Cyber Deterrence in Singapore: Framework & Recommendations

CENS / Cybersecurity, Biosecurity and Nuclear Safety / Southeast Asia and ASEAN / Working Papers

02 APRIL 2018

Abstract

As a small state, Singapore’s ability to create deterrence against cyberattacks is very limited. There is limited value in pursuing classic deterrence through denial and punishment because: (i) technology is relatively cheap and widely available; (ii) there is difficulty in accurately attributing blame; and (iii) there is difficulty in identifying and punishing attackers. If there is no detection or ability to punish, Singapore’s credibility suffers.
The report suggests six ways that Singapore can improve its cyberattack deterrence:

Develop a response mechanism to guide deterrence
Create resilient systems
Share collective responsibility in cybersecurity
Increase capabilities through the improvement of penetration detection
Create norms with enforcement capabilities
Strengthen international law enforcement, cooperation, and legislation

It is also not feasible to measure deterrence in cyberspace the same way as nuclear deterrence, where a no-attack scenario denotes that deterrence is successful. Rather, deterrence should be seen as a mitigating effort that leads potential attackers to believe it is not in their best interest to attack. These efforts at deterrence can be further enhanced by improving the accuracy of attribution, the detection of cyber incidents regardless of size, and ensuring that timely action is taken against cyberattackers.
Read the paper at https://www.rsis.edu.sg/rsis-publication/cens/wp309-cyber-deterrence-in-singapore-framework-recommendations

CENS Cyber Homeland Defence Programme

Search This Blog