SM Teo Chee Hean at the 4th Singapore International Cyber Week

SM Teo Chee Hean | 1 October 2019

Speech by Senior Minister and Coordinating Minister for National Security Teo Chee Hean at the Opening of the 4th Singapore International Cyber Week on 1 October 2019.

 

 

His Excellency Bapak Wiranto, Coordinating Minister for Political, Legal and Security Affairs of the Republic of Indonesia,
His Excellency Fabrizio Hochschild, Under-Secretary-General and Special Adviser to the Secretary-General on the Preparations for the Commemoration of the Seventy-Fifth Anniversary of the United Nations,
Excellencies,
Distinguished Delegates,
Ladies and Gentlemen,

Welcome to the 4th Singapore International Cyber Week, or SICW! I am happy to see the large turnout and many familiar faces here with us today, especially our friends who have travelled from the region and from across the globe to Singapore.

Securing Our Common Cyber Future

The world has been brought closer together by the digital revolution. Light cables carry data across our oceans to bring together communities around the world, wireless signals allow us to stay connected on the move – carrying music and movies, conversations between loved ones, business transactions, e-commerce orders and payments, money flows, and more. 

However, this growth in connectivity and convenience for hundreds of millions around the world, is also facing the risk of being mired in a contestation for digital dominance – the ability to determine and shape the direction of development, and the evolution of norms and rules in the digital space.  Our digital interactions are also under threat from attackers – both sophisticated state actors, and highly capable criminal groups, who seek to disrupt and exploit these data flows and our digital systems. The tensions over these two challenges – digital dominance and cyber security – have come together in the development and deployment of emerging technologies such as 5G.

This can lead to a fracturing of the global digital space. When we view these two challenges as a national zero-sum game, where one side wins and another loses, the most likely outcome is that nobody wins. The greatest benefit offered by the new digital world is interconnectivity. The power comes from widening the network to bring on board more users, in a secure way. 

For us to realise the benefits of digitalisation, countries, businesses and the people sector need to work together to create a more secure and a more prosperous digital future.

We need to build more bridges and avenues of collaboration. Difficult as it is, we need more dialogue and cooperation among governments and the private sector to help us to find better solutions to build a shared future, deal with sophisticated cyber threats, and strengthen trust and confidence in the digital systems that we have come to depend on.

To cultivate and entrench this trust, we need to work together at three levels: with international partners; within our region; and with our domestic stakeholders.

International Cooperation

First, international cooperation. Singapore is firmly committed to a rules-based international order, and specifically to developing such an order for cyberspace.

We have been working with like-minded countries in the UN to achieve agreement on the norms and rules of cyberspace. This year, the UN has convened, for the sixth time, the United Nations Group of Governmental Experts (or UNGGE), and for the first time, the Open-Ended Working Group (or OEWG) to look into cybersecurity issues.

Singapore is honoured to be invited as a member of the UNGGE, which has representatives from 25 countries. We will also contribute actively to the OEWG, which will have discussions among all 193 UN member nations. The two groups will look at issues such as the rules and norms to operate in cyberspace, and how international law applies to cyberspace. Singapore looks forward to participating actively in both groups, and contributing to building networks of trust among all our countries.

The impact of cyber-attacks usually transcends boundaries – attacks are often delivered from sources or servers outside the territory of the system that has been attacked. While countries focus on protecting our own critical information systems, there are also information systems that all our countries depend on for cross-border and international transactions. These supra-national systems span many countries and jurisdictions. Some are established by agreements among participating governments or companies, while others may be private sector built and owned but used by many nations. They include the SWIFT network, which allows more than 11,000 financial institutions worldwide to securely send and receive 32 million financial messages a day. There are also interconnected systems providing safety and routing information for maritime and aviation traffic, and global air passenger reservation systems. One such system, Amadeus, processed more than 630 million passenger bookings and facilitated the travel of more than 1.6 billion passengers in 2017.

Countries clearly need to cooperate at the policy level to align the approach that they take to deal with cross-border cyber threats. Countries also need to collaborate at the operational level and work together on our collective responses. Rapid operational response is key to mitigating the impact of cyber-attacks.

Multilateral cybersecurity exercises, for example among key international financial centres, can help countries to strengthen coordination, and build mutual trust and confidence. In the Cybercrime area, Singapore is the host to INTERPOL’s Global Complex for Innovation, which has coordinated several large-scale, successful operations against international cybercrime syndicates. One such operation in 2017 targeted cybercrime across ASEAN, and resulted in the identification of almost 9,000 Command and Control servers and close to 300 compromised websites. This demonstrates that international cooperation to secure cyberspace and mitigate cybercrime is possible, and indeed critical, for our collective cybersecurity.

Regional Cooperation

Second, regional cooperation helps to build the momentum and lay the groundwork for wider international cooperation. For example, Singapore has been working with ASEAN to develop and implement cyber norms in line with the norms agreed at the 2015 UN Group of Governmental Experts. These regional efforts help to bridge the gap between principles discussed at international cyber platforms and its implementation within countries. This is important.

One example is the ASEAN Computer Emergency Response Team Incident Drill. Just last month, Singapore hosted the 14th edition of this annual exercise, to test incident response procedures and strengthen cybersecurity preparedness and cooperation among ASEAN Member States and Dialogue Partners. Singapore looks forward to conducting more of such cybersecurity exercises.

We have also been working with ASEAN to catalyse practical cooperation. For example, in 2016, we launched the ASEAN Cyber Capacity Programme to boost the region’s cyber capacity building efforts. As an extension of this Programme, we will launch the ASEAN-Singapore Cybersecurity Centre of Excellence later this week, in partnership with ASEAN Member States, our Dialogue Partners, and industry partners. The new Centre will offer expanded capacity building programmes conducted by training partners from different regions and sectors, which are tailored for participants from different disciplines and different levels of cyber proficiency.

Domestic Cooperation

Third, we need to strengthen cooperation with our own domestic stakeholders and within our own countries. Here in Singapore, we have already been the victim of cyber-attacks, and we must expect more attempts to penetrate our systems. Singapore has also seen a significant increase in cyber-crime cases. There were close to 16 percent more cyber-crime cases in 2018 compared to 2017, and cyber-crime now accounts for about one-fifth of overall crime in Singapore. We must address these threats so that we can provide assurance to the public as we press on with our Smart Nation initiatives.

Threats to Operational Technology (OT) systems that control our critical physical systems such as power, water and transportation networks, are among the most pressing cyber threats facing us today. In December 2015, Ukraine suffered a cyber-attack on its power grid, causing substations to be disconnected and forcing operators to switch to manual mode. The cyber-attack caused almost a quarter million people to lose power, in the middle of winter.

We take this threat seriously. Our Cyber Security Agency has co-developed an OT Cybersecurity Masterplan, in collaboration with our industry partners. This Masterplan will guide the development of capabilities to secure systems in the OT environment, and mitigate emerging OT cyber threats. The Masterplan outlines plans to train more OT cybersecurity professionals with advanced cybersecurity skills, and to establish an OT Cybersecurity Information Sharing and Analysis Centre with the Global Resilience Federation.  The Global Resilience Federation shares cyber threat intelligence. The Masterplan is a good example of strong Government-industry partnership to strengthen our national cybersecurity defences.

Another key emerging threat is attacks on Internet of Things (or IoT) devices. By 2025, the number of IoT devices is projected to reach 64 billion globally, or about eight IoT devices on average for every man, woman and child on this planet. This provides a greatly expanded attack surface through which to launch malicious cyber activities.

Our Cyber Security Agency has worked with the National Cyber Security Centre and the Ministry of Economic Affairs and Climate Policy of the Netherlands to study the existing IoT security landscape. Based on an analysis of the current technological and policy landscape, the Study identified 11 IoT security challenges in three clusters. These three clusters are: (1) principles, governance and legislation; (2) ecosystem development; and (3) technical references and standards, and the study made recommendations for action by countries and industry. For example, the Study proposes an evaluation regime for IoT devices, to provide consumers with greater transparency of the security of IoT devices already in the market. The IoT Security Landscape Study will be published tomorrow, at the IoT Security Roundtable, together with our Dutch counterparts.

We have also been strengthening the cybersecurity of our own Government systems and applications, and sharing and implementing the best practices of other governments and companies. Last year, we launched our Government Bug Bounty Programme to work with both local and international white-hat hackers to identify and address vulnerabilities in selected, Internet-facing Government systems.

We will take this one step further with the launch of the Vulnerability Disclosure Programme today. This initiative provides a channel for anyone – be it white-hat hackers, cybersecurity researchers, or members of the public – to report vulnerabilities they discover on any Internet-facing Government system or application. Through this programme, we hope to send the signal that we have a shared responsibility, together with cybersecurity defenders locally and internationally, to make our cyberspace safer and more resilient.

Conclusion

Digital technologies will continue to transform our economies, societies and daily life. All of us – governments, businesses and citizens – have a part to play to strengthen our collective cyber defence, and to build a secure, resilient and rules-based cyberspace.

Conferences like the SICW can play a useful role. I am heartened that the SICW has continued to grow, both in depth and reach. It provides us with a good platform to exchange best practices and strengthen our international networks and friendships.

Thank you for your strong support of the SICW. Let us work toward securing our common cyber future together!

TOP