Bilateral pacts and Singapore's role in helping countries create a secure cyber domain
Getting from voluntary norms to a codified system or law which defines what constitutes responsible behaviour in cyberspace will be a long journey.
With the coronavirus pandemic having given a major filip to the use of technology around the world, it is now even more imperative to protect vital networks from criminal gangs and state-backed hackers looking to steal valuable data and inflict massive damage.
Indeed, cybersecurity has been one of the most intractable problems that nations - as well as global bodies such as the United Nations - have had to grapple with over the past decade. For Singapore - which faces an unprecedented level of exposure to cyber threats - a safe and secure digital infrastructure is essential to fulfil the country's digital economy ambitions.
It bears repeating that cybercriminals can operate with impunity not because of any technological superiority. Cyber defence has become very robust especially in technologically-advanced nations such as Singapore. The problem lies in the fact that cybercrime is borderless and so even after the perpetrators of a criminal hacking incident are identified, they cannot be persecuted because it's often the case that they reside in countries that shelter them. This lack of visible deterrence is the biggest handicap faced by cybersecurity officials.
A global effort to frame a convention to deter cyberattacks has been underway for close to 20 years. Some progress has been made - for example the 2015 meeting of the UN Group of Governmental Experts (UNGGE) came up with 11 voluntary, non-binding norms of responsible state behaviour in cybersecurity that has been adopted by consensus at the UN General Assembly. However, that hardly solves the problem because getting from voluntary norms to a codified system or law which defines what constitutes responsible behaviour in cyberspace will be a long journey.
In the absence of a global agreement, what could work in the interim is more cooperation between like-minded countries. Asean has been at the forefront in developing regional consensus and capabilities in cybersecurity and this is starting to show results. At the 2018 Asean Ministerial Conference on Cybersecurity (AMCC), the grouping in principle adopted the 11 norms of the 2015 UNGGE. Last year, the group went a step further and established a committee to develop a long-term regional action plan on cybersecurity and capacity building. A regional approach to cyber capacity building holds great promise because it can take into account specific cultural, geographic and social aspects peculiar to a region. The Asean model is exciting because it can be duplicated by other regional groupings, for example the 55-member African Union.
At the recent Singapore International Cyber Week held in conjunction with the AMCC, the UN signed an agreement with Singapore to develop a checklist of steps that would assist countries in implementing the 11 norms. This will help countries with weak cybersecurity infrastructure raise their capabilities. According to the International Telecommunications Union, at least 87 countries - or almost half of UN Member States - need urgent help to protect their cyber networks.
The UN is looking at Singapore - deemed a global leader in cybersecurity - to lead efforts to help less advanced countries to develop better cyber defences. In the absence of a comprehensive global treaty, that's the next best way to combat the cyber menace that threatens the digital economy.
Source: Business Times © Singapore Press Holdings Ltd. Permission required for reproduction.