A SMALL STATE’S APPROACH TO CYBERSECURITY: THE CASE OF SINGAPORE

Abstract

This thesis seeks to investigate a small state’s approach towards unprecedented security threats, in particular, security threats from cyberspace. Modern societies’ rising dependence on infrastructure in cyberspace has meant that cyberspace has become a rising source of security threat. As a small and highly-interconnected state, Singapore would certainly be vulnerable to a myriad of security threats from cyberspace. As such, this thesis examines how Singapore, as a small state, approaches security threats from cyberspace. In examining Singapore’s approach towards cybersecurity as a small state, this thesis will first establish the literature on small state cybersecurity strategies. It will then illuminate and account for the divergences between Singapore’s cybersecurity approach and those established in the literature on small state cybersecurity strategies, and evaluate the successes of and challenges facing Singapore’s cybersecurity approach. Overall, this thesis argues that the Singapore government’s leadership in cybersecurity may be attributed to domestic norms-building and domestic political will. The government’s leadership in cybersecurity may be understood as three key approaches – (i) strengthening of regulation and legislation, (ii) prioritisation of cybersecurity and (iii) development of cybersecurity capabilities. While the government has been successful in providing opportunities for continuous improvement in cybersecurity, there are continued challenges in cybersecurity in the five areas: lack of public awareness, high levels of connectivity, offence defence imbalance in cyberspace, difficulties in achieving international cooperation and potential institutional overlap. As a matter of personal preference, this thesis uses the word “cybersecurity” as one single word and the words “cyber attack” as two separate words.