United States Vice President Kamala Harris embarked on her official visit to Singapore with the intention of deepening bilateral cooperation between the United States and Singapore. A key outcome was the path forward for deepened collaboration in cyber security with three Memorandums of Understanding (MOUs) being signed between the two countries.
The first MOU signed by the Cyber Security Agency (CSA) looks to establish cooperation with regular exchange of information on cyber threats and coordination of response to cyber security incidents. The second - signed by MINDEF/SAF - will look to enhance information sharing and technical exchange while strengthening collaboration in capacity building efforts. The final MOU signed by the Monetary Authority of Singapore (MAS) covers cyber security regulations, guidance on incidents and threat intelligence in the financial sector.
To those in the cybersecurity domain, these collaboration initiatives come as no surprise. After the catastrophic oil pipeline ransomware attack in May, President Joe Biden issued an executive order making cyber security a critical priority at all levels of government with the Department of Homeland Security (DHS) at the top. Bold and significant investments were promised to strengthen defence against sophisticated and malicious cyber attacks at an expedited pace - with some measures needing to be executed within 45 days of the order’s issuance. Key measures revolved around public-private collaboration, modernising security standards to keep up with emerging threats and securing software supply chains in a digital-first world.
And these weren’t empty promises - just this week, Microsoft and Google committed USD 30 Billion over next 5 years to accelerate cybersecurity initiatives while IBM plans to train 150,000 individuals with cybersecurity skills over the next 3 years.
Cybersecurity ranks fairly high on Singapore’s agenda. The formation of CSA, the Personal Data Protection Act (PDPA) and initiatives like the Cyber-labelling Scheme (CLS) which provides a security-based star-rating to smart devices are in many ways ahead of the curve, especially in the region. Even MAS updated its Technology Risk Management guidelines earlier this year to address cyber-risks.
However, there is much to be desired when it comes to adoption and enforcement. Take for example the penalties meted out for breaches - the largest fine in Singapore was SGD 750,000 to Integrated Health Information Systems (IHiS) for the SingHealth attack in 2018. Contrast this with the United States issuing a USD 575 Million fine to Equifax when it lost credit-related data of about half the US population in 2017.
The accelerated pace of digitalisation in a post-pandemic world compounds the risk that this gap poses. The average cost of a data breach has grown to well over USD 4 Million in 2021, and is mostly borne by unwitting users who have little to no recourse. 3 years after the SingHealth attack and despite the largest ever fine, a ransomware attack led to 73,500 records being compromised at a private eye clinic in Singapore.
Cybersecurity is a complex problem for which there is no silver bullet. Initiatives and collaborations like recently signed MOUs are a great way to bring cybersecurity to the fore, but solving them needs more. If we were to learn from our counterparts in the United States, a combination of bringing the public-private sector together while enforcing strict regulations instead of mere guidelines are the immediate next steps we should take as a nation.