Interoperability and rule of law to underline government strategies in tackling cyber threats - SICW 2023
By Si Ying Thian
High-level panels at Singapore International Cyber Week (SICW) 2023 highlighted the need to build greater synergy across different systems and establish rules and norms to instill greater confidence among citizens of an inclusive digital transformation.
“Death of Multilateralism? – Future of International Cyber Discussions” panel represented by government officials from Singapore (moderator), Fiji, Poland, Saudi Arabia, and the US (panellists). Image: SICW 2023
“The ability for diverse technologies to communicate with one another is the basis for an inclusive digital domain,” said Heng Swee Keat, Singapore’s Deputy Prime Minister (DPM) and Coordinating Minister for Economic Policies, at SICW’s opening ceremony.
A key message from the event’s Opening Plenary was the importance of achieving interoperability across different systems and countries to drive adoption of digital services in the population.
The free flow of information and data is the lifeblood of the digital economy, Heng added, and that would be enabled by interoperability.
From convenience to crisis: Interoperable digital IDs
This was echoed by Anton Demokhin, Ukraine’s Deputy Foreign Minister and Chief Digital Transformation Officer with the Ministry of Foreign Affairs of Ukraine.
In his keynote presentation, he shared that the prospect of interoperable digital IDs could be explored on both intra- and inter-state levels. This means that a citizen’s digital documents would be considered legitimate and accepted by service providers, both within their own country and in other countries.
Ukraine’s work in strengthening intra- and inter-state interoperability in its digital ID systems proved its value during times of crises, as with the ongoing Russia-Ukraine war.
“As we build a digital state in Ukraine, we’re working to protect citizens’ data and creating tools to fight corruption and contract fraud.
“At the same time, we’re joining international initiatives and frameworks to make sure the digital documents are safer and more secure than their paper counterparts. In difficult situations such as physical war, a physical piece of paper could be much harder to protect than a digital copy,” Demokhin said.
The Ukranian government also rolled out its cyber diplomacy unit, as part of its international security department, just last week. The cyber diplomacy unit would focus on building laws, regulatory frameworks, and initiatives through intergovernmental partnerships.
“The main foreign policy pathway for Ukraine in cyber security is to deepen European integration processes by unifying approaches, methods and means of ensuring cyber security with established practices of our foreign partners.
“We want to be able to strengthen Ukraine’s cyber resilience, and develop the capabilities of our cyber security systems to protect our national interests in the cyberspace.”
Tools and rules go together
Beyond a consensus on what tools to use, interstate collaboration helps to establish shared rules and norms governing the use of technology, said Anne Neuberger, US Deputy Assistant to the President and Deputy National Security Advisor for Cyber and Emerging Technologies with the National Security Council, The White House, in a panel on multilateralism.
“In prescribing what are acceptable behaviors and what [are] not, we foster stability and predictability. This in turn reduces the risk of escalation and conflict.
“These rules and norms in the digital domain help build trust, and instill greater confidence that all countries, regardless of size or development, will not be disadvantaged in the digital domain,” Singapore’s DPM Heng explained.
Likening interoperability standards to “fundamental building blocks of digital technology,” these rules need to remain objective and technically sound, DPM Heng added.
Therefore, the work of multilateral organisations in setting international standards for technology, such as the International Organization for Standardization (ISO) and the International Telecommunication Union (ITU), is key in building a trusted, secure and inclusive digital infrastructure.
The relevance of multilateral organisations
The United Nations Group of Governmental Experts (UN GGE) established its first set of 11 international norms of responsible state behaviour in cyber space in 2015, and reaffirmed them in 2019.
These norms remain voluntary and non-binding, and ensure regulatory accountability is still within the purview of individual states.
However, Neuberger emphasised the need for multilateral organisations to enforce the norms. In 2022, the European Union (EU) called out Iran for violating international standards in the aftermath of cyber attacks against Albania, and Russia against Ukraine, respectively.
Keiichi Ichikawa, Japan’s Assistant Chief Cabinet Secretary and Deputy National Security Adviser with the Cabinet Secretariat, echoed the sentiment regarding the role of multilateral organisations, such as the UN, to upload the rule of law in cyber space.
As for individual states, they need to actively contribute to international discussions to build a fair, free and secure cyber space, he added.
Anne Marie Engtoft Meldgaard, Denmark’s Tech Ambassador with the Ministry of Foreign Affairs, concurred on the importance of individual state representation in global cyber security discussions.
“One might think obviously a small country like Denmark is not going to change the course of everything.
“But sending someone out to [these discussions] makes sure that we represent those values, interests and perspectives on some of the most important conversations around critical infrastructure, such as financial and labour markets, democracy, education and healthcare systems.
“This is about operationalising that goes beyond conversations among lobbies and regulators.”
Capacity-building in the age of convergence
“We must ensure that all countries build up this capacity and no one is deprived from harnessing the possibilities of digitalisation,” stated DPM Heng.
Ichikawa also highlighted the importance of capacity building in the ASEAN-Japan Cybersecurity Policy meetings, with the most recent meeting this month following up on programme implementations around raising awareness, building capacity, and collaborations between government, industry and academia.
In another panel exploring the relationship between governments and Big Tech, Dato’ Ts. Dr. Haji Amirudin Abdul Wahab FASc, CEO of CyberSecurity Malaysia, pointed to public-private partnerships at the heart of capacity building efforts.
For example, the government-led CyberSecurity Malaysia Collaboration Program (CCP) works with small- and medium-sized businesses (SMEs) and multinational companies (MNCs) alike to coordinate in areas spanning capacity-building, technical cooperation, and commercial opportunities.
“We want to make use of the technology and innovation for the benefit of society and at the same time, ensure that Big Tech and other companies are complying with the laws. Such programmes can help facilitate private sector’s involvement from policy to commercial business.”
Singapore’s Cyber Security Agency (CSA) also announced the launch of SG Cyber Associates, a targeted cyber training program for non-cyber professionals, to support SMEs in dealing with their cyber threats.
From developing regulatory frameworks, training programmes and down to initiatives that help raise awareness, the Opening Plenary concluded with the note that policymakers and industry players could find “pockets of opportunity” to collaborate in tackling cyber security.
Other sessions across the first day of the GovWare 2023 conference, the enterprise component of SICW, also explored the role of partnerships and factors leading to successful collaborations between private companies, the public sector, and academia.