Speech by Mr David Koh, Commissioner of Cybersecurity and Chief Executive of the Cyber Security Agency of Singapore, at the 3rd OECD Global Forum on Digital Security for Prosperity

09 Jun 2021

SPEECH BY MR DAVID KOH, COMMISSIONER OF CYBERSECURITY AND CHIEF EXECUTIVE OF THE CYBER SECURITY AGENCY OF SINGAPORE, AT THE 3RD OECD GLOBAL FORUM ON DIGITAL SECURITY FOR PROSPERITY

“LEVERAGING THE OECD TO BOOST INTERNATIONAL CO-OPERATION”

Thank you OECD for inviting me to speak on such a timely and relevant topic.

Good evening from Singapore.

It is a great honour for us to be part of this discussion.

As many of the earlier panellists have pointed out, Covid-19 has fundamentally changed the way that we work and live.

It has accelerated digitalisation and shown us how dependent we all are on connectivity and digital technologies for a wide range of economic and social activities.

Yet, as we all know, there are risks and downsides that we must all address early.

Cyber threats are borderless. This means that digital attacks on a particular State or service provider can easily be carried out by perpetrators based elsewhere.

This means that States and service providers are defending themselves against the most sophisticated and advanced threats from around the world and no single stakeholder can combat these threats alone.

Strong international partnerships and cooperation, in addition to national strategies and initiatives, can help support countries to adequately equip themselves to respond to and manage digital security threats.

There are two things that the OECD can continue to do to boost international cooperation.

Promoting Common Security Standards and Frameworks

First, the OECD can continue to encourage countries to come together, through the various workstreams, to promote an interoperable digital space through collaboration and exchanges on common security standards and frameworks.

As the operating landscape evolves, domestic policies must consider a balance between security, cost and usability, and we need to review our risk profiles as and when needed in order to keep in tandem with these developments.

As the Cyber Security Agency of Singapore, we have put in place national strategies and initiatives for our country and this take the broader digital security risks into account.

One example is for the Internet of Things (IoT). The landscape is fast-evolving and pose distinctive threats and risks. Given that the proliferation of smart devices has given rise to a potentially huge attack surface, Singapore launched the Cybersecurity Labelling Scheme (CLS) last year to raise the security levels of consumer IoT devices. This is for the national environment.

Now, we hope to establish mutual recognition of our scheme with international partners so that, through interoperability, we can collectively advance the security standards of consumer IoT devices – something that we would all want to do together.

This is just one of the initiatives which Singapore introduced to address digital security challenges which all of us face.

I believe that the OECD encourages collaboration and exchanges on common security standards and frameworks, including initiatives such as the Cybersecurity Labelling Scheme, countries may be better equipped in managing digital security risks, if we cooperate.

Such exchanges not only encourage countries to want to continue learning from each other, but also to promote interoperability, and it will also boost international cooperation.

Promoting Multi-stakeholder Dialogues

Second, the OECD can promote multi-stakeholder dialogues, across borders, to encourage international cooperation in addressing digital security risks.

Governments alone do not have all the answers on digital security issues.

Firstly, large parts of the digital infrastructure are operated by non-state stakeholders. It is even more crucial for close cooperation between various stakeholders to work together to address novel threats that have arisen as result of new technology.

Singapore is committed to multi-stakeholder partnerships and actively engages with non-state stakeholders.

One example is our Singapore International Cyber Week that we have organised since 2016. It is one of the avenues where  stakeholders come together and deliberate on key digital security issues whilst finding opportunities to collaborate.

This has sharpened our thinking as we have benefited from different perspectives, enabling us to develop more holistic policies and make informed decisions on digital security risk management.

The Global Forum on Digital Security for Prosperity, which continues to bring together various stakeholders to share their perspectives on digital security risk management is another example of OECD’s commitment to promoting multi-stakeholder dialogues.

Such platforms are crucial as they facilitate exchanges on wide-ranging security issues in the digital domain.

These exchanges in turn enhance trust, which encourage international cooperation amongst various stakeholders.

Conclusion

In conclusion, the OECD has a role in boosting international cooperation.

The current climate is such that countries are beginning to link technological capabilities to national security, economic prosperity as well as social stability.

The OECD WP-SDE’s work is thus highly relevant as it creates a conducive environment for cultivating trust – a key element for effective international cooperation and in strengthening a rules-based international order in cyberspace.