Enable breadcrumbs token at /includes/pageheader.html.twig

Singapore Is Aggressively Pursuing Cybersecurity

The tiny Asian country has fully embraced cybersecurity to protect its vital maritime, banking and aviation sectors, as well as its citizens.

David Koh, a Singapore ministry official, confirms that cybersecurity is a top priority for his nation. Koh was a keynote speaker at the recent 8th Annual International Conference on Cyber Engagement hosted by the Atlantic Council, Dentons, Bank Polski and Texas A&M. Credit: Atlantic Council/Image Link

Singapore, in terms of size, is akin to an ant versus an elephant, said David Koh, commissioner of cybersecurity; chief executive, Cyber Security Agency, Singapore’s Prime Minister’s Office; and Defense Cyber Chief, Ministry of Defense of the Republic of Singapore. Nevertheless, the republic has put cybersecurity front and center. Even with only a population of about 5.9 million people—similar to the number of citizens in the Washington, D.C., area—Singapore is one the world’s most digitally connected cities, averaging two cellphones per citizen.

The republic is pursuing an encompassing smart nation initiative, has created a new governmental division to harness digital and smart technologies, and plans to institute a national digital identity system. It also is integrating an electronic payment system, allowing citizens and businesses to conduct transactions in a seamless, convenient and secure manner, Koh stressed.

“The pace and scale of Singapore's digitalization push will only become more intense under the country’s smart nation initiative,” he stated. “These and other foundation initiatives will enhance the competitiveness and productivity of our economy, but the more digitalized and connected we become, the more important it is to secure our systems.”

The country, like most nations, has not been spared from adversaries mounting cyber attacks. Last year Singapore suffered its worst data breech to date, in which an adversary illegally accessed personal information of 1.5 million medical patients. “This was the work of a sophisticated and advanced persistent threat vector,” Koh stated. “Thankfully it was not their medical records.” And the indirect costs of those type of attacks—including a loss of citizens’ trust—are almost higher than the actual costs, he added.

To protect itself, Singapore is pursuing a multipronged security strategy that builds on the 2015 creation of its Cyber Security Agency. In securing its critical information infrastructure, the republic is working with the private sector in regard to cyber threats and reporting requirements, Koh said. It is advancing its cyber-related legal framework. It also is making cybersecurity a pillar of its economy, looking at it as a growth sector for cybersecurity companies.

For Singapore's conscription military, the defense ministry has slotted cyber-related training for its soldiers, and recently identified a location to conduct centralized cyber defenses. In addition, the military is securing and protecting military systems and networks.

The results of these efforts have propelled the republic to the first ranking in last year’s Global Cybersecurity Index (GCI), prepared by the United Nation’s International Telecommunication Union (ITU)—above countries such as the United States and the United Kingdom. Koh asserted that the ranking reflects the country’s fervent commitment to digital safety. “We are deeply, deeply committed to strengthening the cybersecurity of our systems,” Koh stated. “In fact, I'll go further. In some respects, cybersecurity is an existential threat for Singapore.”

Singapore, as a gateway to Southeast Asia and the larger Asian Pacific region, is a banking, aviation and maritime hub, with a significant proportion of the world's capital, traffic and freight flowing through to its borders, Koh noted. “The tremors of a cyber attack, for example, on Singapore's financial sector, will be felt immediately in New York and London.”

The country's leaders are calling for a rules-based international order for cyberspace. To protect nations, a rules-based cyberspace would stand upon applicable international law and the adoption of voluntary operational norms, Koh stressed.

“Cyberspace should not be any different from the physical domain,” he emphasized. “For example, in the maritime domain, there are rules that govern how a nation-state should behave, such as through the United Nations Convention on the Law of the Sea. And similarly in the aviation domain, we abide by the rules set by the International Civil Aviation Organization. These rules underpin our modern economies and our security.”

A rules-based order is particularly critical for a small nation like Singapore, Koh continued. “Otherwise, the alternative is a world order where might makes right, where rules and norms are routinely flouted, and where there is considerable uncertainty about the sanctity of international agreements and norms,” he implored. “A small state like Singapore is like an ant in a jungle full of elephants, and we must do what we can to better secure ourselves, especially when the elephants fight.”

Koh was a keynote speaker at the 8th Annual International Conference on Cyber Engagement held on April 24 by the Atlantic Council, Dentons, Bank Polski and Texas A&M.