SINGAPORE: For the first time, Singapore has put forth a holistic national cybersecurity strategy that will underpin its Smart Nation aspirations and act as an enabler for its economy and society, while enhancing its standing as a trusted digital hub.
Unveiled by Prime Minister Lee Hsien Loong on Monday (Oct 10), the new strategy outlines Singapore’s vision, goals and priorities in the online space and has four pillars: Building a resilient infrastructure; creating a safer cyberspace; developing a vibrant cybersecurity ecosystem; and strengthening international partnerships.
"Singapore aspires to be a Smart Nation. But to be a Smart Nation, we must also be a safe, cyber nation," said Mr Lee. "We must get cybersecurity right, to capture the benefits of a more connected world."
CSA chief David Koh added in a separate media briefing after the announcement that while there were existing national masterplans on cybersecurity, including the most recent one spanning 2013 to 2018, the latest strategy supercedes the existing one as it is wider encompassing. The previous masterplans were more operational and domestically focussed, but the new strategy's fourth pillar, which deals with international cooperation, is new and shows its wider remit, he explained.
BUILDING A RESILIENT INFRASTRUCTURE
The first pillar is meant to step up protection of the Republic’s essential services in key sectors such as emergency services, e-Government, banking and finance, utilities, transport and healthcare, according to the Cyber Security Agency of Singapore (CSA).
To do so, it is looking to expand the National Cyber Incident Response Team and National Cyber Security Centre. It is also looking to equip IT security professionals by mounting multi-sector exercises to test cooperation and where the scope of responsibilities overlap.
Last May, CSA held its first cybersecurity table-top exercise, CyberArk IV, for the finance and banking sector, which was witnessed by the Minister-in-Charge of Cyber Security Yaacob Ibrahim.
Additionally, there are plans to strengthen the country’s existing cybersecurity governance and legislative framework. Dr Yaacob, who is also the Minister for Communications and Information, had announced in Parliament in April that a new Cybersecurity Act will be tabled by the middle of 2017.
"Broadly speaking, the Bill will ensure that operators take proactive steps to secure our critical information infrastructure, and report incidents. It will also empower the Cyber Security Agency to manage cyber incidents and raise the standards of cybersecurity providers in Singapore," Dr Yaacob said then.
CSA's Koh said the new Act is aimed at addressing the current gap in critical infrastructure, particularly in the standards and incident reporting protocols for service providers. The primary focus for the Act is to have a minimum set of standards and rules for these organisations, followed by determining how to enforce these rules, he said, adding that fining these operators may not be the best way to do so.
He said industry stakeholders have yet to be consulted, but that CSA will do so before the Bill is tabled in Parliament.
In the public service, ministries, senior civil servants and half of the public agencies have already started using separate networks for internet surfing and work systems such as emails, Mr Lee said, adding that the rest of the agencies are on track to implement this by mid-2017. Government officers can still surf the Internet using devices that are not connected to the internal network, he explained.
CREATING A SAFER CYBERSPACE
Singapore is also looking to create a safer cyberspace, and one of the key ways it is looking to combat cybercrime more effectively is to implement the National Cybercrime Action Plan announced by Home Affairs Minister K Shanmugam in July this year. The action plan is underpinned by four key principles: Prevention, a quick, strong response to incidents of cybercrime, effective laws and close partnerships, the minister had said.
The CSA, too, is looking to promote a culture of collective responsibility for cybersecurity, and this means the Government, businesses and the man on the street as well as the wider community will have a part to play in keeping the digital space a safe one to be in.
DEVELOPING A VIBRANT CYBERSECURITY ECOSYSTEM
In the third pillar of the national cybersecurity strategy, Singapore is looking to establish a professional workforce for the cybersecurity sector and this includes creating clearer pathways for existing professionals. For instance, there is the Cyber Security Associates and Technologists (CSAT) programme that will allow existing ICT professionals with three years’ working experience to switch over to cybersecurity via a six-month training scheme.
Within the public sector, CSA is looking to develop a competency framework to recognise those with IT security skillsets, regardless of which ministry or agency one is in. It is also working with the private sector to ensure these skilled workers can move from the public sector to the private, and vice versa, seamlessly.
As for ensuring a good talent pool, CSA is also working with Institutes of Higher Learning in the city-state to make sure there is minimal skills gap for those leaving school to enter the workforce. This includes co-developing curricula with these schools, Mr Koh noted.
STRENGTHENING INTERNATIONAL PARTNERSHIPS
On the regional and international front, the agency is looking to forge stronger ties with counterparts from other countries with regard to cyber incident response and even prosecuting cybercrime that crosses national boundaries.
To this end, the CSA had earlier inked agreements with the United Kingdom, France, the Netherlands, India and the United States to strengthen cybersecurity cooperation. It is now turning its sights to the Association of Southeast Asian Nations (ASEAN) members for greater partnership.
The agency said while there are certain operational and tactical cooperation in place under the ASEAN banner, more can be done. It is hopeful that such conversations can be had at the ministerial level, starting with the Singapore International Cyber Week 2016 platform held here.
CSA also noted that the Interpol Global Complex for Innovation is based out of Singapore, which aids in policing the cyberspace more effectively.
Editor's note: An earlier version of this story quoted CSA as saying that it would consult with industry stakeholders after the Cybersecurity Bill is tabled in Parliament. The agency has since clarified that it intends to do so before the Bill is tabled, to allow for feedback to be considered in the drafting process.