WASHINGTON, DC: Singapore can play an “important role” in cybersecurity for the Southeast Asian region, particularly in the area of thought leadership, said FireEye CEO Kevin Mandia on Thursday (Oct 4).
Mr Mandia told Channel NewsAsia in an interview on the sidelines of the company’s Cyber Defense Summit 2018 here that Singapore can lead the way for others in the region in terms of how to respond to cyber incidents and coming up with cyber rules for the region’s nations should it want to.
On the latter, this could mean rules like no nation can hack another, or shut down a hospital or steal health records, the executive elaborated.
“(Singapore) has more centralised controls to prepare for and respond to cyber incidents than the United States, and potentially any nation out there,” he said. “And you’re organised; you’re a nation that does what it says it will do.
“You can set the bar for Southeast Asia and it will be difficult to replicate what you do.”
He, however, declined to comment specifically on the SingHealth hack - which was described as Singapore's most serious breach of personal data and saw 1.5 million patients' non-medical personal data stolen including Prime Minister Lee Hsien Loong's - as well as how the Government responded in disclosing the incident to the public.
There is an ongoing Committee of Inquiry hearing into the SingHealth cyberattack.
The FireEye CEO had earlier highlighted the need for internationally agreed cyber rules given that there appear to be “deteriorating” rules of engagement among nation states in cyber space, which was echoed by former US secretary of state Madeleine Albright.
Singapore, as the current chair of the Association of Southeast Asian Nations (ASEAN), has been taking the lead to promote the adoption of technology in general and bolstering member states’ cyber defence capabilities in specific.
For example, in September this year, Communications and Information Minister S Iswaran announced the ASEAN-Singapore Cybersecurity Centre of Excellence, meant to help develop ASEAN nations’ cybersecurity capabilities, will be launched in 2019 as an extension of the ASEAN Cyber Capacity Programme. It will be investing S$30 million over the next five years to fully fund the centre, he added.
The Cyber Security Agency of Singapore (CSA) also said last month the ASEAN Ministerial Conference on Cybersecurity (AMCC) agreed that there is a need for a formal cybersecurity mechanism to consider and to decide on inter-related cyber diplomacy, policy and operational issues. Singapore is to propose this mechanism, which will be tabled to ASEAN leaders for consideration, it added.
GROWING THE CYBERSECURITY TALENT POOL
Locally, CSA has set up an academy to train cybersecurity professionals in Government and critical information infrastructure (CII) sectors initially. It collaborated with FireEye to be its first partner to provide incident response and malware analysis training, to which Mr Mandia said the initiative is “going well”.
He said he had sat in on training sessions and have been impressed with the level of skills that the participants had, based on how they dealt with the “very realistic” lessons taught to them.
Yet while the cybersecurity vendor is helping to improve Singapore’s technical capacity, Mr Mandia is undecided on whether mandating undergraduates having to take basic cybersecurity modules is the way to go.
Another conference speaker, former US Chief Information Officer Tony Scott, who served in the Barack Obama administration from 2015 to 2017, suggested this as one way of bridging today’s skills gap in cybersecurity.
Mr Mandia said based on his own teaching experience at Carnegie Mellon University, he found that students who are already IT security professionals retained information better than those who are not pursuing it as a career, so it might prove counterproductive to compel students learn about the subject.
His personal experience has not stopped FireEye from inking a deal with Singapore’s Nanyang Technological University last year to develop courses to meet the rising demand for cybersecurity professionals and explore new areas in research though.
CSA chief David Koh said then that the partnership is a “welcome move to ensure we have a pool of skilled manpower with deep cybersecurity capabilities for Singapore”.