• Home
  • About RSIS
    • Introduction
    • Building the Foundations
    • Welcome Message
    • Board of Governors
    • Staff Profiles
      • Executive Deputy Chairman’s Office
      • Dean’s Office
      • Management
      • Distinguished Fellows
      • Faculty and Research
      • Associate Research Fellows, Senior Analysts and Research Analysts
      • Visiting Fellows
      • Adjunct Fellows
      • Administrative Staff
    • Honours and Awards for RSIS Staff and Students
    • RSIS Endowment Fund
    • Endowed Professorships
    • Career Opportunities
    • Getting to RSIS
  • Research
    • Research Centres
      • Centre for Multilateralism Studies (CMS)
      • Centre for Non-Traditional Security Studies (NTS Centre)
      • Centre of Excellence for National Security (CENS)
      • Institute of Defence and Strategic Studies (IDSS)
      • International Centre for Political Violence and Terrorism Research (ICPVTR)
    • Research Programmes
      • National Security Studies Programme (NSSP)
      • Studies in Inter-Religious Relations in Plural Societies (SRP) Programme
    • [email protected] Newsletter
    • Other Research
      • Future Issues And Technology (FIT)
      • Science and Technology Studies Programme (STSP) (2017-2020)
  • Graduate Education
    • Graduate Programmes Office
    • Overview
    • MSc (Asian Studies)
    • MSc (International Political Economy)
    • MSc (International Relations)
    • MSc (Strategic Studies)
    • NTU-Warwick Double Masters Programme
    • PhD Programme
    • Exchange Partners and Programmes
    • How to Apply
    • Financial Assistance
    • Meet the Admissions Team: Information Sessions and other events
    • RSIS Alumni
  • Alumni & Networks
    • Alumni
    • Asia-Pacific Programme for Senior Military Officers (APPSMO)
    • Asia-Pacific Programme for Senior National Security Officers (APPSNO)
    • SRP Executive Programme
    • Terrorism Analyst Training Course (TATC)
  • Publications
    • RSIS Publications
      • Annual Reviews
      • Books
      • Bulletins and Newsletters
      • Commentaries
      • Counter Terrorist Trends and Analyses
      • Commemorative / Event Reports
      • IDSS Paper
      • Interreligious Relations
      • Monographs
      • NTS Insight
      • Policy Reports
      • Working Papers
      • RSIS Publications for the Year
    • Glossary of Abbreviations
    • External Publications
      • Authored Books
      • Journal Articles
      • Edited Books
      • Chapters in Edited Books
      • Policy Reports
      • Working Papers
      • Op-Eds
      • External Publications for the Year
    • Policy-relevant Articles Given RSIS Award
  • Media
    • Great Powers
    • Sustainable Security
    • Other Resource Pages
    • Media Highlights
    • News Releases
    • Speeches
    • Vidcast Channel
    • Audio/Video Forums
  • Events
  • Giving
  • Contact Us
Facebook
Twitter
YouTube
RSISVideoCast RSISVideoCast rsis.sg
Linkedin
instagram instagram rsis.sg
RSS
  • Home
  • About RSIS
      • Introduction
      • Building the Foundations
      • Welcome Message
      • Board of Governors
      • Staff Profiles
        • Executive Deputy Chairman’s Office
        • Dean’s Office
        • Management
        • Distinguished Fellows
        • Faculty and Research
        • Associate Research Fellows, Senior Analysts and Research Analysts
        • Visiting Fellows
        • Adjunct Fellows
        • Administrative Staff
      • Honours and Awards for RSIS Staff and Students
      • RSIS Endowment Fund
      • Endowed Professorships
      • Career Opportunities
      • Getting to RSIS
  • Research
      • Research Centres
        • Centre for Multilateralism Studies (CMS)
        • Centre for Non-Traditional Security Studies (NTS Centre)
        • Centre of Excellence for National Security (CENS)
        • Institute of Defence and Strategic Studies (IDSS)
        • International Centre for Political Violence and Terrorism Research (ICPVTR)
      • Research Programmes
        • National Security Studies Programme (NSSP)
        • Studies in Inter-Religious Relations in Plural Societies (SRP) Programme
      • [email protected] Newsletter
      • Other Research
        • Future Issues And Technology (FIT)
        • Science and Technology Studies Programme (STSP) (2017-2020)
  • Graduate Education
      • Graduate Programmes Office
      • Overview
      • MSc (Asian Studies)
      • MSc (International Political Economy)
      • MSc (International Relations)
      • MSc (Strategic Studies)
      • NTU-Warwick Double Masters Programme
      • PhD Programme
      • Exchange Partners and Programmes
      • How to Apply
      • Financial Assistance
      • Meet the Admissions Team: Information Sessions and other events
      • RSIS Alumni
  • Alumni & Networks
      • Alumni
      • Asia-Pacific Programme for Senior Military Officers (APPSMO)
      • Asia-Pacific Programme for Senior National Security Officers (APPSNO)
      • SRP Executive Programme
      • Terrorism Analyst Training Course (TATC)
  • Publications
      • RSIS Publications
        • Annual Reviews
        • Books
        • Bulletins and Newsletters
        • Commentaries
        • Counter Terrorist Trends and Analyses
        • Commemorative / Event Reports
        • IDSS Paper
        • Interreligious Relations
        • Monographs
        • NTS Insight
        • Policy Reports
        • Working Papers
        • RSIS Publications for the Year
      • Glossary of Abbreviations
      • External Publications
        • Authored Books
        • Journal Articles
        • Edited Books
        • Chapters in Edited Books
        • Policy Reports
        • Working Papers
        • Op-Eds
        • External Publications for the Year
      • Policy-relevant Articles Given RSIS Award
  • Media
      • Great Powers
      • Sustainable Security
      • Other Resource Pages
      • Media Highlights
      • News Releases
      • Speeches
      • Vidcast Channel
      • Audio/Video Forums
  • Events
  • Giving
  • Contact Us
  • instagram instagram rsis.sg
Connect

Getting to RSIS

Map

Address

Nanyang Technological University
Block S4, Level B3,
50 Nanyang Avenue,
Singapore 639798

View location on Google maps Click here for directions to RSIS

Get in Touch

    Connect with Us

      rsis.ntu
      rsis_ntu
      rsisntu
    RSISVideoCast RSISVideoCast rsisvideocast
      school/rsis-ntu
    instagram instagram rsis.sg
      RSS
    Subscribe to RSIS Publications
    Subscribe to RSIS Events

    RSIS Intranet

    S. Rajaratnam School of International Studies Think Tank and Graduate School Ponder The Improbable Since 1966
    Nanyang Technological University Nanyang Technological University

    Skip to content

     
    • RSIS
    • Publication
    • RSIS Publications
    • CO17009 | Fight in Cyberspace: The State Strikes Back
    • Annual Reviews
    • Books
    • Bulletins and Newsletters
    • Commentaries
    • Counter Terrorist Trends and Analyses
    • Commemorative / Event Reports
    • IDSS Paper
    • Interreligious Relations
    • Monographs
    • NTS Insight
    • Policy Reports
    • Working Papers
    • RSIS Publications for the Year

    CO17009 | Fight in Cyberspace: The State Strikes Back
    Tan E Guang Eugene

    10 January 2017

    download pdf
    RSIS Commentary is a platform to provide timely and, where appropriate, policy-relevant commentary and analysis of topical and contemporary issues. The authors’ views are their own and do not represent the official position of the S. Rajaratnam School of International Studies (RSIS), NTU. These commentaries may be reproduced with prior permission from RSIS and due credit to the author(s) and RSIS. Please email to Editor RSIS Commentary at [email protected].

    Synopsis

    Ensuring that the state is secure from cyber threats is increasingly becoming the priority of states all over the world, sometimes clashing with concerns over privacy. There are four notable ways that states have increased their presence in cyberspace in 2016, and this presence is forecast to become more prominent in 2017.

    Commentary

    IN 2016, there are four main ways that states have tried to use cyberspace to either raise the level of security in cyberspace, or affect the security stance of other states. First, to misquote Clausewitz, states are increasingly using cyber as an extension of policy by other means. Russia was accused by the Office of the Director of National Intelligence and Department of Homeland Security in October 2016 for interfering with the US presidential elections.

    The agencies charged that the Russians hacked into the computers of the Democratic National Congress (DNC), and then leaked the emails to WikiLeaks to discredit the Democratic candidate, Hillary Clinton, whom they thought would be less favourable to Russian interests. This episode provides an interesting twist to what is considered to be the critical information infrastructure (CII) in any given state.

    Cyber As A Tool of Influence

    Typically, states see CII to be more technical in nature and in fields like transportation, communications, and finance, but now they also need to view the media, electoral and political system as a CII, which needs to be protected against interference from other states who want to influence opinion and decision making. Singapore is vulnerable to these information operations, given that it has a democratically elected government, and has seen an increasing number of “news” websites commenting on Singaporean issues.

    Second, states around the world are increasingly looking to implement strong surveillance laws with regard to cyberspace. China approved its new Cybersecurity Bill in November 2016, with more stringent rules requiring companies to provide data to the Chinese government upon suspicion of wrongdoing. The bill also requires businesses’ domestic data to be stored on Chinese servers and this data cannot be transferred overseas without state permission.

    The United Kingdom has also passed the Investigatory Powers Act 2016 giving the state broad ranging powers that allow surveillance to be conducted on a large scale. It is only a matter of time before more states adopt such sweeping legislation on surveillance in cyberspace.

    Singapore should be concerned as an aspiring technology hub and international data storage centre, with Singaporean companies and Singapore-based multinational corporations alike owning data that could be subject to other states’ laws and surveillance. There will be more pressure placed on technological companies to provide information and data to states.

    Corporations may also have to concede on some dearly-held principles to do business in a foreign state, or forgo business opportunities in that state altogether. Therefore, Singapore needs to consider the economic impact if it were to consider enacting similar legislation.

    The Desire for Backdoor Access

    Third, states increasingly want back doors to be built into the security of commercially available software, or for access to private data that has been secured by businesses. In the case Apple vs FBI last year, the state, represented by the FBI, brought Apple to court to compel it to help unlock the encryption of a deceased terrorist’s phone. Apple refused to do so, arguing that this would create a backdoor, and would make all iPhones vulnerable to malicious hackers.

    Given the failure of the United States in getting Apple to unlock a terrorist’s phone, it may be difficult for Singapore, as a small nation, to compel large corporations like Apple to tweak encryption technology to help with its law enforcement efforts. In the wake of terror attacks this year, France and Germany are also pushing the European Union to adopt a law that would require software companies to make encrypted messages available to law enforcement. The right to privacy has thus come under much pressure in the past year even in Western democracies that were previously known for their liberal views.

    Singapore has to determine if its security concerns outweigh the privacy of its citizens. It is not a given that Singaporeans will always choose security over privacy. Attitudes towards the balance between privacy and security are in flux, and laws should ideally reflect the societal attitudes.

    State As Protector Of All Data

    Fourth, some states appear to be offering cybersecurity protection to private enterprises. In September 2016, Ciaran Martin, the head of cyber at the United Kingdom surveillance agency GCHQ, proposed erecting a government-maintained firewall against malicious hackers. The primary goal of the move is to secure government websites and critical infrastructures against hackers, but in his comments, Martin said it could be expanded to include private companies as well.

    While this move naturally raises privacy concerns about governments holding and securing the data, the overall security gain for small and medium enterprises (SMEs) who are concerned about the cost of implementing an effective cybersecurity programme may tempt some of these enterprises to entrust their data or systems to a government-maintained firewall.

    States should however be aware of the additional risk in assuming responsibility for cybersecurity of SMEs. While this move may bring SMEs up to a minimum standard, a government cloud, with multiple SME eggs in one basket, would be a prime target for cyberattacks, and any breach or breakdown would result not only in financial losses, but also in reputational and political damage.

    2017 And Beyond: Implications for Smart Nation

    State intervention in cyberspace is not a new thing, but the tightening embrace of cyber issues by the state can be quite disconcerting and worrying to individuals and business. This is especially true for individuals who fiercely guard their privacy, or those who fear giving states too much power over its citizens. This may well lead to a restriction of fundamental liberties. States need to realise that the increasing Orwellian nature of state behaviour in cyberspace reduces the confidence of all users of cyberspace.

    Given the increasing stewardship role of states in cyberspace, there should be appropriate discussion over who will provide the role of ombudsman to the state, and if there is a danger of overreach into the personal lives of people. There is thus also a need to define how information is secured, while protecting both personal and enterprise privacy.

    This has implications for Singapore as an aspiring Smart Nation. The state will be responsible for a massive amount of data about its citizens, and any misuse of this data could erode trust in the agencies using the data. There are consequences for expanding the role of the state in cyberspace, and these consequences may not be conducive for the growth of both the society and the economy.

    About the Author

    Eugene E G Tan is an Associate Research Fellow at the Centre of Excellence for National Security (CENS), a constituent unit of the S. Rajaratnam School of International Studies (RSIS), Nanyang Technological University, Singapore.

    Categories: Commentaries / Country and Region Studies / Non-Traditional Security / East Asia and Asia Pacific / Global / Southeast Asia and ASEAN

    Last updated on 11/01/2017

    RSIS Commentary is a platform to provide timely and, where appropriate, policy-relevant commentary and analysis of topical and contemporary issues. The authors’ views are their own and do not represent the official position of the S. Rajaratnam School of International Studies (RSIS), NTU. These commentaries may be reproduced with prior permission from RSIS and due credit to the author(s) and RSIS. Please email to Editor RSIS Commentary at [email protected].

    Synopsis

    Ensuring that the state is secure from cyber threats is increasingly becoming the priority of states all over the world, sometimes clashing with concerns over privacy. There are four notable ways that states have increased their presence in cyberspace in 2016, and this presence is forecast to become more prominent in 2017.

    Commentary

    IN 2016, there are four main ways that states have tried to use cyberspace to either raise the level of security in cyberspace, or affect the security stance of other states. First, to misquote Clausewitz, states are increasingly using cyber as an extension of policy by other means. Russia was accused by the Office of the Director of National Intelligence and Department of Homeland Security in October 2016 for interfering with the US presidential elections.

    The agencies charged that the Russians hacked into the computers of the Democratic National Congress (DNC), and then leaked the emails to WikiLeaks to discredit the Democratic candidate, Hillary Clinton, whom they thought would be less favourable to Russian interests. This episode provides an interesting twist to what is considered to be the critical information infrastructure (CII) in any given state.

    Cyber As A Tool of Influence

    Typically, states see CII to be more technical in nature and in fields like transportation, communications, and finance, but now they also need to view the media, electoral and political system as a CII, which needs to be protected against interference from other states who want to influence opinion and decision making. Singapore is vulnerable to these information operations, given that it has a democratically elected government, and has seen an increasing number of “news” websites commenting on Singaporean issues.

    Second, states around the world are increasingly looking to implement strong surveillance laws with regard to cyberspace. China approved its new Cybersecurity Bill in November 2016, with more stringent rules requiring companies to provide data to the Chinese government upon suspicion of wrongdoing. The bill also requires businesses’ domestic data to be stored on Chinese servers and this data cannot be transferred overseas without state permission.

    The United Kingdom has also passed the Investigatory Powers Act 2016 giving the state broad ranging powers that allow surveillance to be conducted on a large scale. It is only a matter of time before more states adopt such sweeping legislation on surveillance in cyberspace.

    Singapore should be concerned as an aspiring technology hub and international data storage centre, with Singaporean companies and Singapore-based multinational corporations alike owning data that could be subject to other states’ laws and surveillance. There will be more pressure placed on technological companies to provide information and data to states.

    Corporations may also have to concede on some dearly-held principles to do business in a foreign state, or forgo business opportunities in that state altogether. Therefore, Singapore needs to consider the economic impact if it were to consider enacting similar legislation.

    The Desire for Backdoor Access

    Third, states increasingly want back doors to be built into the security of commercially available software, or for access to private data that has been secured by businesses. In the case Apple vs FBI last year, the state, represented by the FBI, brought Apple to court to compel it to help unlock the encryption of a deceased terrorist’s phone. Apple refused to do so, arguing that this would create a backdoor, and would make all iPhones vulnerable to malicious hackers.

    Given the failure of the United States in getting Apple to unlock a terrorist’s phone, it may be difficult for Singapore, as a small nation, to compel large corporations like Apple to tweak encryption technology to help with its law enforcement efforts. In the wake of terror attacks this year, France and Germany are also pushing the European Union to adopt a law that would require software companies to make encrypted messages available to law enforcement. The right to privacy has thus come under much pressure in the past year even in Western democracies that were previously known for their liberal views.

    Singapore has to determine if its security concerns outweigh the privacy of its citizens. It is not a given that Singaporeans will always choose security over privacy. Attitudes towards the balance between privacy and security are in flux, and laws should ideally reflect the societal attitudes.

    State As Protector Of All Data

    Fourth, some states appear to be offering cybersecurity protection to private enterprises. In September 2016, Ciaran Martin, the head of cyber at the United Kingdom surveillance agency GCHQ, proposed erecting a government-maintained firewall against malicious hackers. The primary goal of the move is to secure government websites and critical infrastructures against hackers, but in his comments, Martin said it could be expanded to include private companies as well.

    While this move naturally raises privacy concerns about governments holding and securing the data, the overall security gain for small and medium enterprises (SMEs) who are concerned about the cost of implementing an effective cybersecurity programme may tempt some of these enterprises to entrust their data or systems to a government-maintained firewall.

    States should however be aware of the additional risk in assuming responsibility for cybersecurity of SMEs. While this move may bring SMEs up to a minimum standard, a government cloud, with multiple SME eggs in one basket, would be a prime target for cyberattacks, and any breach or breakdown would result not only in financial losses, but also in reputational and political damage.

    2017 And Beyond: Implications for Smart Nation

    State intervention in cyberspace is not a new thing, but the tightening embrace of cyber issues by the state can be quite disconcerting and worrying to individuals and business. This is especially true for individuals who fiercely guard their privacy, or those who fear giving states too much power over its citizens. This may well lead to a restriction of fundamental liberties. States need to realise that the increasing Orwellian nature of state behaviour in cyberspace reduces the confidence of all users of cyberspace.

    Given the increasing stewardship role of states in cyberspace, there should be appropriate discussion over who will provide the role of ombudsman to the state, and if there is a danger of overreach into the personal lives of people. There is thus also a need to define how information is secured, while protecting both personal and enterprise privacy.

    This has implications for Singapore as an aspiring Smart Nation. The state will be responsible for a massive amount of data about its citizens, and any misuse of this data could erode trust in the agencies using the data. There are consequences for expanding the role of the state in cyberspace, and these consequences may not be conducive for the growth of both the society and the economy.

    About the Author

    Eugene E G Tan is an Associate Research Fellow at the Centre of Excellence for National Security (CENS), a constituent unit of the S. Rajaratnam School of International Studies (RSIS), Nanyang Technological University, Singapore.

    Categories: Commentaries / Country and Region Studies / Non-Traditional Security

    Last updated on 11/01/2017

    Back to top

    Terms of Use | Privacy Statement
    Copyright © S. Rajaratnam School of International Studies. All rights reserved.
    This site uses cookies to offer you a better browsing experience. By continuing, you are agreeing to the use of cookies on your device as described in our privacy policy. Learn more
    OK
    Latest Book
    CO17009 | Fight in Cyberspace: The State Strikes Back

    Synopsis

    Ensuring that the state is secure from cyber threats is increasingly becoming the priority of states all over the world, sometimes clashing with concer ...
    more info