Multi-stakeholder approach needed to tackle cyberthreats
Being a hyper-connected society, our national security is also increasingly being redefined by threats in the cyberspace. Cyberattacks have evolved from a non-traditional security threat to a new domain of intense conflict, involving deception and sabotage.
With our vast and growing cyber-infrastructure, cybersecurity is an area where there is a pressing need for a multi-stakeholder approach in tackling the multi-faceted and fast-changing threat.
The larger dangers arising from cyberattacks are public fear, panic and the corrosion of public trust in the things we often take for granted as being secure and reliable, such as public utilities, cloud computing and electronic transactions.
The launch today of the inaugural Singapore International Cyber Week (SICW) by Prime Minister Lee Hsien Loong is therefore timely, as it brings together policy makers, thought leaders, professionals and innovators to discuss and explore opportunities to develop new capabilities, collaborations and coordination in cybersecurity.
The SICW’s theme, “Building a secure and resilient digital future through partnership”, is apt. Our collective digital future depends on robust local and international partnerships involving multiple stakeholders.
A NEW CYBER ENVIRONMENT
The Internet was first developed to supplement the analogue communications among American soldiers and scientists. Trust was a fundamental attribute in such a set-up: People communicated with one another, trusting others based on who they said they were, and that the information conveyed would be handled according to the existing legal and social norms.
Today, we are dependent on the Internet for the purposes of work, the economy, leisure, military operations and education. But the element of trust is under siege. Internet users today are vulnerable to various kinds of cyberattacks, from online personal surveillance, hacking, corporate and governmental espionage and hijacking of Web traffic to the remote manipulation of computer-controlled industrial, governmental and military processes.
In many instances, privacy, intellectual property, proprietary data and confidential information have been abused, misappropriated or used illicitly. In an unprecedented move to make the public service IT network more secure, the Singapore Government announced in June that public servants’ computers used to access email will be cut off from the Internet from May 2017.
Put simply, the integrity of the Internet as a reliable, safe and open infrastructure is now under greater threat, especially from terrorism. Numerous systems, including those that power the economy, public infrastructure and transport, depend on the Internet for their effectiveness and efficiency. Adapting to the changed environment is vital.
Singapore’s laws have been revised to provide the authorities with pre-emptive powers to deal with a threat when there is intelligence that a cyberattack is imminent and could cripple critical infrastructure such as public utilities, telecommunications, banking and transportation systems. One challenge is that the public tends to be blissfully unaware of the real and present danger.
At its core, cybersecurity is a security, economic and political challenge. Even as we focus on the pre-emptive strikes to deal with threats, we will have to enhance our overall security framework so that our response to a real and present danger is swift and proportionate.
In the wake of a cyberattack, our critical infrastructure and systemic response must be resilient, enabling our society to bounce back so that normalcy is restored without undue delay and unnecessary detriment. Rather than the security breach itself, much damage flows from an inadequate response to it.
Resilience goes beyond business continuity plans. Can we, as a society, also cope with a sophisticated cyberattack and not be paralysed in getting on with our lives in a degraded communications environment?
Matters are compounded when there is invariably a sense of futility and despair over the size and complexity of the threat. This, in turn, reduces the incentive for the various stakeholders to invest and to cooperate in mutually beneficial ways.
But in an increasingly digitised and inter-connected world, no man is an island. In 2014, McKinsey consultants estimated that cloud computing could create US$3.72 trillion (S$5.11 trillion) in value by 2020.
But it cautioned that “in an environment of stepped-up cyberattacks, public clouds would be underutilised, given increased fear of vulnerabilities and higher costs from compliance with stricter policies on third-party access to data and systems. Such problems would delay the adoption of many systems and reduce the potential value from cloud computing by as much as US$1.4 trillion”. Where trust is lacking, the effects are deep and wide.
Thus, the imperative to align the apparent competing interests and develop a coherent and integrated response is urgent. This can be challenging since cyberspace suffers from a “tragedy of the commons” phenomenon in which stakeholders assume that a third party — usually the government in our context — is keeping our cyberspace safe, will respond to cyberattacks, monitor risks and plan for contingencies.
Developing defensive cybercapabilities cannot be the sole preserve of governments. The transnational nature of cyberthreats, often involving state actors, also means that international collaboration and the sharing of intelligence among trusted partners will grow in importance.
Given that our cybersecurity is only as strong as our weakest link, Singapore’s National Cyber Security Centre will have to continually ramp up public education and outreach on the role that every individual and organisation plays in enhancing our cyber-security. The SICW is an important platform in this regard.
With cyberattacks growing each day, we must not allow the Internet, so vital to our way and quality of life, to be the Trojan Horse as we strive towards being a Smart Nation.
ABOUT THE AUTHOR:
Eugene K B Tan is associate professor of law at the Singapore Management University