Speech by Minister Josephine Teo at the Singapore International Cyber Week Summit 2024

BUILDING A TRUSTED CYBERSPACE TOGETHER

Fellow Ministers, distinguished guests

Colleagues and friends

Introduction

1. Let me first extend a warm welcome to all participants of the Singapore International Cyber Week (SICW) 2024. Thank you for making time to be here, especially our overseas guests. Your presence here speaks volumes about the shared importance we place on addressing cybersecurity challenges.

2. We hope this event serves as a platform for the robust exchange of perspectives and ideas on how to tackle the critical issues we all face in securing our cyberspace. The theme for this year’s SICW is “Building Trust and Security in the Digital Era”. It is particularly timely for me to speak about the topic. Two weeks ago, our Prime Minister Lawrence Wong launched our refreshed Smart Nation Strategy. Among other goals, he reaffirmed the importance of upholding trust in the digital age.

3. Indeed, our citizens and enterprises must feel confident in the digital infrastructure that they depend on in their daily lives. Our investors must be able to trust that their operations and assets are secure in our digital economy. Only by having a trusted Smart Nation can we maintain public confidence in a shared digital future and continue to be an attractive place to live and do business.

4. However, as we all know, building and maintaining trust is an ongoing challenge. Bad actors of today are constantly innovating, developing new methods to exploit vulnerabilities. Cyber issues have become more complicated. We face increasing risks such as concentration risks involving third-party vendors, cyber-espionage incidents, and ransomware attacks – all of which occupy our collective attention.

5. In response, Singapore has taken the proactive approach of enhancing our regulatory levers to improve the security and resilience of our digital infrastructure.

a. Earlier this year, we updated the Cybersecurity Act to strengthen the safeguards for our Critical Information Infrastructure (CII). We expanded its regulatory ambit beyond essential services to include foundational digital infrastructure – the “building blocks” of the digital world. Things like data centres and cloud services, that power our digital economy and the products and services that we use daily.

b. We are also looking to introduce a new Digital Infrastructure Act to complement existing regulations and address a broader set of resilience and security risks faced by digital infrastructure and service providers. These range from technical misconfigurations to physical hazards such as fires, and we must find ways to mitigate the likelihood and impact of systemic disruptions.

6. But no nation can tackle these challenges in silos. Cyber threats are borderless. Thus, international cooperation is essential in our efforts to build a trusted cyberspace.

7. Cyber diplomacy is essential, especially during such fraught times. And it cannot be limited to our friends and countries who think like us. It is all the more important to include countries who have different world views and who do not think like us. If we avoid difficult conversations, we will most certainly not be able to avoid difficult consequences.

8. This explains why Singapore actively collaborates with other countries on various digital trust and security issues, from cybercrime to cybersecurity threats. We will do our part to contribute to a multilateral, rules-based cyberspace we can trust, and our citizens can benefit from.

9. Singapore currently chairs the Five-Year UN Open-Ended Working Group on Security of and in the use of ICTs (UN OEWG 2021 to 2025).

a. This serves as the only UN platform where all States, which includes many of us here today, can come together to cooperate against existing and emerging cyber threats, and support efforts to advance an open, secure, and interoperable cyberspace.

b. Notwithstanding the geopolitical tensions and differences, I am pleased that the OEWG had successfully adopted the third annual progress report by consensus at the Eighth Substantive Session in July this year.

c. It highlights our collective commitment to advance multilateralism in the cyberspace undergirded by rules, norms and principles of responsible State behaviour.

10. In addition, Singapore is a member of the Counter-Ransomware Initiative (CRI), a group that brings together 68 States and international organisations to cooperate in countering the threat posed by ransomware criminals.

a. Several of our CRI partners such as Australia, Canada, Germany, Philippines, the UK, Vietnam and INTERPOL, are here today.

b. As the co-chair of the Policy Pillar with the UK, Singapore is working with members on policy measures to enhance the resilience of CRI members and disrupt the ransomware business model.

c. Of note, at the 4th CRI Summit earlier this month, members, alongside a group of cybersecurity insurers, jointly issued a “Guidance for Organisations During Ransomware Incidents”, to help victim organisations to consider the various steps to take and make informed decisions when facing a ransomware incident.

11. Regionally, we have made progress to operationalise the ASEAN Regional CERT. This initiative serves to enhance the timely sharing of information as well as regional coordination, to address cybersecurity threats and incidents.

a. In February 2024, at the ASEAN Digital Ministers Meeting which I chaired in Singapore, ASEAN Member States agreed on the financial model for the ASEAN Regional CERT.

b. We are heartened by the trust placed in us by our fellow ASEAN Member States, for Singapore to fund and host the physical facility of the ASEAN Regional CERT for up to 10 years.

c. We will be sharing more about the next steps for this important initiative under the leadership of Malaysia, as our first rotating overall coordinator with all partners.

12. Beyond governments, we are exploring ways to expand partnerships with industry players to improve digital security outcomes.

a. At last year’s SICW, we announced the signing of a Memorandum of Understanding between the Cyber Security Agency of Singapore (CSA) and Google, and this partnership has borne fruit.

b. In February 2024, CSA and Google rolled out a new, co-developed Enhanced Fraud Protection feature to protect Android users registered in Singapore from apps that are likely to be malicious.

c. This feature is the first-of-its kind and has had promising results in protecting our citizens. It has also generated much international interest, with Thailand and Brazil exploring similar collaborations.

Conclusion

13. We welcome further cooperation with likeminded partners, as we continue to navigate an increasingly complex cyberspace.

14. There is always more to be done to collectively strengthen trust and security in our cyberspace. I believe that SICW is a platform for us to start, or continue, conversations on how we can better share knowledge, and collaborate to create a global cyberspace that we can all trust.

15. This evening, we look forward to hearing from my good friend Malaysian Minister of Digital YB Gobind Singh Deo, who will share more about Malaysia’s perspectives on how to build Trust and Security in the Digital Era. I have no doubt that he will provide many useful insights.

16. Thank you and I wish you all a productive and engaging week in Singapore.