Governments from across the globe descended on Singapore for its Ninth Annual International Cyber Week (SICW), October 14-17, to talk cyber and tech policy and meet one another bilaterally and in various multilateral groupings.
Industry representatives joined in the cybersecurity melting pot seeking to sell their wares and gain insights on how regional powers are sizing each other up and cooperating -- or not -- on digital regulations. Mirroring the bustling city state driven by trade and digital commerce, the conference conversation moved quickly, traversing AI, post quantum cryptography, critical infrastructure protection and IoT security. While the cyber threat briefings and policy debates moved at light speed on stage and in meetings, there was a broader sense of stasis as a big geo-political question mark hung over proceedings: the U.S. presidential election.
The press release issued before the conference by the Cyber Security Agency of Singapore (CSA) noted that “distrust has paralyzed dialogue in many international platforms.” To bridge the trust gap, SICW seeks to, “bring together countries with diverse, and even opposing, perspectives on current digital and cyber issues of policy, technical, and diplomatic interest and relevance to be heard and discussed openly.” Indeed, a variation of creating trust in the digital era has been the official theme of the last two conferences.
Singapore pushed ahead with this trust agenda, seeking to balance the involvement and interests of China and the United States, along with other major powers, including the EU and India. Yet the biggest development on the horizon for cyber and tech policy — America’s political direction — was hardly spoken about on the main conference stage.
That didn’t stop the machinery of summit/conference diplomacy occurring in the margins in the form of set piece meetings. A list of those made public, although it is likely others occurred:
- The 9th Association of South East Asian Nations (ASEAN) Ministerial Conference on Cybersecurity (AMCC)
- At the conference it was announced the ASEAN Regional CERT would be operationalized thanks to US10.1 in funding from Singapore
- The inaugural India-Singapore Cyber Dialogue
- The 3rd U.S.-Singapore Cyber Dialogue
- The inaugural ASEAN-India Cyber Policy Dialogue
- The 5th U.S.-ASEAN Cyber Dialogue
- U.S.-Japan-Philippines Trilateral Cyber & Digital Dialogue
This proliferation of cyber dialogues shows the region is maturing in its approach to cyber and tech diplomacy. It also exemplifies how the Biden Administration has sought to evolve its alliances and partnerships to meet the challenges of the digital era. Washington’s willingness to commit to cyber dialogues was commendable given the election uncertainty and the notable absences from the U.S. delegation. Two years ago, the Secretary of Homeland Security Alejandro Mayorkas was a keynote speaker and Deputy National Security Advisor for Cybersecurity, Anne Neuberger and Cybersecurity Infrastructure & Security Agency (CISA) Director Jen Easterly have been regular fixtures of the conference.
This year, presumably due to the proximity to the election, Mayorkas and Easterly did not attend, nor did senior officials from their institutions. At a time when they all have positive policy agendas to push into the region, their absence felt like a missed opportunity. The U.S. Department of Homeland Security (DHS) and CISA have significant policy matters to discuss. These include the secure by design pledge and principles and the success of the Cyber Safety Review Board in drawing out key lessons for cloud security from its recent review, and the upcoming Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) regulations.
Instead, it was the inaugural U.S. Ambassador at Large for Cyberspace and Digital Policy, Nathaniel Fick, who led the delegation in Singapore. Ambassador Fick delivered keynote remarks and pushed the new Digital Solidarity mantra – central to the United States’ International Cyberspace and Digital Policy Strategy, which was released in May 2024. Civilian cyber capacity building to Ukraine through the Tallin Mechanism during its darkest hour is an early hallmark of operationalizing digital solidarity.
While the U.S. delegation was down on the number of senior officials, other countries came in greater numbers than previous years and touted recent or upcoming laws, regulations, or efforts to harmonize policy across borders:
- The Australian Government introduced a new cyber bill and amendments to its critical infrastructure laws to parliament last week which is now under review by a parliamentary committee.
- The Philippines Government has a progressed a new Cyber Bill for passage through its congress. The Bill designate which sectors are considered critical infrastructure and mandate incident reporting.
- The Japanese Government is planning to introduce an “active cyber defense” framework. To implement it, Japan will need to overhaul several existing laws on communication, data privacy, and anti-cybercrime.
- The Canadian Government’s Bill C-26 made progress in parliament in late September. The amends the Telecommunications Act (effectively ruling out high-risk vendors in its networks) and the introduction of the Critical Cyber Systems Protection Act (CCSPA) which would be a framework specifically aiming to bolster cybersecurity across the critical cyber infrastructure sector.
- Singapore signed Mutual Recognition Arrangements (MRAs) for the recognition of cybersecurity labels with Korea Internet & Security Agency (KISA) and Germany Federal Office for Information Security (BSI).
SICW 2024 covered a lot of policy ground and was the opportunity for a plethora of bilateral and multilateral cyber dialogues. The conference continues to fill an important space in which governments of all ideological colors can engage with each other -- even if it was confronting to see the Russian Government at the conference while its troops inflict immense pain and suffering on the Ukrainian people.
The U.S. delegation had much to be confident about this year when pushing their cybersecurity policy lines. But the election could mean a significant shakeup in the personnel and policy positions the U.S. take to SICW next year and the tone of the conference. Given the lack of discussion of the election and implications, the region and Singapore are watching, waiting, and getting ready to work with either outcome. Here’s hoping the trust gap doesn’t widen next year.
Read Next
EU’s Cyber Resilience Act Enters Into Force
New product cybersecurity requirements are coming to the EU single market after years of intense debate and negotiation in Brussels, as the European Union’s Cyber Resilience Act officially enters into force.
Through the Looking Glass: An Updated Vision for the Office of the National Cyber Director
The ONCD was established to advise the President on cybersecurity and has matured into a key component of cybersecurity policymaking. However, changes are needed to ensure the efficacy of the office, especially as it relates to other agencies.
The U.S. Data Security EO with Lee Licata and Grant Dasher (Part 2)
For the first time in the Distilling Cyber Policy podcast, Alex and Jen are re-joined by guests from earlier this season: Lee Licata, from the Department of Justice, and Grant Dasher, from CISA.