A trio of new agreements between the U.S. and Singapore government could feed into the larger global cybersecurity goals of the U.S. government and allow closer collaboration with an increasingly key partner in Asia.
Three memorandums of understanding signed yesterday extend cybersecurity cooperation between the Department of Defense, Department of the Treasury and the Cybersecurity and Infrastructure Security Agency with their Singaporean counterpart agencies.
The DoD agreement will “support broad defense cooperation to advance cybersecurity information sharing, exchange of threat indicators, combined cyber training and exercises, and other forms of military-to-military cooperation on cyber issues.”
The Treasury agreement focuses on developing bilateral information sharing processes for cyber threats to financial markets and promoting resilience within the two countries’ respective financial systems.
The CISA agreement will “enhance information exchange on cyber threats and defensive measures, increase coordination for cyber incident response, and enable cybersecurity capacity building across Southeast Asia.”
A CISA spokesperson told SC Media that their deal will focus specifically on improving regular information exchange on cyber threat intelligence between the two countries as well as coordination of response to cybersecurity incidents, exchange of guidance on prevailing cybersecurity trends and best practices, conducting joint cybersecurity training and exercises, raising awareness on cybersecurity among respective constituents and cooperation in capacity building activities.
It will also create dedicated communication channels to increase cooperation on two issues with broad cybersecurity implications. The two nations will engage in “high level dialogue” on securing the global supply chain that will include both industry and government. They’ll also create a U.S.-Singapore Partnership for Growth and Innovation to address “immediate and long-term challenges” to the two nations’ economies, including supply chain threats.
“The partnership will strengthen U.S.-Singapore trade and investment collaboration starting with four pillars: digital economy; energy and environmental technologies; advanced manufacturing, and healthcare,” the White House said in a fact sheet.
According to the White House, there are thousands of U.S. companies with offices in Singapore supporting 215,000 American jobs. Additionally, about 4,000 Singaporean students study in U.S. universities and 41 U.S. universities run 110 different exchange programs with academic institutions in Singapore.
There are other commonalities as well. Both countries are reporting increasingly higher rates of cyber attacks and both have cybersecurity industries that are currently booming. The U.S. (specifically Washington D.C.) and Singapore ranked first and second respectively as the best places to live for a cybersecurity career in a recent analysis by TechShielder, which factored in metrics like average salary, cybersecurity job vacancies and cost of living. Multiple market research firms are predict double digit compound growth for the Singaporean cybersecurity industry, which may become a trillion dollar market over the next decade.
On the government side, the Cyber Security Agency of Singapore fills some similar roles to that of CISA, coordinating cybersecurity actions across government and industry, warning the public about the latest threats and supporting critical infrastructure.
What does it all mean?
Jim Lewis, senior vice president and director of the strategic technologies program at the Center for Security and International Studies, told SC Media that both countries are positioned to yield benefits from the partnership.
For the U.S., it represents another building block of a growing international coalition formed around promoting global cybersecurity and enforcing norms around state sponsored hacking and cybercrime that have been pursued by both Democratic and Republican administrations alike over the past five years.
All three of the agreements include specific provisions around information sharing, suggesting it’s an area where the U.S. is seeking to significantly improve with partners like Singapore and allies around the world. Lewis said that emphasis is likely a reflection of the increased importance of attributing cyber attacks in geopolitical conflicts.
“What we’ve found in the last couple years is that attribution information is really politically crucial. If you want people to cooperate, you need to be able to share convincing information with them, and if you need to get ahead of a global threat, you need to be able to share information about it,” said Lewis. “We were good at information sharing before but we need more precision, more detail and more timeliness if this is going to work.”
Forging closer ties with Singapore specifically may yield important benefits. Apart from its role as cybersecurity leader in Asia, the nation of 5.7 million currently plays a vital role in the troubled global semiconductor supply chain. The country’s Minister of State for Trade Alvin Tan said in July that local companies are responsible for 19% of the global semiconductor equipment market.
Singapore, meanwhile, has an interest in fostering close ties with both China and the U.S. Lewis said the increasingly authoritarian grip by Beijing around Hong Kong, another prominent Asian tech hub, and its fallout in the business world could ultimately end up benefiting of Singapore and its industry in the long run, potentially making them an even more pivotal partner in Asia on regional and global cybersecurity issues. The deal will also allow Singapore and agencies like the CSA to tap into U.S. cybersecurity resources and expertise that weren’t previously available.
The fact that these initiatives will take place under the umbrella of formal, signed bilateral agreements should also help to cut down on bureaucratic red tape.
“You could do this through normal channels but it would be slower, it would be more cumbersome, it would be ad-hoc,” said Lewis. "So this gives you a regular, routine approach to dealing with these security problems.”
