02 April 2018
WP309 | Cyber Deterrence in Singapore: Framework & Recommendations
Abstract
As a small state, Singapore’s ability to create deterrence against cyberattacks is very limited. There is limited value in pursuing classic deterrence through denial and punishment because: (i) technology is relatively cheap and widely available; (ii) there is difficulty in accurately attributing blame; and (iii) there is difficulty in identifying and punishing attackers. If there is no detection or ability to punish, Singapore’s credibility suffers.
The report suggests six ways that Singapore can improve its cyberattack deterrence:
- Develop a response mechanism to guide deterrence
- Create resilient systems
- Share collective responsibility in cybersecurity
- Increase capabilities through the improvement of penetration detection
- Create norms with enforcement capabilities
- Strengthen international law enforcement, cooperation, and legislation
It is also not feasible to measure deterrence in cyberspace the same way as nuclear deterrence, where a no-attack scenario denotes that deterrence is successful. Rather, deterrence should be seen as a mitigating effort that leads potential attackers to believe it is not in their best interest to attack. These efforts at deterrence can be further enhanced by improving the accuracy of attribution, the detection of cyber incidents regardless of size, and ensuring that timely action is taken against cyberattackers.
About the Author
Eugene EG Tan is an Associate Research Fellow specialising in cyberspace security issues, Singapore’s foreign policy, and aviation issues. He previously taught various international relations and comparative politics modules, including International Politics of Southeast Asia, European Politics, South Asia Politics and Singapore’s Foreign Policy, at the National University of Singapore, Department of Political Science. Eugene reserves a keen interest in aviation issues and state behaviour in international affairs, stemming from his research done for his Masters and PGDipArts theses done at the University of Otago, New Zealand. Currently, Eugene is working on research projects covering cybersecurity and state behaviour in cyberspace.
Abstract
As a small state, Singapore’s ability to create deterrence against cyberattacks is very limited. There is limited value in pursuing classic deterrence through denial and punishment because: (i) technology is relatively cheap and widely available; (ii) there is difficulty in accurately attributing blame; and (iii) there is difficulty in identifying and punishing attackers. If there is no detection or ability to punish, Singapore’s credibility suffers.
The report suggests six ways that Singapore can improve its cyberattack deterrence:
- Develop a response mechanism to guide deterrence
- Create resilient systems
- Share collective responsibility in cybersecurity
- Increase capabilities through the improvement of penetration detection
- Create norms with enforcement capabilities
- Strengthen international law enforcement, cooperation, and legislation
It is also not feasible to measure deterrence in cyberspace the same way as nuclear deterrence, where a no-attack scenario denotes that deterrence is successful. Rather, deterrence should be seen as a mitigating effort that leads potential attackers to believe it is not in their best interest to attack. These efforts at deterrence can be further enhanced by improving the accuracy of attribution, the detection of cyber incidents regardless of size, and ensuring that timely action is taken against cyberattackers.
About the Author
Eugene EG Tan is an Associate Research Fellow specialising in cyberspace security issues, Singapore’s foreign policy, and aviation issues. He previously taught various international relations and comparative politics modules, including International Politics of Southeast Asia, European Politics, South Asia Politics and Singapore’s Foreign Policy, at the National University of Singapore, Department of Political Science. Eugene reserves a keen interest in aviation issues and state behaviour in international affairs, stemming from his research done for his Masters and PGDipArts theses done at the University of Otago, New Zealand. Currently, Eugene is working on research projects covering cybersecurity and state behaviour in cyberspace.
