21 August 2015
Cybersecurity: Emerging Issues, Trends, Technologies & Threats in 2015 and Beyond
EXECUTIVE SUMMARY
Welcome Remarks
Shashi Jayakumar emphasised the timely nature of the workshop’s theme, “Cybersecurity: Emerging Issues, Trends, Technologies & Threats in 2015 and Beyond”. He opined that technology is dynamic and constantly changing with newer threats and challenges consequently emerging. He highlighted that the general societal psyche and government policies on cybercrime have not kept up with developments in the cybersecurity domain. Jayakumar then highlighted CENS’ role in bridging this gap through the workshop, as a think tank with applied focus through a higher degree of critical thinking. In this regard, he emphasised the important role that the CENS’ Homeland Defence Programme continues to play in identifying gaps in cybersecurity discussions. Jayakumar thanked the speakers and participants for agreeing to participate and share their expertise, and encouraged discussions to continue beyond the workshop. Opening Address Ambassador Ong Keng Yong cited three recent developments where Singapore has been addressing cybersecurity issues. First, the benefits that Singapore’s five-year National Cybersecurity Masterplan could bring in strengthening national resilience against cyber threats and protecting the country’s critical infrastructure. Second, the formal launch of the Cyber Security Agency in overseeing the holistic development of Singapore’s cybersecurity domains. Third, the opening of the INTERPOL Global Complex for Innovation, set to be an international leader in the fight against cyber-related crime, and in further defining cybercrime in international legislation. However, Ong acknowledged that these institutional structures are insufficient in today’s rapidly changing technology-dependent environment. Therefore, he encouraged the speakers and participants to maximise their participation in the workshop by engaging in deeper discussions amongst academics and practitioners, and learning various best practices from an international network of specialists.
Keynote Address 1
Cyber Foreign Policy: Threats and Opportunities
Christopher Painter began his address by stressing how the U.S. State Department is increasingly looking at cyber matters from a policy perspective and not just as a technical issue. For instance, each U.S. diplomatic mission now has “cyber representatives”. Painter then laid out Washington’s view of cyber issues in East Asia and the Pacific. China, he observed, appeared more aggressive in promoting its government-centric vision of cyberspace, which emphasises “sovereignty over technology and information”. Another issue of concern to the United States is the increasing use of illicit cyber tools for corporate espionage and commercial gain. Nonetheless, Painter remarked that there is optimism among American policymakers. He outlined the existence of cooperative initiatives that Washington is pursuing with Asia Pacific states such as Australia, Japan, South Korea, and Singapore. Transparency, he pointed out, is the key in stabilising the international community, in the face of expanding state-level offensive cyber capabilities. Painter concluded that any overarching framework for international security should allow for a shared response to common threats.
Panel 1
Cyber and International Security: Opportunities and Challenges for Further Cooperation
The first panel focused on the opportunities and challenges in fostering cooperation in cyber and international security. The first speaker, Wouter Jurgens, expanded on how cyberspace is a matter of strategic importance – this is an international issue affecting everyone; all stakeholders should be involved in negotiations; and more attention should be paid to cyber matters. The second speaker, Yono Reksoprodjo, observed that ASEAN is an entity based on confidence building measures, and the norms within the ASEAN community are respected. Reksoprodjo stressed the need to avoid the creation of a security paradox in cyberspace, and the importance of finding international and regional solutions for cyber in relation to issues like terrorism and separatism. The third speaker, Tobias Feakin, noted that states are under huge pressure to react to cyber incidents, but warned that experiences in dealing with cyber incidents have been ad hoc in nature. Feakin noted that some level of preparation by states was necessary to determine the appropriate level of response to an incident.
Panel 2
Squaring National Security and Data Privacy Matters
Simon Chesterman’s presentation considered the inherent tension between rights of citizens and the security concerns of governments. He argued that the purported trade-off fails to capture the complexity surrounding cyber issues. Chesterman opined that future limits to state power would likely come from private corporations that handle citizens’ data, rather than legislation or government. Geronimo Sy began his presentation by presenting a legal framework that highlighted the nuances between cybersecurity and cybercrime in the Philippines. Sy stressed how cybercrime falls within the bounds of criminal law, and is not a completely novel challenge. He subsequently listed recent legislative initiatives, which include proposals to create 20 to 30 specialised “e-courts” to hear cyber-related cases. Bryan Tan presented Singapore’s experience and perspective on cyber issues, shaped by the realisation that national security is no longer limited to the physical realm. Singapore’s critical information infrastructure has nonetheless continued to adapt against evolving threats and plays an indispensable role in driving progress in the city-
state. He argued that creativity is as important as safety.
Panel 3
Digital Economy
During this panel, Jan Neutze examined how public-private partnerships are essential to cybersecurity and provided insights on key trends amid an evolving landscape. Information sharing between the public and private sectors could ensure the development of overarching strategy for information sharing on actionable threats; clear government policies for handling vulnerabilities; as well as encourage the global sharing of best practices. Michael Mylrea elaborated that “smart cities” bring technology, government, and society together to enable: (a) a smart economy; (b) a smart environment; (c) smart living; (d) smart mobility; and (e) smart people. Smart cities are facing new threats such as the digitisation of critical infrastructure that could expose vulnerabilities, with software glitches that could result in massive amounts of data being open to hacking. Daniel Castro discussed the correlations between the economy and cybersecurity. He provided four observations: (a) recognise the economic consequences; (b) the need to reorient government strategies in cybersecurity; (c) develop new ways to restore trust between countries; and (d) the trend of populism in shaping technological policy debates.
Keynote Address 2
Cybersecurity Trends and Issues from a Singapore Perspective
John Yong explored the trends and opportunities associated with the building of a smart nation in Singapore. He explained the reasons for this development, including a dense, aging and technology-driven population. The success of this revolution relied on the commoditisation of hardware and the translation of big data into applications that citizens will find useful. Focusing his remarks on the centrality of digitisation, John Yong explained that ensuring a higher quality of life is a key objective. However, this is impossible to achieve without the implementation of an effective security system. Cyber vulnerabilities and malicious activities, such as defacement and hijacking of critical infrastructure, are examples of the sophisticated and evolving cybersecurity threat landscape. As a response, John Yong emphasised the importance of a multi-pronged counter-strategy. He concluded by presenting some of the key initiatives taken by Singapore in this domain, while stressing the need for a pervasive and adaptive cybersecurity architecture.
Panel 4
Cyber in Practice – Key Developments
Christophe Durand focused on the theme of convergence. He discussed efforts undertaken by INTERPOL to bridge approaches in combating cybercrimes and ensuring cybersecurity. While law enforcement agencies are concerned with detecting, attributing and disrupting cybercrime networks, the private sector places importance on implementing protective and business continuity measures. Finding means to harmonise these approaches represents an important step in tackling cybercrimes. The next speaker, Wolfgang Roehrig, provided an in-depth analysis of the strategic approaches adopted by the European Union in developing cyber defence capabilities. Providing an overview of the implementation of the EU Cyber Defence Policy Framework, Roehrig cited a number of areas where improvements in cooperation are needed, including the need to enhance the integration of cyber defence capabilities in strategic areas. With regard to the theme of cooperation, the third speaker, Eugene Teo, highlighted the role of public-private partnerships in managing cyber attacks. The creation of a more dynamic information-sharing environment, where time-sensitive information is disseminated quickly to relevant parties across the public and private sectors, is a way to enhance this effort.
Discussion
The Global Implications of the U.S. – China Cyber Relationship
Zhu Qichao outlined the historical context and major challenges in China-U.S. cybersecurity cooperation. With the rapid development of China’s national power and the corresponding expansion of its national interests in cyberspace, cybersecurity has become an important issue with great implications for the U.S.-China relationship. Zhu observed that there is currently limited communication and cooperation on cyber-related issues that would help ease tensions and facilitate strategic mutual trust between the two powers. Jason Healey’s presentation outlined the U.S. position on international cybersecurity, including the similarities and differences with China’s position. He then discussed international cyber norms, the application of international law to state behaviour in cyberspace, and the development of confidence building measures. Specific flashpoints in the U.S.-China relationship relating to cyber were also discussed. Finally, the dialogue highlighted the global impact of the U.S.-China cyber relationship.
Panel 5
Emerging Technology Trends and Threats
This panel focused on the legal implications of cyber warfare, India’s cybersecurity landscape and the principles of deterrence and arms control in cyberspace. William Boothby discussed the nexus between the cyber domain and lethal autonomous systems. He explored the key notions of automation and autonomy as well as legal principles associated with cyber warfare. Rahul Sharma provided a description of the Indian cybersecurity ecosystem. He underlined the challenges associated with three major strategic issues: (a) national security; (b) Internet governance; and (c) privacy. Sean Kanuck provided conceptual clarifications on the notion of the cyber environment and frameworks for deterrence, disarmament, and arms control. Mapping the context of limitations on cyber activities, he offered his interpretation of cybersecurity architecture, which he based on the four principles of transparency, universality, enforceability and stability.
Closing Address
Technology, Threats and Trust in an Interconnected World
In the closing address, Robert Butler discussed several noteworthy themes highlighted during the workshop. In particular, he focused on the potential of technology, threats and trust to enable cybersecurity stakeholders to create a future with a strong foundation. For technology, he explained that the Internet of Things has demonstrated how far humans have come, as well as foreshadows where they are heading in terms of the ability to communicate. Regarding threats, the security vulnerability of devices, threat actors, and the importance of resilient structures in facing risks and danger, are significant. In terms of trust, he stressed the need for collaboration and partnerships in building a framework composed of elements that all stakeholders can espouse and achieve together.
Moderated Discussion on Key Takeaways
Sean Kanuck underlined the relevance of conferences and dialogues on cybersecurity (like the CENS workshop), in addressing current system developments, potential risks and inevitable threats as well as challenges. For instance, Kanuck noted the rise of high-level policy attention for cyber foreign relations, the cyber international security dilemma, confidence building measures, and lessons learned from prominent cybersecurity incidents. Drawing from the presentations on data privacy, he asked important questions on the critical relationship between citizens, the government, freedom of speech, and sovereignty. Kanuck then discussed the importance of transparency, intelligence analysis and international cooperation, not only between governments, but also with private corporations. He pointed out that the workshop discussion on the U.S.-China cyber relationship is a confidence building measure in itself as it helps identify collective norms. He also argued that threats related to the Internet of Things and Smart Nation are expected to have major implications in the future.
EXECUTIVE SUMMARY
Welcome Remarks
Shashi Jayakumar emphasised the timely nature of the workshop’s theme, “Cybersecurity: Emerging Issues, Trends, Technologies & Threats in 2015 and Beyond”. He opined that technology is dynamic and constantly changing with newer threats and challenges consequently emerging. He highlighted that the general societal psyche and government policies on cybercrime have not kept up with developments in the cybersecurity domain. Jayakumar then highlighted CENS’ role in bridging this gap through the workshop, as a think tank with applied focus through a higher degree of critical thinking. In this regard, he emphasised the important role that the CENS’ Homeland Defence Programme continues to play in identifying gaps in cybersecurity discussions. Jayakumar thanked the speakers and participants for agreeing to participate and share their expertise, and encouraged discussions to continue beyond the workshop. Opening Address Ambassador Ong Keng Yong cited three recent developments where Singapore has been addressing cybersecurity issues. First, the benefits that Singapore’s five-year National Cybersecurity Masterplan could bring in strengthening national resilience against cyber threats and protecting the country’s critical infrastructure. Second, the formal launch of the Cyber Security Agency in overseeing the holistic development of Singapore’s cybersecurity domains. Third, the opening of the INTERPOL Global Complex for Innovation, set to be an international leader in the fight against cyber-related crime, and in further defining cybercrime in international legislation. However, Ong acknowledged that these institutional structures are insufficient in today’s rapidly changing technology-dependent environment. Therefore, he encouraged the speakers and participants to maximise their participation in the workshop by engaging in deeper discussions amongst academics and practitioners, and learning various best practices from an international network of specialists.
Keynote Address 1
Cyber Foreign Policy: Threats and Opportunities
Christopher Painter began his address by stressing how the U.S. State Department is increasingly looking at cyber matters from a policy perspective and not just as a technical issue. For instance, each U.S. diplomatic mission now has “cyber representatives”. Painter then laid out Washington’s view of cyber issues in East Asia and the Pacific. China, he observed, appeared more aggressive in promoting its government-centric vision of cyberspace, which emphasises “sovereignty over technology and information”. Another issue of concern to the United States is the increasing use of illicit cyber tools for corporate espionage and commercial gain. Nonetheless, Painter remarked that there is optimism among American policymakers. He outlined the existence of cooperative initiatives that Washington is pursuing with Asia Pacific states such as Australia, Japan, South Korea, and Singapore. Transparency, he pointed out, is the key in stabilising the international community, in the face of expanding state-level offensive cyber capabilities. Painter concluded that any overarching framework for international security should allow for a shared response to common threats.
Panel 1
Cyber and International Security: Opportunities and Challenges for Further Cooperation
The first panel focused on the opportunities and challenges in fostering cooperation in cyber and international security. The first speaker, Wouter Jurgens, expanded on how cyberspace is a matter of strategic importance – this is an international issue affecting everyone; all stakeholders should be involved in negotiations; and more attention should be paid to cyber matters. The second speaker, Yono Reksoprodjo, observed that ASEAN is an entity based on confidence building measures, and the norms within the ASEAN community are respected. Reksoprodjo stressed the need to avoid the creation of a security paradox in cyberspace, and the importance of finding international and regional solutions for cyber in relation to issues like terrorism and separatism. The third speaker, Tobias Feakin, noted that states are under huge pressure to react to cyber incidents, but warned that experiences in dealing with cyber incidents have been ad hoc in nature. Feakin noted that some level of preparation by states was necessary to determine the appropriate level of response to an incident.
Panel 2
Squaring National Security and Data Privacy Matters
Simon Chesterman’s presentation considered the inherent tension between rights of citizens and the security concerns of governments. He argued that the purported trade-off fails to capture the complexity surrounding cyber issues. Chesterman opined that future limits to state power would likely come from private corporations that handle citizens’ data, rather than legislation or government. Geronimo Sy began his presentation by presenting a legal framework that highlighted the nuances between cybersecurity and cybercrime in the Philippines. Sy stressed how cybercrime falls within the bounds of criminal law, and is not a completely novel challenge. He subsequently listed recent legislative initiatives, which include proposals to create 20 to 30 specialised “e-courts” to hear cyber-related cases. Bryan Tan presented Singapore’s experience and perspective on cyber issues, shaped by the realisation that national security is no longer limited to the physical realm. Singapore’s critical information infrastructure has nonetheless continued to adapt against evolving threats and plays an indispensable role in driving progress in the city-
state. He argued that creativity is as important as safety.
Panel 3
Digital Economy
During this panel, Jan Neutze examined how public-private partnerships are essential to cybersecurity and provided insights on key trends amid an evolving landscape. Information sharing between the public and private sectors could ensure the development of overarching strategy for information sharing on actionable threats; clear government policies for handling vulnerabilities; as well as encourage the global sharing of best practices. Michael Mylrea elaborated that “smart cities” bring technology, government, and society together to enable: (a) a smart economy; (b) a smart environment; (c) smart living; (d) smart mobility; and (e) smart people. Smart cities are facing new threats such as the digitisation of critical infrastructure that could expose vulnerabilities, with software glitches that could result in massive amounts of data being open to hacking. Daniel Castro discussed the correlations between the economy and cybersecurity. He provided four observations: (a) recognise the economic consequences; (b) the need to reorient government strategies in cybersecurity; (c) develop new ways to restore trust between countries; and (d) the trend of populism in shaping technological policy debates.
Keynote Address 2
Cybersecurity Trends and Issues from a Singapore Perspective
John Yong explored the trends and opportunities associated with the building of a smart nation in Singapore. He explained the reasons for this development, including a dense, aging and technology-driven population. The success of this revolution relied on the commoditisation of hardware and the translation of big data into applications that citizens will find useful. Focusing his remarks on the centrality of digitisation, John Yong explained that ensuring a higher quality of life is a key objective. However, this is impossible to achieve without the implementation of an effective security system. Cyber vulnerabilities and malicious activities, such as defacement and hijacking of critical infrastructure, are examples of the sophisticated and evolving cybersecurity threat landscape. As a response, John Yong emphasised the importance of a multi-pronged counter-strategy. He concluded by presenting some of the key initiatives taken by Singapore in this domain, while stressing the need for a pervasive and adaptive cybersecurity architecture.
Panel 4
Cyber in Practice – Key Developments
Christophe Durand focused on the theme of convergence. He discussed efforts undertaken by INTERPOL to bridge approaches in combating cybercrimes and ensuring cybersecurity. While law enforcement agencies are concerned with detecting, attributing and disrupting cybercrime networks, the private sector places importance on implementing protective and business continuity measures. Finding means to harmonise these approaches represents an important step in tackling cybercrimes. The next speaker, Wolfgang Roehrig, provided an in-depth analysis of the strategic approaches adopted by the European Union in developing cyber defence capabilities. Providing an overview of the implementation of the EU Cyber Defence Policy Framework, Roehrig cited a number of areas where improvements in cooperation are needed, including the need to enhance the integration of cyber defence capabilities in strategic areas. With regard to the theme of cooperation, the third speaker, Eugene Teo, highlighted the role of public-private partnerships in managing cyber attacks. The creation of a more dynamic information-sharing environment, where time-sensitive information is disseminated quickly to relevant parties across the public and private sectors, is a way to enhance this effort.
Discussion
The Global Implications of the U.S. – China Cyber Relationship
Zhu Qichao outlined the historical context and major challenges in China-U.S. cybersecurity cooperation. With the rapid development of China’s national power and the corresponding expansion of its national interests in cyberspace, cybersecurity has become an important issue with great implications for the U.S.-China relationship. Zhu observed that there is currently limited communication and cooperation on cyber-related issues that would help ease tensions and facilitate strategic mutual trust between the two powers. Jason Healey’s presentation outlined the U.S. position on international cybersecurity, including the similarities and differences with China’s position. He then discussed international cyber norms, the application of international law to state behaviour in cyberspace, and the development of confidence building measures. Specific flashpoints in the U.S.-China relationship relating to cyber were also discussed. Finally, the dialogue highlighted the global impact of the U.S.-China cyber relationship.
Panel 5
Emerging Technology Trends and Threats
This panel focused on the legal implications of cyber warfare, India’s cybersecurity landscape and the principles of deterrence and arms control in cyberspace. William Boothby discussed the nexus between the cyber domain and lethal autonomous systems. He explored the key notions of automation and autonomy as well as legal principles associated with cyber warfare. Rahul Sharma provided a description of the Indian cybersecurity ecosystem. He underlined the challenges associated with three major strategic issues: (a) national security; (b) Internet governance; and (c) privacy. Sean Kanuck provided conceptual clarifications on the notion of the cyber environment and frameworks for deterrence, disarmament, and arms control. Mapping the context of limitations on cyber activities, he offered his interpretation of cybersecurity architecture, which he based on the four principles of transparency, universality, enforceability and stability.
Closing Address
Technology, Threats and Trust in an Interconnected World
In the closing address, Robert Butler discussed several noteworthy themes highlighted during the workshop. In particular, he focused on the potential of technology, threats and trust to enable cybersecurity stakeholders to create a future with a strong foundation. For technology, he explained that the Internet of Things has demonstrated how far humans have come, as well as foreshadows where they are heading in terms of the ability to communicate. Regarding threats, the security vulnerability of devices, threat actors, and the importance of resilient structures in facing risks and danger, are significant. In terms of trust, he stressed the need for collaboration and partnerships in building a framework composed of elements that all stakeholders can espouse and achieve together.
Moderated Discussion on Key Takeaways
Sean Kanuck underlined the relevance of conferences and dialogues on cybersecurity (like the CENS workshop), in addressing current system developments, potential risks and inevitable threats as well as challenges. For instance, Kanuck noted the rise of high-level policy attention for cyber foreign relations, the cyber international security dilemma, confidence building measures, and lessons learned from prominent cybersecurity incidents. Drawing from the presentations on data privacy, he asked important questions on the critical relationship between citizens, the government, freedom of speech, and sovereignty. Kanuck then discussed the importance of transparency, intelligence analysis and international cooperation, not only between governments, but also with private corporations. He pointed out that the workshop discussion on the U.S.-China cyber relationship is a confidence building measure in itself as it helps identify collective norms. He also argued that threats related to the Internet of Things and Smart Nation are expected to have major implications in the future.
