Tuesday, 26 February 2019

The Sixth Pillar of Total Defence

As of the middle of this month, Digital Defence has officially become the sixth pillar of Singapore's Total Defence framework. The Government had spoken about this in 2018, outlining the need to take cyber-threats and disinformation seriously.

Total Defence

The Total Defense framework is a framework for an all-round defense against threats to the country, and encompasses the following aspects or "pillars". For some context, here's a brief outline.

Military Defence. Our army, navy and air force guard us against external threats such as foreign invasion. Male citizens are expected to perform National Service, and females are encouraged to be supportive or sign up for the military themselves.

Civil Defence. Our police, medical personnel and firefighters protect us in times of crisis. Citizens are taught how to react during emergencies and to stay alert at all times.

Economic Defence. Ensuring a strong economy to maintain stability and good infrastructure. Citizens are expected to remain productive while embracing lifelong learning and constantly upgrading skillsets to better meet the needs of the economy, spend within their means and invest wisely.

Social Defence. Ensuring that Singaporeans live in harmony, build strong bonds and stand united in the face of a threat, and stay vigilant against attempts to undermine the social fabric of society. (Phew, what a mouthful). Examples include guarding against fake news or malicious rumors designed to divide Singapore along racial, religious or political lines, welcoming new citizens and helping them assimilate into our culture, and so on.

Psychological Defence. Developing strength of will and resilience, to build our ability to bounce back after a setback; to understand Singapore's history and appreciate how she got where she is today.

The sixth pillar - Digital Defence

This new pillar basically entails developing the expertise to guard against cyber-terrorism, fake news and other computer-based threats. This came about after Singapore was beset by some high-profile data breaches in the past year and beyond.

This seems rather unnecessary. While I appreciate and fully endorse the reasoning behind this move, as a tech professional, I can't agree with its implementation. The average non-techie whose interaction with technology is pretty much limited to using Facebook to view cat pictures and hailing cab rides on Grab, may be impressed and think that the Government has got this under control. I have my reservations.

Do we need a sixth finger?

For one, I've always thought of Total Defence as a hand with five fingers - each pillar representing a finger. Now we're going to have a sixth finger (A Digit-al aspect, geddit? Hur hur) and this pretty much screws with my mental model. But as quibbles go, this is a relatively minor one.

There's potential for huge backfire. Making Digital Defence the sixth pillar was merely a declaration of intent. Are we confident enough, given everything that has happened up to this point, that we can continue to safeguard against cyber-attacks, and actually back this up? We're going to be mightily embarrassed if we get successfully attacked again after this.

A huge target.

The Government needs to remember that these are hackers they are dealing with, not any other run-of-the-mill class of criminal. Some criminals may be deterred by the presence of numerous armed guards and a padlock, and seek easier gains elsewhere. Hackers aren't necessarily motivated by profit. They're also motivated by the challenge, and in some cases, the need to see the world burn. A visible and high-profile declaration of intent like this Sixth Pillar, only serves to paint a great big nigh-irresistable bulls-eye on our backs.

But for my biggest quibble...

This Sixth Pillar business feels awkward and tacked-on, and is uncannily reminiscent of some backward practices I've observed in companies I've worked in. Some companies don't really understand technology. They see it as something their competitors have, and therefore, to keep up with the Joneses, it's something they've got to have too. This usually manifests in the form of a separate IT Department alongside Logistics, Accounts and what-have-you.

Tacked on.

The problem here is that these companies who set up the IT Department within their organization, see technology as a separate aspect. The rest of the organization is still filled with clueless dinosaurs who can barely operate their email accounts and need help creating reports on spreadsheets. The staff don't have a good understanding of technology, what it can accomplish, what it can't accomplish, and don't have the know-how to keep the company operating using the technological infrastructure to its fullest.

Just like Digital Defence being a separate sixth pillar alongside all the other pillars. See the parallel here?

What should Singapore do, then?

Make Digital Defence part of Military, Civil, Economic, Social and Psychological Defence. For Military Defence, the SAF is already doing this with their Cyber Defence School. The Government released the SGSecure app for Civil Defence. Guarding against fake news is already part of Social Defence. For Economic Defence, train citizens in computer know-how and how to recognize phishing attempts and online scams.

Technology has to be part and parcel of all aspects of Total Defence. Integrate Digital Defence into everything. It is not, and should not be considered, a separate aspect.

Remember, there's a part for everyone!
T___T


No comments:

Post a Comment