Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime , Fraud Risk Management
US, Singapore Sign Cybersecurity Agreements
Nations Agree to Collaborate on Information Sharing, TrainingThe U.S. and Singapore have announced three agreements to expand their collaborative efforts - including shoring up information sharing, research and training - to address global cybersecurity issues, the White House announced Monday.
See Also: The Healthcare CISO’s Guide to Medical IoT Security
The news came during the first leg of U.S. Vice President Kamala Harris' diplomatic trip to Asia this week. Harris and Singapore Prime Minister Lee Hsien Loong confirmed Monday that three "memorandums of understanding" between the U.S. and Singapore had been signed.
Financial Systems
An agreement between the U.S. Treasury Department and the Monetary Authority of Singapore "recognizes the importance of deepening cooperation in new domains to deal with the challenges of the 21st century," the Treasury Department says in a statement.
The agreement is designed to enhance the bilateral cooperation by improving or adding:
- Information sharing related to the financial sector around regulations and guidance and cybersecurity incidents and threat intelligence;
- Staff training and study visits to promote cooperation;
- Competency-building activities - such as cross-border cyber exercises.
U.S. Treasury officials cite an "ongoing exchange of cyberthreat information" with its Singaporean counterparts since 2018.
"The United States and Singapore have a long-standing bilateral partnership," says U.S. Treasury Secretary Janet Yellen. "In our interconnected world, Treasury and MAS share common goals of maintaining strength and stability, as well as operational and cyber resilience in each country's economy and financial system. The cybersecurity cooperation agreement will serve to improve the cyber resilience of both countries' financial systems."
Ravi Menon, who heads Singapore's Monetary Authority, adds: "Close cooperation is essential to ensure the cyber resilience of our financial systems. This [agreement] between the Treasury and MAS will be particularly useful in the areas of cyberthreat information sharing and cross-border cybersecurity exercises."
CISA and CSA
Another agreement, between the U.S. Cybersecurity and Infrastructure Security Agency and the Cyber Security Agency of Singapore "will enhance information exchange on cyberthreats and defensive measures, increase coordination for cyber incident response and enable cybersecurity capacity building across Southeast Asia," the White House said Monday.
CISA notes that the agreement will "expand into new areas of cooperation, such as critical technologies, and research and development."
New CISA Director Jen Easterly notes: "Cyberthreats don't adhere to borders, which is why international collaboration is a key part of the … administration's approach to cybersecurity. The [agreement] allows us to strengthen our existing partnership with Singapore so that we can more effectively work together to collectively defend against the threats of today and secure against the risks of tomorrow."
David Koh, chief executive at Singapore's Cyber Security Agency, says that the agreement "is a testament of our shared vision to work together toward a stable, secure, resilient and interoperable cyberspace. … We look forward to continuing our work with the U.S."
Defense Agreement
The third agreement involves the U.S. Department of Defense and Singapore's Ministry of Defense, as well as the Singapore Armed Forces.
This agreement "institutionalizes" cybersecurity cooperation between the nations' defense agencies and militaries.
The White House said Monday the memorandum will "support broad defense cooperation" and include exchange of threat indicators, combined cyber-training and "other forms of military-to-military cooperation."
Security Experts Weigh In
Mark Rasch, a former trial attorney for the Department of Justice who is currently an attorney in private practice, says the three agreements are good steps that could help to remove barriers.
Rasch cautions that any international cooperation - including the gathering of data from internet service providers and delivery to respective governments - must be "done in ways that respect the legal regimes of both countries."
The U.S. agreements with Singapore, Rasch continues, make it clear that "cybersecurity is a global problem."
Scott Shackelford, executive director of Indiana University's Cybersecurity and Internet Governance program, notes that the agreements provide a valuable foundation for deepening U.S. engagement with Asian allies. They come at a time, he says, when "U.S. security commitments are in need of a boost - given the still unfolding chaos in Afghanistan."
Similarly, Dr. Kenneth Williams, executive director of the Center for Cyber Defense and a cybersecurity program director at American Public University System, says: "We need as much assistance as we can get from allies around the world, especially those like Singapore situated close to the South China Sea."
Increased China Focus
Thank you Foreign Minister @VivianBala for welcoming me to Singapore. Southeast Asia and the Indo-Pacific are critically important to the security and prosperity of the United States. pic.twitter.com/TZjFukDeeA
— Vice President Kamala Harris (@VP) August 22, 2021
Vice President Harris' tour of Southeast Asia comes as U.S. relations with China have continued to sour in recent months in light of the nation's cyber-offensive efforts.
Anne Neuberger, the deputy national security adviser for cyber and emerging technology, recently confirmed the Biden administration is building an international consensus on reactionary measures against China's cyber actions. These include a series of attacks on vulnerable Microsoft Exchange servers earlier this year, which the U.S. attributed to China's Ministry of State Security in July (see: Anne Neuberger on Why No Sanctions Issued Against China Yet).
Last month, the U.S. Department of Justice also indicted four Chinese nationals working with the MSS over an alleged hacking campaign conducted from 2011 to 2018 that targeted universities and government entities to obtain trade secrets, medical research and other intellectual property (see: US Indicts 4 Chinese Nationals for Lengthy Hacking Campaign).