Government officials debate effectiveness of multilateral relations in cybersecurity

Amid continued calls for deeper global cooperation between all stakeholders to bolster cyber defense, government officials are now debating whether multilateral relations have been effective. 

Digitalization has become the new engine of economic growth for many countries, with the World Bank estimating that digital economies contribute at least 15% of global GDP. This digital revolution, though, has also triggered much anxiety, where tech-enabled possibilities and information flow have created new risks to guard against, said Heng Swee Kiat, Singapore’s deputy prime minister and coordinating minister for economic policies.

Also: The best VPN services (and how to choose the right one for you)

He pointed to fears that digital advances could fuel a more dangerous global climate of untruths and arm malicious actors with the ability to cause harm, such as scams and cyberattacks, at scale and with ease. 

“There are also deeper issues of ethics, privacy, and governance. All these means it is critical for us to work together to gain a fuller grasp of digitalization’s potential and devise solutions to shape and harness it as a force for good, for all,” said Heng, during his opening speech at this week’s Singapore International Cyber Week conference. 

With the world now highly interconnected and interdependent, he underscored the need to develop “a shared understanding” of how to tap new possibilities and mitigate new risks. This will not be a straightforward goal, he noted, given the state of the current global landscape. 

Also: The best VPN services for iPhone and iPad (yes, you need to use one)

“International cooperation today is constrained by geopolitical circumstances, from the US-China strategic competition, to the protracted war in Ukraine and now the conflict in Israel and Gaza,” he said. 

“These have affected collaboration in the technology domain, particularly when countries frame technology through a national security lens. Rather than work with one another to understand and harness the possibilities of technology, including digital technology, some countries are now adopting a protective, insular stance.”

This approach not only creates inefficiencies — there’s also the risk of a bifurcated and fragmented world where access to and, therefore, the benefits of technology, are also curtailed, Heng noted. 

To navigate the world toward a digital order, he underscored the importance of a multi-stakeholder model and partnerships across borders and sectors. He pointed to efforts, such as the United Nations Open-Ended Working Group on Security, which Singapore currently chairs, and discussions around the Global Digital Compact, which aims to outline shared principles for “an open, free, and secure digital future for all”. 

Several nations have also established Digital Economy Agreements as an extension of free trade agreements. He added that Singapore has such agreements with South Korea, the UK, and Australia, as well as multi-country pacts, including the Digital Economy Partnership Agreement with Chile and New Zealand. 

Singapore is working with member states on negotiations for the Asean Digital Economy Framework Agreement, targeted for completion by 2025, which aims to establish protocols that will ease cross-border digital trade and improve digital rules across key areas, including artificial intelligence (AI), cybersecurity, payments, and data. 

But just how effective is multilateralism and cooperation between the different stakeholders, such as private and public sectors, in bolstering cyber defence? 

While current multilateral ties may not be great or perfect, it is difficult to find one that can meet every stakeholder’s ideals, said Tadeusz Chomick, ambassador for cyber and tech affairs at Poland’s Ministry of Foreign Affairs, during a panel discussion at the conference. 

On a global level, just one multilateral organization exists, he said, pointing to the United Nations (UN). Since it is the only entity available, it is everyone’s duty to make the best use of it, even if it may not be able to resolve the most critical global issues, Chomick said. 

Also: How AI can improve cybersecurity

He said the UN has at least produced some results in cybersecurity, where it has established 11 voluntary, non-binding norms of responsible state behavior in cyberspace. 

Asean currently is the only regional organization to have subscribed, in principle, to these norms of behavior. 

Chomick added that the UN is also looking to improve coordination on capacity building efforts and has worked to establish the Points of Contact directory. 

This first global inter-government Points of Contact directory provides all UN members with a platform to reach out to relevant counterparts in the event of cyber incidents, according to Heng. A report detailing the operationalization of this directory was recently adopted by consensus in New York, he said. 

Chomick noted that there are also multilateral initiatives on a regional level, such as those undertaken by the European Union and Asean, to improve cyber resilience. 

On ties between the private sector and governments, he said the former’s role is constantly growing and changing. The private sector has an increasingly important part to play, especially in providing threat intelligence and, often now, is feared for its ability to disrupt and change societies, for instance, in political and public opinion and global security. And it does so with or without the approval of governments, he said. 

The question then is how governments should engage the private sector. He noted that many states are ill-prepared to face this reality. 

Also: The best VPNs for streaming your favorite shows and sports

There have been longstanding efforts to find the most effective balance between “the carrots and sticks”, he said, pointing to discussions on whether to enforce regulations or offer incentives to encourage the desired behavior. 

Countries that have been successful here have been able to create the right frameworks to drive innovation, while setting regulations to control the risks, Chomick said. 

Also: AI’s multi-view wave is coming, and it will be powerful

As technology advancements continue to emerge, governments will need to find a new balance, he said. And since companies leading such innovation are global, governments will have to engage them on discussions that are not just on a local level, but also on an international level, he added.

Such efforts should further include enterprises beyond the private sector, encompassing civil groups and non-government organizations. Cybersecurity is not sectoral, he said, and civil societies can play a role in bringing new ideas and monitoring what governments, as well as industry, are doing. 

Cybersecurity is no longer just a technical issue, but also geopolitical and sociological, said fellow panelist Ibraheem Saleh Al-furaih, advisor to the governor of Saudi Arabia’s National Cybersecurity Authority.

Noting that cybersecurity is a top priority that has taken a global agenda, Al-Furaih said all stakeholders need to work collectively to ensure a “resilient, secure, and trusted” cyber space for all countries.  

This approach also requires a commitment to sharing cyber-incident reporting and threat intel, which the US aims to do, according to Anne Neuberger, the US White House deputy assistant to the president and deputy national security advisor for cyber and emerging technologies at the National Security Council.

Also: Industrial networks need better security as attacks gain scale

The goal is to allow adversaries to use a technique only once to successfully launch an attack. This approach requires an ability to quickly learn from it and address it, so cyber defenses can be improved in the most effective way, Neuberger said. 

Some organizations do their part by sharing information when new techniques are uncovered, and they release indicators of compromise and best practices. They also ensure that security is baked into their products, she said. 

Neuberger added that the US government also shares “in as broad and technical way as possible” what it learns from cyber incidents.

She also advocated the need for “purpose-built multilateral” relations, where groups of countries galvanize to tackle certain issues, such as ransomware, and test solutions as well as speak against unacceptable cyber behavior. 

Heng also stressed the need to look beyond governments and international organizations, and include other stakeholders, such as non-government organizations, academia, and technology companies. 

“Take ‘big tech’, for example. These are the world’s largest technology companies which products we use and interact with on a daily basis,” the Singapore government official said. “It is in their interest to build a digital domain that is secure, trusted, and inclusive, so that they can maximize their reach and impact. By working in partnership with the public sector, both sides can realize synergies and achieve better outcomes.”

Also: AI gold rush makes basic data security hygiene critical

In this aspect, he noted that Singapore’s Cyber Security Agency (CSA) this week announced separate partnerships with Microsoft and Google, to address cybersecurity threats and enhance the country’s cyber defense.

The industry collaboration covers several areas, including the sharing of threat intelligence, joint operations to combat cybercrime, and technical cooperation. 

“AI has long had a tremendous impact for good on the security ecosystem and leveraging advances in AI will be important for global security and stability going forward,” said Michaela Browning, Google’s AsiaPacific vice president of government affairs and public policy. 

“Generative AI will present novel security risks, including misinformation and cyber threats, but will also become the foundation for a new generation of cyber defenses through advanced security operations and frontline intelligence — if we are bold and responsible with its development and regulation.”