UK and Singapore tie the knot on cybersecurity collaboration

What the new Memorandum of Understanding on cybersecurity between the UK Singapore means in practice

July saw David Cameron in Singapore on the second leg of a mini-Asia roadshow designed mainly to bolster trade ties. He also had time to sign a Memorandum of Understanding between the two countries on cybersecurity which will help further elevate the island state’s status as something of a regional leader in the field. Trans-national agreements on fighting cybercrime will be welcomed by any business which has been a victim of hacking – which is just about any business these days.

The fine print  

It’s always more than a little ironic seeing a British prime minister pimping himself out around former colonies and vassal states of Asia which the UK plundered for much of the past several hundred years. Chancellor George Osborne and Boris Johnson’s kowtowing trade trip to China in 2013 springs to mind as particularly nauseating. But when it comes to the MoU with Singapore, the UK is very much acting as the senior partner, sharing as it will world-leading expertise in fighting cybercrime.

So what exactly are the terms of the deal? Well, typically the fine print has yet to be ironed out – after all, that’s what civil servants are for. But it will include four main pillars. The first and perhaps most important will be closer co-operation and information sharing between the two nations’ respective Computer Emergency Response Teams (CERTs). Any kind of formalised agreement between governments on this kind of thing is to be welcomed as the ability to collaborate in a timely and effective manner in response to breaking threats is all too often lacking in the white hat community.

The second is a doubling of a joint R&D fund between the two countries first announced during last year’s visit to the UK by Singapore president Tony Tan – from £1.17m to £2.4m over three years. Next up is a vague commitment to share best practices on security products and services. And last but not least is a plan for Singapore to create its own localised version of the hugely successful Cyber Security Challenge UK – a series of competitions and learning programs designed to reduce skills gaps in the industry.

“The UK has well-known expertise in this field and we hope to share our experiences in this increasingly important area,” Singapore prime minister Lee Hsien Loong told a joint press conference.

What it means

He’s right there. But that’s not to downplay Singapore’s growing maturity in all things information security. In fact, thanks to hefty tax breaks and a purposeful, strategically sound government vision, the island nation is fast becoming something of a regional hub for the cyber security industry – as it is with technology in general. It helps, of course, when you have a relatively small and affluent populous to manage and your government doesn’t have to worry about pesky opposition parties supplanting it anytime soon.

But the Singapore government’s powerful Infocomm Development Authority (IDA), under the guidance of the National Infocomm Security Committee (NISC) has still done a sterling job to bolster security in the tiny southeast Asian nation. Since 2005 it has produced an Infocomm Security Masterplan every three to five years. The first was very much tailored towards improving security within the government, and then extended out to include critical infrastructure – the aim being to promote the country as a “secure and trusted hub”. The most recent plan, launched a couple of years ago, is more ambitious still, with an expanded remit to help private businesses and individuals.

David Koh is chief executive of the Cyber Security Agency, another new initiative launched this year designed to centralise oversight of such things within government. He labelled the UK’s expertise in this area as “highly recognised”.

“Cyber threats are borderless and rapidly-evolving, and it is vital that we work closely with like-minded countries to better address these threats,” he told me by email. “The MoU signifies both our countries’ commitment to collaborate on building a secure cyberspace. We are confident that this MoU will facilitate greater exchanges, sharing of best practices and support talent development for both countries.”

Foreign organisations are also getting involved. Singapore pulled off something of a coup by persuading Interpol to open a cybercrime centre there last year. Around 200 trained officers staff the Interpol Global Complex for Innovation (IGCI), which also houses a digital forensics lab and co-ordinates research into cyber security protocols, tools and services.

Security vendors have been quick to establish bases in the former British colony. FireEye, for example, launched a joint Advanced Security Operations Centre (ASOC) with local telco giant Singtel last year, claiming at the time that from July to December 2014, 29% of customers in Southeast Asia detected malware and attempts to compromise their networks by APT ‘actors’. Government (27%), telecoms (24%) and financial services (16%) were the most affected sectors.

Security consultant Brian Honan, who also acts as special adviser to Europol’s European Cybercrime Centre (EC3), welcomed the news of the MoU with the UK as a harbinger of closer co-operation between the two countries.

“While CERTs and law enforcement agencies often collaborate with each other on many operational matters, having this level of cooperation between two governments being formally agreed is a very welcome move,” he told me. 

“The opportunities for both parties to benefit are immense as formal lines of communication, joint research, and information sharing can be established and managed. Criminals regularly cooperate on developing tools and techniques to target their victims, it’s great to see two governments focus their joint efforts on making the Internet a more secure place for all.”


Also read: 

Singapore wants to be a living lab for startups