Opening Speech By Mr K Shanmugam Coordinating Minister For National Security And Minister For Home Affairs At The Singapore International Cyber Week

Mdm Izumi Nakamitsu,

United Nations Under-Secretary General

and High Representative for Disarmament Affairs

My Cabinet Colleagues,

Mrs Josephine Teo,

Minister for Digital Development and Information, and Minister-in-charge of Cybersecurity and Smart Nation

Mr Tan Kiat How,

Senior Minister of State,

Ministry of Digital Development and Information

Mr David Koh,

Commissioner of Cybersecurity

and Chief Executive of the Cyber Security Agency of Singapore

Ministers,

Excellencies,

Distinguished Guests,

Ladies and Gentlemen,

1.                  Welcome to our 10th Singapore International Cyber Week (SICW).

A More Dangerous and Contested Cyberspace

2.                  We are seeing a significant rise in malicious cyber activity in cyberspace.

3.                  State-sponsored actors have intensified their activities.

4.                  They have launched cyberattacks to bring down critical infrastructure, disrupting essential services and introducing instability in cyberspace.

5.                  In April of this year, an attack on SK Telecom, in South Korea, exposed the SIM data of nearly 27 million users.

6.                  The “Typhoons” cluster has been reported to target critical sectors - healthcare, telcos, water, transport and power.

7.                  “Hacktivists” and pro-state actors have used cyber to promote their political, social, ideological agendas.

8.                  Cybercrime has also been on the rise.

9.                  In August of this year, a ransomware attack on Jaguar Land Rover disrupted production and caused the shutdown of its factories around the world, caused the loss of billions of dollars, and affected thousands of workers and huge number of sub-contractors.

10.             After that, a ransomware attack on Asahi Beer Group halted beer production around the world, almost caused a shortage of Asahi beer! I am not sure between Land Rovers and beers, which is more impactful, when you lose it.

11.             In Singapore, we have been under regular attacks.

12.             Our geopolitical situation, and our digital connectivity, makes us attractive targets.

13.             Earlier in July this year, I shared that UNC3886 has been conducting attacks on our critical infrastructure.

14.             We have also discovered foreign actors attempting to influence our domestic politics both in the physical world and in cyber.

15.             In 2017, for example, we identified an “agent of influence”. We revoked his Permanent Residency and asked him to leave the country.

16.             During our General Elections this year, foreign actors were using our cyberspace to directly target Singaporeans to get them to vote along the lines that were preferred by the foreign actors.

17.             Their social media posts were widely shared within the Singaporean community.

Singapore’s Approach

Zero-tolerance Against Malicious Cyber Actors

18.             We will take action against malicious cyber actors, regardless of whether they are attacking Singapore targets, or using Singapore as a launchpad for attacks against other countries.

19.             In the last year, we uncovered a serious network.

20.             The Singapore Police Force and our Internal Security Department identified six foreign nationals working, operating out of Singapore.

21.             They are suspected of being involved in malicious cyber activities.

22.             These individuals are believed to have probed and hacked into various overseas websites.

23.             One of their purposes for doing so was to obtain information of a significant number of individuals, including of those outside of Singapore, which they subsequently sold for profit.

24.             But they also targeted foreign Governments, including foreign Government data.

25.             That is not acceptable, and we take a serious view.

26.             Naturally, questions arise as to why they are doing this. And if they are doing this on behalf of who else.

27.             Four of these individuals have also been charged with possessing hacking tools and malware found on their devices.

28.             Their cases are now before the Courts.

29.             We will also take action against platforms that carry harmful content or used as conduits for malicious cyber actors.

30.             For example, in October of last year, the Government blocked 10 websites, obviously inauthentic, set up by foreign actors which were masquerading as Singapore websites, which the potential to be used when the switch is turned on for a variety of activities.

31.             They have the potential, in our assessment, to mount hostile Information campaigns. That is the first part.

Securing our critical infrastructure

32.             Second, we will continue to strengthen the protection of our critical infrastructure.

33.             Today, our critical infrastructure operators are held to higher cybersecurity standards and obligations under the Cybersecurity Act.

34.             As threat actors employ more sophisticated tools and techniques, we will update these standards and obligations.

35.             We have to ensure that critical infrastructure owners are prepared to deal with these threats.

36.             But regulations alone are not going to be enough.

37.             Most owners of critical infrastructure are private sector companies whose primary job is to ensure the delivery of essential services - water, power and transportation and so on.

38.             They are not specialists in cybersecurity.

39.             Yet, they are up against some of the best-in-class, state-backed cyber threat actors.

40.             So, the Government has decided that it will have to move beyond the traditional regulator-regulatee relationship when it comes to infrastructure owners.

41.             The Government will partner more closely with them in this fight against cyberattacks and cyber attackers.

42.             This will mean equipping our critical infrastructure owners with the tools and the capabilities to deal with APT-level threats. The Government will help in this.

43.             One initiative which we have already undertaken is to share classified threat intelligence with our critical infrastructure owners.

44.             This will help them be on the lookout for specific threats and develop a more robust incident response, and have more robust business continuity plans.

45.             We will also explore seriously, the partnering with certain critical infrastructure owners to conduct threat hunting and red-teaming exercises.

46.             These will similarly be informed by classified intelligence.

47.             These security tests, we hope, will help validate the robustness of the defences of these critical infrastructure operators.

48.             This, for Singapore anyway, represents a very significant shift in the approach by the Government.

49.             Up to now, when it comes to issues of classified threat intelligence and national security, they have been the exclusive domain of Government, and have been kept the exclusive domain of the Government.

50.             But we have decided that this significant shift is necessary for us to level the playing field between attackers and defenders, and help to turn the tide against the threat actors.

51.             But we have to be realistic. As I said, we are up against sophisticated threat actors and some attacks will succeed.

52.             Therefore, we will need to build up resilience, but we also need to be prepared that for a period, some operations will be degraded because some attacks will succeed.

53.             That is why we have to continue to strengthen cooperation with key Government and technology partners. We have to share intelligence, we have to help each other block attacks, and help when networks have to be shut down, we have to help each other when threat attackers attack us. Attacks can come from anywhere in the world and can be routed through a number of intermediate nodes internationally.

International Collaboration

54.             This brings me to the third aspect I wanted to speak about, the third pillar of our approach, to build trust between countries and continue to strengthen the rules-based international cyber order. Now, we are not completely idealistic about it. There are always going to be different levels of interest. There are going to be different countries which have a view on offence and defence, but there must still be some foundational cooperation, which is the key to a safe cyberspace, secure cyberspace, at least between broadly like-minded countries.

55.             With trust, countries can exchange information, and support each other in times of crisis.

56.             Without it, countries will be hesitant to share intelligence. And that will leave all of us exposed, and weaken our collective defence efforts.

57.             Moreover, if some countries choose to weaponise technologies, others will naturally raise their defences.

58.             This will result in a cyber arms race. A vicious cycle which benefits no one. We are, in fact, already in that situation.

59.             Singapore has been and continues to be a staunch advocate for the international rules-based order. This also extends to cyberspace, to the extent that that is possible.

60.             So, we recently concluded our chairmanship of the 2nd UN Open-Ended Working Group (OEWG) on the security of information and security of communications technology.

61.             There was general consensus on what constitutes responsible state behaviour, and countries have made some headway in codifying these into rules and norms.

62.             Importantly, there has got to be a commitment to upholding these rules and norms.

63.             We are all going to be worse off if the cyberspace denigrates into the “law of the jungle” where “might equals right”. And we will then see many of the benefits of digitalisation being reversed.

64.             We, in Singapore, will also do our part to contribute towards international capacity building efforts. And conferences like this, sharing, building up trust, partnerships, we will work at it.

65.             Since 2022, Singapore has partnered with the UN Office of Disarmament Affairs to run the UN-Singapore Cyber Programme, or UNSCP.

66.             Over the past three years, this programme has trained close to 140 senior cybersecurity officials from 97 UN Member States.

67.             I am pleased to share that we will renew and extend the UNSCP for another three years.

68.             These efforts will hopefully help to level the playing field between the defenders and threat actors and contribute to a slightly more safer and secure cyberspace globally.

Conclusion

69.             This International Cyber Week has become an important platform for Governments and industry players around the world to come together.

70.             It is a platform to have serious, meaningful conversations and deepen partnerships on cybersecurity.

71.             This year, we have a record number of participants from more than 90 countries.

72.             I hope that over the next few days, you will actively share your perspectives, form meaningful partnerships, and identify new opportunities for collaboration.

73.             Through the various conversations, we can deepen our understanding of one another, build more trust, and hopefully build deeper, longer lasting partnerships.

74.             I wish everyone a fruitful conference.

75.             Thank you.