I would like to start by presenting a perspective of how a small country like Singapore sees the world around us. As a small country without hinterland and with no natural resources, our survival is contingent on being able to connect and make ourselves relevant to the world. Trade is three times our GDP; that is the extent to which we are connected to the rest of the world. This world that we recognize, however, is rapidly changing, with profound implications in many dimensions, including in the digital and technology space.
We are talking about a systemic change in the world order that was established at the end of the Second World War, and the hyper-globalized world that we experienced after the Cold War period. These profound changes are already underway, and it would be some time before we can see and recognize its full impact. Another way to put it, is that the world is changing. We can debate what it will eventually change into. But the fact it is already changing is not in doubt.
The rules-based order is fraying, with serious consequences for technology and cyber because the operating context for cybersecurity is sculpted by the evolving dynamics of the world around us. We don’t operate in a vacuum. We operate as part of the physical world. This brings me to highlight three developments that I see taking place in the technology and digital space.
First, the trends of globalization have now been reversed. Free trade, and just-in-time supply chains optimized for cost efficiencies are now no longer in vogue. The pandemic highlighted the fragility of our supply chains, and we talked about “friend-shoring” and securing our supply chains, and discussed some of its negative consequences. Now, we are talking about re-shoring and on-shoring capabilities and capacities, including factors of production, back into each individual country. We have gone from free trade to limited trade among friends, to outright domestic production. The United State’s universal tariffs are an attempt to bring industrial, research and manufacturing capabilities and capacities back home, and other countries are responding with similar measures. To be clear, the use of tariffs is not new, nor an inherently bad thing. However, it can be deeply disruptive when applied across the board.
Second, there is now a greater inclination among countries towards bilateral rather than multilateral processes. After the end of the Cold War, we saw a proliferation of multilateral processes, including in Asia. Many of the ASEAN-related fora such as the ASEAN Regional Forum (1994), ASEAN-Plus Three (1997) and East Asia Summit (2005), were established.
These are just a sample of the political fora from South East Asia. The same can be said in the economic domain.
We are now hearing and seeing countries increasingly losing faith in multilateral processes. Anyone who is familiar with the work at the United Nations would know the challenges of finding consensus among member States on any single issue. Singapore is the current Chair of the Open-ended Working Group (OEWG) in the security of and in the use of Information Communications Technologies (2020-2025), the only UN process for cybersecurity. Singapore is clear-eyed about the challenges and difficulties. But we, nonetheless, see the value of the process at the United Nations. We know that despite the challenges the United Nations is the only universal forum where every country, large and small, developed or developing, has a voice. Today, we see major powers seeking to forge bilateral agreements on trade, security and technology cooperation and access.
Third, the walls around the development, application, and transfer of technology have gone up. Up till about a decade ago, technology was generally seen as benign; a force for good. Except for a few selected areas, such as those involving the military, the technology domain was largely seen as the space for engineers, researchers and experts to operate, largely free from government and political interference. Its application was mostly market driven or for the good of human development. Transnational cooperation, exchange and partnership were seen as a good thing. An example would be the ASEAN Digital Economy Framework Agreement or DEFA, which set out to harmonize digital policies and foster cross-border AI and digital innovation.
Today, the zeitgeist has changed. The free exchange and sharing of technologies are not only seen as undesirable; they are increasingly seen as a liability and a source of vulnerability. These technologies are no longer seen as merely commercial or civilian tools, but as assets that could pose significant risks if misused or acquired by adversaries.
In fact, we have witnessed the securitization of technology – where technology is now seen as an instrument of national power, a source of national strength, and a zero-sum game. Politics, security, economics and technology, were hitherto seen as separate distinguishable domains, are now inter-meshed to be harnessed and mobilised to advance national interests. Access to technologies is increasingly contingent on each country’s placement on a white-list or black-list.
People now talk about whether suppliers of technologies are “trusted and reliable” or “secure and verifiable.” The then-Biden Administration’s “small yard high fence” and China’s “unreliable entity list” are just some examples of these mindset and policy shifts.
Put together, what does this mean for cybersecurity? For one, we may expect a more challenging and unpredictable threat environment, as global tensions play out in the digital terrain. Cyber operations will be increasingly leveraged to pursue ideological or political agendas. We may see more frequent, targeted, and sophisticated attacks.
Amid operating conditions like these, it will be natural for states to take steps to protect themselves and strengthen their cybersecurity posture. At the same time, tighter controls and sensitivities around the development, application, and transfer of technologies may restrict access to global best practices and policies.
Small and developing States will be the most disadvantaged by these developments. Even medium-sized states, or “middle powers,” may not escape its negative effects.
First, everyone is left poorer if the big decisions of the day are determined by a small group of major powers. For instance, consider the impact if we are excluded from decisions governing the use, application and impact of key technologies, which will impact all of us, but are unable to influence it. If access is contingent on size, power and wealth, then many States, especially small and developing States, are going to find themselves in a very weak bargaining position.
For a period of time, international discussions on the ICT domain were driven by a group of no more than 25 States, known as the Group of Government Experts. I was fortunate enough to be Singapore’s representative for one of these discussions. Today, this has been succeeded by the Open-Ended Working Group (OEWG), which is accessible to all UN member States, and the only universal process to discuss cyber issues, giving every State a voice in the collective outcome. It is not in our collective interest to revert to the past where key decisions on international cyber and digital issues are determined by a small group of powerful States.
Second, regardless of our national and economic development, we are more likely to be left behind in a world that is less interoperable. It is in our interest to ensure that technical standards on digital and cyber issues are interoperable to facilitate communication, exchange, convenience and safety. But if the trends that I have highlighted persist and harden, we are likely to see various technologies becoming fragmented.
As each country looks inwards and develops their own solutions to their own problems, it would not be a stretch to say that there may come a time when systems and networks are unable to “talk to each other.” I am old enough to remember when we travelled to Japan our cell phones did not work because Japan developed its own advanced mobile technology and infrastructure, ahead of global standards; foreign phones simply could not connect to Japanese networks. Today, our cell phones are interoperable. We don’t want to go back to that past. Collectively, we will all suffer–from an economic perspective, an educational perspective, from a social perspective. And, in some cases, safety as well. I want my aircraft to land safely when it departs from Singapore, whether it’s headed to Beijing or New York. If standards are not interoperable, this will be a challenge. Small and developing States will suffer disproportionately, because we will not have a say in how standards are developed in each country, nor will we have the resources or size to determine our own standards.
Lastly, small and developing States will be resource-disadvantaged in their access to technologies. Hitherto, global supply chains were distributed to maximize cost efficiencies. The moves to bring back the manufacturing of high-end semiconductor chips in Europe and the United States, while well-intended, will also raise the cost of production. While governments may be prepared to pay a high cost to produce customized chips for advanced defence equipment at high cost, where national security trumps economics, consumers and businesses may not be willing to pay much higher prices for components, parts and consumer products. This is true for all societies, developed or developing. In addition, given the business uncertainty, it is getting too risky for companies to invest in long term research and development. Innovation suffers because countries, companies and people are less likely to collaborate. While this sets all of us back, small and developing States which cannot hope to win in bidding wars will be set back the most.
I have painted a fairly gloomy picture, not because I am a pessimistic person, but because this is the reality we are contemplating now. But there are things that we can do to weather the storms ahead and avoid the worst consequences.
Countries and governments must continue to work together to uphold the rules-based order. In cyberspace, we need to continue to work together to strengthen and advance the normative framework for responsible State behavior, as well as uphold the application of international law.
Second, like-minded countries must come together to find solutions to common security challenges. For instance, hackers frequently exploit the vulnerabilities in our Internet of Things (IoT) devices to access our enterprise systems. States need to work together to develop common technical standards to safeguard our IoT devices, which are becoming ubiquitous.
Third, each country needs to make sure to invest in its own people and be prepared to learn from others. Amidst the uncertainty around us, it is important that we continue to equip our people to respond and to seize opportunities, because even amidst all this uncertainty, there will be opportunities.
If I may leave you with a parting thought. Even as we are jostled forward, surrounded by geopolitical tensions and rapid changes in technologies, we should remember that States, including small and developing States, are not without agency. We can play a part in shaping the future of the world around us, and in the technology we adopt.
