“If you see your neighbour’s house burning, do not point and laugh, because yours will be next”. These words of warning, shared by a foreign diplomat, summarise the importance of collaboration in the cyber sphere, said Gaurav Keerthi, Deputy Chief Executive (Development), Cyber Security Agency, Singapore.
Teamwork makes the dream work, and that’s no exception for protecting against cyber threats. Having channels of communication between nations allows them to tackle cross-border cyber attacks together, Keerthi shared at GovInsider’s AI x GOV panel on cyber diplomacy.
He discussed how Singapore is working with the international community to fortify cyber defences. Keerthi also shared how governments can build cyber capabilities even among non-IT skilled citizens by providing greater convenience and incentives.
International cyber cooperation
Why should governments work with one another on cybersecurity issues? A cyber threat, like a fire, will spread, shared Keerthi. If there’s a cybersecurity incident in another nation in Southeast Asia, “we have to lean forward and help each other”, he said.
When vulnerabilities emerge, it is now instinctive for Southeast Asian nations to pick up the phone and ask “are you seeing this too?”, Keerthi shared. Nations are building both regional and global agreements on cybersecurity, GovInsider reported.
On a worldwide level, Singapore chairs an Open Ended Working Group, an international team within the UN, to look at the use of information and communications. The hope is that this group will help implement international norms on responsible cyber behaviour.
For example, representatives from Singapore suggested nations practice for emergency situations. This includes making sure different countries know who to call when they require assistance or have valuable information, Keerthi explained.
Another example of collaboration is Singapore’s cyber labelling scheme, where IoT devices are given a sticker to rate them according to their level of cybersecurity protections. Finland and Singapore have agreed to recognise labels from each other, Keerthi shared.
This means that IoT manufacturers can apply for a labelling rating and have their product’s cybersecurity protections recognised in both countries, wrote Singapore’s Cyber Security Agency.
Cybersecurity and the average person
Keerthi discussed how citizens and public servants without significant IT training could play their part in cybersecurity. First, he shared that “you should not need to be a computer science student to operate a computer”.
When he first learned to drive, Keerthi had to learn the parts of a car engine, such as the carburetor. But today, drivers just need to know where the start button is, he said. This can be applied to cybersecurity, explaining that technology can make it easier for non-experts.
One example of how governments can develop cyber safety among citizens is through a mobile app where citizens can use biometrics to access government e-services, Keerthi shared.
Rather than having to remind citizens about two factor authentication and strong passwords, “it’s actually cheaper and more effective to just build an authentication platform for them”, Keerthi highlighted.
Defending Singapore includes small businesses and citizens – Singapore’s “uncles and aunties”, he shared. The government has a duty to provide “clean drinking water” in the form of reliable and clean internet access to its citizens, he highlighted.
Second, regulations can help ensure cyber safety, comparing cyber security tools with cars. Cars in the past were less safe than they are today, but then regulations required automobiles to be built with seatbelts.
Now automobile manufacturers have moved beyond seatbelts, and are developing new safety measures on their own, Keerthi continues. Cybersecurity tools have not yet reached this level of advancement, but the role of these regulations is something to keep in mind, he shared.
Third, he shared that market forces are a method of developing cybersecurity protections, without IT knowledge. The cyber labelling scheme mentioned previously is an example of this.
The “simple sticker” on IoT devices “immediately changes behaviour” among consumers as they can easily evaluate a product’s security, Keerthi said. But it also alters the behaviour of manufacturers as they will compete with each other to provide this improved security, he explained.
This is not a technology solution, but “understanding human behaviour, understanding dynamics of market competition, and trying to incentivise market competition in security”, he summarised.
To stop a spreading fire, people form a human chain to ferry water to the flames. Governments can similarly work together to stop cyber attacks, setting out cyber norms and instinctively sharing information with one another, to protect their citizens.