Public-private collab needed to craft cyber rules

Image courtesy of (ISC)²

There is a growing need for greater standardisation and collaboration to ensure stronger and more resilient frameworks that support shared learning and best practices, amidst rapidly evolving cybersecurity policies and regulations around the world, according to a report from (ISC)² the Royal United Services Institute (RUSI).

RUSI conducted a study from December 2022 to March 2023, covering the United Kingdom, European Union, United States, Canada, Japan and Singapore because they drive policymaking in cybersecurity and are leaders in the field, either as norm developers or because of their technology sectors. 

The research focused primarily on policies enacted or proposed between 2019 and 2023. The research underlying this publication was primarily based on a review of existing literature.

Issues identified include the shortage of skilled cybersecurity professionals, the complexities of the critical national infrastructure (CNI) and international cooperation on norm development for cyberspace. 

The importance of cooperation between private and public stakeholders, and that policy makers increasingly seek harmonisation of cyber policy, is particularly critical for Singapore as its digital economy and the corresponding cyber ecosystem continues to expand rapidly. 

While the country is recognised for its advanced cybersecurity regulation and policies, Singapore has experienced a high number of cyberattacks in recent years. 

For example, Singapore saw an influx of SMS-phishing scams targeted at bank customers in 2022. The Cyber Security Agency of Singapore (CSA) saw a 54% year-on-year increase in the number of ransomware cases being reported to them in 2021.

Pia Hüsch, RUSI research analyst for cyber, technology and national security, said the report draws crucial attention to the need to better understand which policies are effective in increasing cyber resilience and how they impact businesses and the cyber workforce implementing them.

Clar Rosso, CEO of (ISC)², said policymakers must take a proactive, rather than reactive, approach toward cybersecurity policy and collaborate across borders, industries and sectors to establish common standards, protocols and best practices. 

“To protect our national security, economies, critical infrastructure, and the data and privacy of our citizens, we need consistent, strong, forward-looking and joined up policies that enable cybersecurity professionals around the world to stay laser-focused on the most critical aspects of their jobs,” said Rosso.

The study found that more regulations are coming and organisations must prepare now – not later.

Also, no country or government is immune to the cybersecurity skills and workforce gap. While Singapore’s shortage in the cyber workforce has decreased significantly in 2022, it has been investing in cyber workforce development and has issued a number of measures to attract highly skilled workers such as through visa programs like TechPass.

Further, global standardisation is critical, and full international cooperation is needed, to protect and uphold ethical principles and standards.

On this front, Singapore is actively engaging with a wide range of actors in the field, including the UN working groups. It has established the ASEAN Singapore Cybersecurity Centre and hosts the annual Singapore International Cyber Week.

Fortifying critical infrastructure is a top priority for all jurisdictions — especially with more interconnectedness and “state lines” blurring.

To ensure further resilience of its Critical Information Structure and supply chains, Singapore continues to advance regulation, such as the Complimentary Code of Practice (CCoP 2.0) that provides measures and standards implemented by businesses that are part of the critical information infrastructure.

Finally, collective defense is needed between the public and private sectors and across jurisdictions to support norm development.