National position of Singapore (2021)

Introduction[edit | edit source]

This is the national position of Singapore on international law applicable to cyberspace. The position ^[1] has been submitted by Singapore and included within the official UNGGE compendium of voluntary national contributions on the subject of how international law applies to the use of information and communications technologies by States.^[2]. The compendium has been publicly released in August 2021.^[3]

Applicability of international law[edit | edit source]

"[..] we believe it is important to build a rules-based international order in cyberspace, especially given rapid digitalisation. The adherence by States to international law is essential to support and promote an open, secure, stable, accessible, peaceful, and interoperable ICT environment."^[4]

"[..] Singapore affirms the principle that international law, in particular the Charter of the United Nations (the “UN Charter”), applies to cyberspace."^[5]

Sovereignty[edit | edit source]

"Singapore affirms that the following key principles enshrined in the UN Charter apply in cyberspace as they do in the physical world, and are of fundamental importance to small States, such as Singapore:

• First, the principles of State sovereignty and sovereign equality of all States. Singapore’s position is that a cyber operation could, in certain circumstances, amount to a violation of sovereignty.^[6]

Prohibition of intervention[edit | edit source]

"[..] Singapore affirms that the principle of non-intervention in the internal affairs of other States applies to cyberspace. A prohibited intervention by one State against another must have a bearing on matters in which the victim State is permitted, by the principle of State sovereignty, to decide freely, including its choice of a political, economic, social and cultural system, and the formulation of foreign policy. In Singapore’s view, intervention necessarily involves an element of coercion. As non exhaustive examples, where there is interference in Singapore’s electoral processes through cyber means, or cyber-attacks against our infrastructure in an attempt to coerce our government to take or forbear a certain course of action on a matter ordinarily within its sovereign prerogative, these instances will constitute a violation of the principle of non-intervention."^[7]

Peaceful settlement of disputes[edit | edit source]

"[..]the obligation of all States to settle their international disputes by peaceful means, in such a manner that international peace and security are not endangered."^[8]

"Singapore’s view is that the obligation of all States to settle their international disputes by peaceful means, in such a manner that international peace and security are not endangered, remains a key principle underpinning the international legal order."^[9]

"Singapore shares the concerns of other States on the escalation of conflicts in the cyber sphere, against the backdrop of continuing fast-paced developments in technology. Singapore affirms the key principle enshrined in the UN Charter that States shall settle their international disputes by peaceful means, in such a manner that international peace and security are not endangered. This obligation applies in cyberspace as it does in the physical world and does not impair the inherent right of States to take measures consistent with international law and as recognised under the UN Charter."^[10]

Self-defence, armed attack and use of force[edit | edit source]

"[..]the obligation of all States to refrain from the threat or use of force against the territorial integrity or political independence of any State. A cyber operation can cause severe consequences and effects. In determining whether a cyber operation amounts to the use of force, factors that may be taken into account include, but are not limited to, the prevailing circumstances at the time of the cyber operation, the origin of the cyber operation, the effects caused or sought by the cyber operation, the degree of intrusion of the cyber operation, and the nature of the target.

While Singapore considers the above principles to be essential ones underpinning the international legal order, Singapore’s position is that it bears noting that ultimately, none of these impair a State’s inherent right of self-defence, as provided under the UN Charter. This right of self-defence also applies in the cyber domain. In other words, a State has the inherent right of self-defence if malicious cyber activity amounting to an armed attack, or an imminent threat thereof, occurs against that State.

Malicious cyber activity attributable to a State that causes death, injury, physical damage or destruction equivalent to a traditional non-cyber armed attack, or presenting an imminent threat thereof, would constitute an armed attack. Singapore notes the increasing prevalence of this view amongst States.

In Singapore’s view, it is also possible that, in certain limited circumstances, malicious cyber activity may amount to an armed attack even if it does not necessarily cause death, injury, physical damage or destruction, taking into account the scale and effects of the cyber activity. An example might be a targeted cyber operation causing sustained and long-term outage of Singapore’s critical infrastructure.

A series or combination of cyber-attacks, whether or not it is in combination with kinetic attacks, may amount to an armed attack, even if the individual attacks do not reach the threshold equivalent to an armed attack, as long as the attacks are launched by the same actor or by different attackers acting in concert."^[11]

Countermeasures[edit | edit source]

"Even if malicious cyber activity against a State has not risen to the level of an armed attack entitling the victim State to exercise the right of self-defence, international law provides that a victim State that is subjected to another State’s internationally wrongful act against it (whether through malicious cyber activity, or physical means) is entitled to have recourse to counter-measures which are consistent with international law.

Malicious cyber activity attributable to a State that interferes with a victim State’s proper governing functions is an example of an internationally wrongful act."^[12]

Retorsion[edit | edit source]

"Apart from counter-measures, a victim State that is subject to malicious cyber activity short of an internationally wrongful act may also respond with acts of retorsion."^[13]

Due diligence[edit | edit source]

"There is a need for more clarity on the scope and practical applications, if any, of due diligence in cyberspace. Issues such as the threshold required to trigger an obligation on States to act or respond, the degree of knowledge required of States, and the measures expected of a State from which the malicious cyber activity originates, are some examples of the questions that need to be further discussed and addressed among States."^[14]

International humanitarian law (jus in bello)[edit | edit source]

"Singapore’s view is that in times of armed conflict, the relevant principles of international humanitarian law (“IHL”) would apply to the belligerents’ use of cyberspace. Some examples of such principles would include those of humanity, necessity, proportionality and distinction.

The principle of proportionality requires a State to refrain from launching a cyber operation which may be expected to cause incidental loss of civilian life, injury to civilians, damage to civilian objects, or a combination thereof, which would be excessive in relation to the concrete and direct military advantage anticipated.

In keeping with the principle of distinction, cyber operations undertaken in the context of armed conflicts have to distinguish between legitimate military objectives and civilian objects. Only legitimate military objectives may be targeted."^[15]

Appendixes[edit | edit source]

See also[edit | edit source]

Notes and references[edit | edit source]

Bibliography and further reading[edit | edit source]