Singapore―SICW 2024―David Koh is the first commissioner of cybersecurity in Singapore and the first chief executive (CE) of the Cyber Security Agency (CSA). Since the establishment of CSA in 2015, he has led the agency as CE while also serving as the chief digital security and technology officer at the Ministry of Digital Development and Information.
On the morning of Oct. 17, Koh sat down with journalists who had flown in to cover the Singapore International Cyber Week (SICW), a conference that has become, in less than a decade, the Asia-Pacific region’s most established cybersecurity event. Over coffee and a sandwich, the chief executive answered questions from the press and discussed some of the week’s key announcements.
Regarding the Cybersecurity Labelling Scheme (CLS), where CSA signed mutual agreements with South Korea and Germany a day before the foreign media meeting, Koh explained that the initiative is a coordinated effort to shift the industry’s long-standing view of cybersecurity from one of concern over cost to one that prioritizes competitive advantage.
- Related article: Singapore, South Korea join forces on cybersecurity labelling for consumer products READ MORE
Koh shared his personal experience with the press to illustrate how the CLS empowers both consumers and manufacturers.
“A few years ago, I wanted to buy a home router for myself and went to the department store. There I thought, since I’m in charge of cyber, I should buy one that is secure. So, I stood there for half an hour looking at all the boxes, but I couldn’t figure it out. I came back to the office the next day and asked my colleague which home router I should buy. They suggested two brands. During this process, I realized that it is difficult to buy a secure product even if you want to. At the same time, my colleague came to me with an idea that we should try to make it easier for consumers to identify which one is secure.”
Koh explained that the CLS works like an energy efficiency label. When consumers choose home appliances, such as refrigerators, they look at the energy efficiency label to see which one is the most efficient. Similarly, the CLS displays the security level of consumer products with asterisks, each representing a higher tier of testing and assessment the product has passed.
“Under the CLS, suppliers are not just selling their products to the population. The moment they get the cybersecurity label, they can put it on their products while promoting them through e-commerce websites and show their products are more secure,” Koh explained. He also emphasized that the CLS should be developed into an international standard, much like ISO standards, which are widely recognized guidelines that ensure quality, safety, and efficiency across various industries.
Koh stressed that cybersecurity is essential for realizing the benefits of digital development and emerging technologies. “The way ASEAN ministers view cybersecurity is that it is a key enabler of digital development in Asia,” said the chief executive. “This is an important message that brings us to a point we didn’t see. People see cybersecurity as a national security issue, an existential threat, or a cost, but the way we see it in Asia is that cybersecurity is an enabler,” he added.
Koh provided the press with another analogy to illustrate his point, commenting, “Cybersecurity is like the brakes on a car. If you want to drive fast, you need good brakes.”
Other topics the press discussed with Koh included the results of ASEAN Ministerial Meetings, the establishment of ASEAN Regional CERT, which aims to promote information sharing among member states, international ransomware responses, domestic cooperation across generations, and the need for cybersecurity related legislation.
- Related article: “Be visible. Trust yourself. Uphold integrity,” say women in cyber READ MORE
In his final comments, the chief executive of the CSA emphasized the importance of conversation, especially amid political tensions. “During the dinner at the SICW Summit, Minister Josephine Teo said that ‘we need to have difficult conversations. If we don’t have difficult conversations, we will have to deal with difficult consequences.’ I think that’s a great perspective to take. In this context, SICW is not just a conference for tech people, but a facilitator of broader conversation,” he said.