SM Teo Chee Hean at the SICW 2024 Opening Ceremony

“Strengthening Digital Trust Now and for the Future”

United Nations Under-Secretary-General and High Representative for Disarmament Affairs Madam Izumi Nakamitsu, welcome back to Singapore,
My Parliamentary Colleague Minister Josephine Teo,
Your Excellencies,
Distinguished Delegates,
Ladies and Gentlemen,

Introduction

Welcome to the Singapore International Cyber Week (SICW) 2024. Thank you for taking the time to come to Singapore and to be here with us, to share your views and your thoughts.

Last year, I spoke about how trust in the digital domain is under considerable pressure. Unfortunately, this remains so, perhaps even more so.

The frequency and severity of cyberattacks and cybercrime continue to rise. Globally, ransomware figures have hit a record high, with ransomware payments exceeding US$1B in 2023¹. In a study conducted by the Global Anti-Scam Alliance in 2023, slightly over one quarter of the people surveyed worldwide had lost money to scams or identity theft over a 12-month period².

Concern over the reliability and authenticity of information in the digital domain remains high. A global study commissioned by UNESCO on online disinformation found that 85% of individuals surveyed were worried about the impact of disinformation in their countries. 87% believed it had already harmed their country’s politics³. This is especially troubling in a year where half the world’s population is holding or has held elections.

We have also seen how failures in digital systems can cause widespread disruption. A faulty update by global cybersecurity firm CrowdStrike earlier this year caused the operations of airports, banks, hospitals, and many other essential services to grind to a temporary halt.

The digital world has much to offer in terms of societal progress, economic renewal, and innovation. But we will be able to reap these benefits only if digital technology is fundamentally trusted by people. What these examples show is that we have much work to do to strengthen the trust that the average person has when using digital products and services.

Whether people have this trust boils down to a few key requirements. And I think these are questions which you ask yourselves too whenever you receive a call or a message on your mobile device. You want confidence that:

a. Your data is secure, and will not be lost or corrupted;
b. What you see and hear online is reliable, not fake or surreptitiously altered;
c. When you transact online, you are not going to be cheated or scammed; and
d. The digital services you use are resilient, and will not break down when you need them.

This morning, I would like to offer three strategies to strengthen trust in the digital domain:

a. Promoting international and multi-stakeholder cooperation;
b. Going beyond cybersecurity to digital resilience; and
c. Getting the foundations right for emerging technologies.

Promoting International and Multi-Stakeholder Cooperation

First, promoting international and multi-stakeholder cooperation.

Cyberspace is borderless. It was designed that way. It was meant to be borderless, to transcend national borders. Its utility and power comes from being borderless. This means that international cooperation will be essential for us to resolve many of the common issues that we face in the digital domain. While some degree of competition between states is inevitable, we must not allow this to crowd out cooperation. This is why we continue to organise SICW year after year, to promote cooperation by bringing people together in the same room. So that we can at least understand each other, even if we do not agree with each other.

There are many areas where an inclusive approach can and has had a positive impact.

The UN Open-Ended Working Group (OEWG) on ICT Security, which Singapore chairs, has been helping to develop and implement the rules and norms for responsible State behaviour. Such rules and norms are crucial for a rules-based multilateral order in cyberspace.

There are also plurilateral efforts to tackle global cybersecurity challenges. One example is the Counter Ransomware Initiative (CRI), which has 68 member countries, including Singapore. It aligns and harmonises international practices to more effectively counter ransomware.

The establishment of common cybersecurity standards is another area ripe for cooperation. Later this week, Singapore will sign two Mutual Recognition Arrangements with Korea and Germany on cybersecurity labelling. This will help reduce compliance costs, facilitate market access, and enhance interoperability, for the benefit of consumers and manufacturers globally. We welcome more partners to collaborate with us, and each other on this.

We should remain open to diverse perspectives and seek to establish common ground. An exclusionary mindset is the surest way to deepen fault lines and put us on the path to a divided digital world.

Going Beyond Cybersecurity to Digital Resilience

Second, we must move beyond cybersecurity, to build digital resilience at a more holistic and fundamental level.

Digital systems initially began as assistive tools to improve delivery of services. Without these systems, service delivery would have been slower, less efficient, but nevertheless, delivery could still carry on. That was the original design for many of these computerised systems.

Over time, digital systems have expanded in capability and reach, becoming core to our ability to deliver services. They often become the primary means of delivering these services, no longer in the backroom, often on the frontline, interfacing directly with the customer or client. When these systems fail, services stop, because it is no longer possible to provide these services without the digital system.

Many organisations would have crossed this threshold from digital systems being assistive to being core, without realising. This makes us vulnerable to failures, whether they are because we have configured the system wrongly, or because parts of the system are vulnerable to cyberattacks, like DDoS attacks and so on.

Just as we cooperate to make cyberspace more secure, we now need to think about how we can design resilience into our digital ecosystem from its foundation. We can no longer afford to approach cyber resilience as an additional layer at the end. The other thing to also consider is the knock-on effects. What is the impact on the different systems that we have? And what impact can these other systems have on our digital systems? Power supply for example, what can it do to our digital systems. And when digital systems fail, what can it do to airlines, airports and the health system. So, the interaction and inter-system effects need to be considered as well. These require very complex studies.

The recent joint statement endorsed at the UN by countries such as Australia, Canada, the EU, the UK, and the US on shared principles to ensure the security, reliability and resilience of undersea cables is an important step in the right direction. Singapore has endorsed the joint statement and is committed to doing our part to build a more resilient digital ecosystem globally.

Countries can also work together with industry to establish common resilience standards and requirements. Singapore is exploring legislation to enhance the resilience of our digital infrastructure. This will go beyond cybersecurity risks to address a broader set of resilience risks, from misconfigurations in technical infrastructure, to physical hazards such as fires. Earlier this year, the Cyber Security Agency of Singapore launched the Safe App Standard, which sets out security best practices for industry to incorporate in app design. An updated version of the Standard, which covers a larger set of controls, will be released today.

Achieving digital resilience will not be easy. Systems will have to be redesigned or overhauled. Digital infrastructure often cuts across multiple jurisdictions, adding further complexity. But the potential risks are too great to ignore. Just consider the cross-cutting impact of systems such as our global reservation systems or our global payment systems, and how we need to defend them very carefully.

Getting the Foundations Right for Emerging Technologies

Third, to build trust in the future of the digital domain, we must lay the foundations to manage risks arising from emerging technologies.

When the Internet first emerged, there was a belief, hope, that the ready access to information would lead to a flowering of ideas and the flourishing of debate, and that the best ideas would float to the top and be recognised and implemented by everyone. But the internet is now no longer seen as an unmitigated good. There is now widespread recognition that it has become a source of disinformation, division, and danger, that can, and is being exploited. Countries now recognise the need to go beyond protecting digital systems, to also protecting their own societies from the misuse of digital systems. Many have belatedly introduced laws and regulations to try to do so. But the damage is already being done, and they are simply playing catch up.

We should not repeat these mistakes with new technologies that are now emerging.

We are already familiar with the risks AI can pose: From allowing malicious actors to spread disinformation to facilitating cybercrime.

Another emerging technology is quantum computing. While still nascent today, quantum computing is expected to break many classical encryption algorithms in use today, jeopardising the security of the world’s communications and data. This will be game-changing for cybersecurity.

We have an opportunity to prepare for such risks before these technologies fully mature and are extensively deployed.

Singapore is contributing to discussions on the security of AI. The Cyber Security Agency of Singapore has developed a set of Guidelines and Companion Guide on Securing AI Systems that will be launched today. It draws on contributions from industry and government, both local and international, to guide companies and organisations on how they can deploy AI in a safe and secure manner.

In the area of quantum technology, we are developing quantum-safe network infrastructure. Southeast Asia’s first nationwide quantum-safe network was launched in Singapore this year. This builds on more than a decade of cutting-edge quantum research by our national Centre for Quantum Technologies. Singapore is also supporting international standardisation efforts to realise an interoperable, quantum-secure global communication network.

Conclusion

Earlier this month, Singapore launched a new phase in our journey to be a Smart Nation – we call it Smart Nation 2.0. The first stage – Smart Nation 1.0 – focused on establishing the building blocks for a digital economy and society, key of which were: digital ID, a digital payment backbone, and digital public services. In this next stage of our national digital journey, strengthening trust is one of our key goals. We aim to provide citizens and businesses with the assurance that the digital world, in which so much of their lives and activities now take place, is safe, secure, and reliable.

Every society has its own context, culture, and challenges. But the need to build trust in the digital domain is universal. Without trust, we will not be able to reap the dividends from digitalisation. Even what we have achieved today may be reversed. How many of you become suspicious when you receive a call on your phone, and do not pick up? In a way, we are regressing. And instead of realising the promise and potential of a digital world, we will instead get disinformation and deception, leading us to division and danger. Conversely, if we get this right, and provide the assurance and trust our users need, then we can proceed with confidence to harness new and emerging digital technologies to improve lives and livelihoods around the world.

I hope that this week will help us recognise our shared interests in cyberspace, and find common cause to build and maintain trust in the digital domain.

Thank you and I trust that all of you will have fruitful discussions over the next few days. Thank you very much.

¹Chainalysis (2024). Ransomware Payments Exceed $1 Billion in 2023, Hitting Record High After 2022 Decline.
² Global Anti-Scam Alliance, ScamAdviser (2023). The Global State of Scams 2023 Report. The study surveyed 49,459 individuals from 43 countries.
³ UNESCO, Survey on the Impact of Online Disinformation and Hate Speech, Sep 2023.