Cyber threats targeting critical infrastructure (CI) and assets, often undetected by the victim, have become the ‘new normal’ in today’s heightened geopolitical climate. Additionally, decision-makers are concerned not only with malicious cyber activities, but also with faulty and insufficiently secure software development practices that can cause global disruptions due to interconnected supply chains.
To maintain international security and peace, do we – both state and non-state stakeholders – know what is the right thing to do to secure critical assets? How do the agreed cyber norms support operators of critical facilities and other relevant stakeholders? Which questions should actors focus on to reduce harm from cyber threats affecting CI?
On 16 October, the Geneva Dialogue organised a multistakeholder session to discuss these questions in the context of the the Geneva Manual on Responsible Behaviour in Cyberspace, a comprehensive guide on the implementation of cyber norms and confidence-building measures (CBMs) by non-state stakeholders. The session took place during the 2024 Singapore International Cyber Week (SICW).
Dr. Regula Kurzbein, Deputy Head of Mission at the Embassy of Switzerland in Singapore, and Mr. Christopher Anthony, Director of the Critical Information Infrastructure Division at the Cyber Security Agency of Singapore (CSA), delivered opening remarks, emphasising the importance of international multistakeholder efforts in safeguarding critical infrastructure.
Following their remarks, a roundtable discussion was led by Mr. Benjamin Ang, Head of the Centre of Excellence for National Security (CENS), Future Issues in Technology (FIT) at the S. Rajaratnam School of International Studies (RSIS). The discussion focused on three key questions:
- How can we effectively protect critical infrastructure, facilities, and assets with regional or international significance? What measures should be implemented, and which stakeholders should be engaged?
- Can cyber operations avoid targeting critical infrastructure, or is that an unrealistic expectation?
- How do we establish accountability for damage caused by threats to critical infrastructure, especially when established norms are violated?
To gain insights from various stakeholders (government, critical infrastructure industries, and the cybersecurity research community), the Geneva Dialogue organised a tabletop exercise. Participants were divided into three groups, each led by a team captain: Mr. Teo Xiang Zheng, Vice President of Advisory at Ensign InfoSecurity; Mr. Steven Sim Kok Leong, Chair of the Executive Committee at the Operational Technology Information Sharing and Analysis Centre (OT-ISAC); and Mr. Eugene EG Tan, Associate Research Fellow at RSIS.
