that can keep pace with rapid technological developments and stay at least one step ahead of malicious cyber attackers. This is a very difficult task.
22. Recent high-profile supply chain attacks like the SolarWinds incident and Kaseya breach have exploited vulnerabilities in what should be “high trust” components to compromise targets. This makes it more urgent for us to invest in our capabilities to strengthen the “trust, but verify” approach in our digital systems – to continuously verify and validate all activity on our networks. The industry is already on this path, and whether we call it “zero trust” or “assume breach”, the objective is the same. This approach will give us greater confidence to trust our digital technologies and devices to maximise their potential.
23. While it is possible to pursue each of these tasks on their own, it is more important to find the links and synergies across these different pathways and develop a coherent overall Strategy. This is why Singapore has drawn up our Cybersecurity Strategy 2021. This strategy articulates Singapore’s approach to safeguarding our wider cyberspace in an increasingly complex environment, and attempts to address some of the dilemmas I spoke about earlier.
24. It acknowledges the need for consensus-building and deepening collaboration, through the discussions at the UN GGE and OEWG, and the development and implementation of cybersecurity standards at the national level to raise the minimum standard of cybersecurity in ICT products and services that we use.
25. One key element of the revised strategy is going beyond protecting merely our critical information infrastructure, and working to secure our wider cyberspace given the increasingly wide-spread and inter-connected use of digital technology in all domains. This needs to be underpinned by building organisational capability and talent development. Over the next few days, we will be announcing and discussing various initiatives to uplift and empower enterprises to use the digital domain securely; as well as to grow and inspire a pool of cybersecurity champions as users of digital technologies, cyber professionals and future cyber leaders.
Ladies and Gentlemen,
26. I thank all of you for joining us today, and for your strong support for the SICW. Let us work together to maintain an open, secure and interoperable cyber space, to realise the potential and promise of the exciting new possibilities that are fast opening up in the digital domain.
27. I wish all of you a fulfilling and meaningful conference. Thank you very much.