Cyber Stability – Finding Order Amidst Dysfunction & Disruption Keynote Address by Mr David Koh, Commissioner of Cybersecurity and Chief Executive, Cyber Security Agency of Singapore at GITEX Asia on 9 April 2026

Ambassadors, High Commissioners,

Distinguished guests,

Ladies and gentlemen,

Introduction 

1      A very good morning and thank you for having me at GITEX Asia.

2      It is great to see familiar faces as we gather to discuss the state of cybersecurity, AI in the world today.

3      If we look at the state of the world today, actually it goes without saying that the post-World War II rules-based order has been completely upended.

4      Some even say that it is already history, behind us. Given the spate of inter-state conflicts around us, it appears there is not much of an international order to speak of.

5      However, while we know that the current order is fraying, there is still little clarity in what the future world order will look like. Perhaps, it is premature to pronounce the end of an era.

6      What we are seeing now perhaps could be an interregnum, a period of transition that I would expect might last for some time, before we eventually land on what the future is to come.

7      Whatever the international order should look like, in the present or in the future, it is in our collective interests – whether we come from small or medium states, developing and developed countries – for all of us to ensure that the system is defined and underpinned by rules. Without rules, all countries, perhaps with the exception of the Great Powers, will suffer.

8      Amidst the disruption and chaos, States can and must work together to build some certainty, to provide some ballast or framework in the current international system so that we and our citizens can function within it.

9      I think we can all agree on one thing – that any international order, in transition must provide strategic stability, both in the physical world and in cyberspace. If we want to reap the benefits of AI and the future, robotics, and industry 4.0, then we need stability in cyberspace.

10  This is what I want to touch on today – what is cyber stability, why it is so important, and how we can preserve some element of stability amidst this increasing volatility, dysfunction, and disruption.

What is Cyber stability? 

11  “Cyber stability” is a fairly common term we hear in international cyber discourse.   

12  It is actually derived from Cold War discourse on strategic stability, borne out of a desire to manage the anxieties of the then-bipolar world.

While the context may have changed, the desire nonetheless for international stability amongst States, whether in the kinetic or non-kinetic domains, remains constant.

13  But what does it actually mean?

According to the Global Commission on the Stability of Cyberspace (GCSC), cyber stability is a situation where everyone is reasonably confident to use cyberspace safely and securely, where the availability and integrity of services and information are generally assured.

Change is managed peacefully; tensions are resolved in a non-escalatory manner.

14  The United Nations Institute for Disarmament Research (UNIDIR) describes cyber stability as a “geostrategic condition where users of the cyber domain enjoy the greatest possible benefits… while preventing and managing conduct that may undermine these benefits”.

15  Common to these definitions is the understanding that cyberspace needs to be predictable, accessible, interoperable, and functioning.

While change, tensions and conflict in cyberspace are not absent, they are nonetheless managed, balanced and non-escalatory. 

16  Now, coming from a small State, Singapore, and as a practitioner myself, I think it is incumbent on us to build on this common denominator, even as it is perhaps a low one, because it concerns our security, our survival, and our common prosperity.

Stability in cyberspace is at risk due to escalating geopolitical tensions and evolving cyber threats

17  In the absence of a robust and strong rules-based order that we can rely on, we must work hard to ensure that some level of stability in cyberspace exists.

18  Unfortunately, from where I sit, cyberspace is increasingly becoming unstable, threatened by escalating geopolitical tensions, and rapidly evolving cyber threats.

19  The outlook is not positive. Globally, Checkpoint records that cyber threats have increased by 47% in the first quarter of 2025 as compared to 2024.

Besides the threats to our security, there is also an economic cost.  Cybersecurity Ventures projects that ransomware, a persistent and evolving threat, will inflict $74 billion USD in damages this year, a figure that is expected to increase to $276 billion USD by 2031.

20  Singapore is not immune to these events.

We have experienced a four-fold increase in Advanced Persistent Threats (APT) attacks between 2021 to 2024.

Last year, in 2025, Singapore announced that our critical information infrastructures (CIIs) have been attacked by APT actor UNC3886.

We took an unprecedented step to name the threat actor so that we can crystalise the threat and educate our own public that our CIIs were under attack.

21  As our own experience reveals, the deteriorating state of cyber stability is of concern and potentially dangerous.

22  States are already adjusting their policies to these threats.

Today, we are not just talking about protective measures to safeguard our networks.

There are now calls for more robust forms of action.

Concepts like “Active Defence” and “Forward Defence” or even “Hack back”, once uttered in closed policy circles or hushed tones, are now increasingly being heard openly.

Cyber stability is fundamental to our well-being and prosperity

23  Why does this matter?

24  Firstly, cyber stability is essential to the integrity, accessibility and availability of cyberspace, and we all depend on this.

We need a stable cyberspace to transact, to communicate and connect securely.

25  Secondly, cyberspace is necessary so that society, our citizens, can reap the benefits of the digital economy.

All our great plans will come to naught, if we do not have stability in cyberspace.

We have all witnessed the transformative power of the internet, the potential of AI but these benefits can only be sustained if cyberspace is secure, predictable, and resilient.

26  And third, we need cyber stability to avoid miscalculation.

In the “fog-of-the-internet”, a single misinterpreted signal can trigger a vicious cycle of escalation and potential spillover with unpredictable consequences.

Amidst the disruption and volatility, States must work together to preserve and promote stability in cyberspace

27  As cyber leaders, whether from industry, academia or the government, we must act to preserve cyber stability. We need to play our part.

28  Firstly, we have to keep talking with each other while practicing restraint.

Open channels of communication are critical to pre-empt escalation.

And this is necessary for all of us.

This also means we must be prepared to engage in dialogue, not just with our friends and people who think alike, but also with those we do not quite agree with.

This is what we have sought to do at platforms like GITEX, as well as the annual Singapore International Cyber Week.

29  Secondly, we need to deepen cooperation between our cyber agencies, both domestically and internationally.

There are many things that we can do collectively, from exchanging threat information, cyber experience and expertise, to working together to disrupt the operations against our common adversaries.

Such collaborations allow us to build trust and achieve better collective outcomes than we can manage by ourselves.

30  We can either work together multilaterally, through regional organisations or plurilateral arrangements, like ASEAN, where States collectively view cyber as an enabler of the digital economy in addition to being a national security imperative.

The Counter Ransomware Initiative is another example.

31  And third, we must do what we can to uphold existing consensus and agreements.

For example, we have to continue to affirm that existing international law, including the United Nations Charter, continues to apply, including in cyberspace.

We have to push for the implementation of the 11 voluntary, non-binding norms for responsible State behaviour in cyberspace.

32  I am aware that many of us monitoring the current state of global affair may have reasonable doubts as to whether international law and norms actually matter.

However, in my view, we have to keep on trying and not give up. Without it, everyone, all of us, will lose.

Conclusion

33  I leave you today with a slightly serious and sombre message that cyber stability is not a luxury, it is not something that is nice to have, but increasingly it is a necessity for our modern way of life.

Increasingly, we live, work and play more and more online.

34  The choice to preserve stability has to be made now, lest we risk undermining the foundations and the great potential for global collective prosperity that has brought us together to where we are today.

35  And on that note, thank you very much and have a great conference ahead.