For all critical sectors to establish robust and systematic cyber risk management processes and capabilities
Systematic cyber risk management framework
risk assessments, vulnerability assessments and system reviews;
well-informed and conscious trade-offs in security, cost and functionality
sound systems and procedures to mitigate and manage these risks, including disaster recovery and business continuity plans;
effective implementation that encompasses awareness building and training across the organisation
continuous measurement of performance through process audits and cyber-security exercises.
2. Smart Nation Singapore
Five key domains
Transport;
Home & environment;
Business productivity;
Health and enabled ageing;
Public sector services.
Enablers
Facilitating smart solutions
Open Data & Connectivity
Investment in Research & Development
Living laboratory
Industry and Start-up ecosystem
Cybersecurity and Data Privacy
3. IoT, Interconnectivity, Sensors
The Internet of Things (IoT) is one of the essential elements for Singapore to
realise its vision of a Smart Nation. It is estimated that IoT is set to create a
US$19 trillion global opportunity.
In Singapore, the Information Technology Standards Committee (ITSC)
was formed in 1990 as a neutral and open platform for interested industry
and government parties to come together to agree on technical
standards. It’s an industry-led effort made up of volunteer members from
the industry, but supported by SPRING Singapore
An industry working group, the Internet of Things Technical Committee
(IoTTC), has been set up within ITSC to identify relevant open standards
and establish a set of technical references for homes and public areas
with regard to the Smart Nation plan.
Security is an important aspect of IoT that Singapore is addressing. While
there are significant economic benefits to collecting and opening up
data for sharing, there is also the danger of data being misused.
4. Cybersecurity is a key enabler of
the Smart Nation
The Smart Nation initiative is coordinated by the Smart Nation Programme Office in the Prime
Minister's Office (SNPO), supported by other government agencies
The Government recognises the possible risks and has prioritised safeguarding relevant systems
and networks that relates to security of citizens and privacy of data
GovTech is tasked with counteracting Cyber Threats, spearheads the development of cyber
security policies and assists agencies in complying with them.
The Cyber Security Group acts as the central interface for government agencies as well as
external parties on all cybersecurity incidents.
Cyber Security Agency (CSA) is working with the Smart Nation Programme Office (SNPO) to
realise Singapore’s Smart Nation vision.
Mr David Koh, the chief executive of the Cyber Security Agency (CSA) co-chairs the
cybersecurity unit in SNPO
CSA adopts a “light touch’” when the SNPO is experimenting. Once it is decided that the pilot
will be deployed extensively, then CSA will come in and ensure online security is built into the
design. The fine balance is not to interfere with the ideas, while ensuring that systems are
secure
5. Cybersecurity Strategy - Four Pillars
Launched by the Prime Minister at the Singapore
International Cyber Week (or SICW) on 10 October
2016
Building a Resilient Infrastructure
Creating a Safer Cyberspace
Developing a Vibrant Cybersecurity Ecosystem
Strengthening International Partnerships
6. History
2005 Infocomm Security Masterplan (ISMP) (2005-2007)
coordinated effort to secure Singapore’s digital environment
2008 Infocomm Security Masterplan (2008-2012)
2009 Singapore Infocomm Technology Security Authority (SITSA)
Able to coordinate national-level responses against large-scale cyber-attacks
2013 National Cyber Security Masterplan (NCSM2018)
2013 National Cybersecurity R&D (NCR) Programme
2014 National Cyber Security Centre (NCSC)
2015 Cyber Security Agency of Singapore (CSA)
the central agency to oversee and coordinate all aspects of cybersecurity for the nation
2015 Cybercrime Command
a unit within the Criminal Investigation Department of the Singapore Police Force
(2016 National Cybercrime Action Plan (NCAP) - priorities
7. 11 Singapore’s Critical Information
Infrastructure (CII) sectors
Singapore is an international financial, shipping and aviation hub, houses critical systems that
transcend national borders, such as global payment systems, port operations systems, and
air-traffic control systems.
SERVICES
Government and emergency services, healthcare, media, banking and financial services.
UTILITIES
Power, water and telecommunications
TRANSPORT
Singapore Port and Changi Airport
8. CII Protection Programme with systematic
cyber risk management processes
For all critical sectors to establish robust and systematic cyber risk
management processes and capabilities
Systematic cyber risk management framework
risk assessments, vulnerability assessments and system reviews;
well-informed and conscious trade-offs in security, cost and functionality
sound systems and procedures to mitigate and manage these risks,
including disaster recovery and business continuity plans;
effective implementation that encompasses awareness building and
training across the organisation
continuous measurement of performance through process audits and
cybersecurity exercises.
9. Security-by-Design as the
governance framework for CII protection;
Pre-empt cyber vulnerabilities by promoting Security-by-
Design practices.
Promote the practice of penetration testing to discover
vulnerabilities early for remediation at the design stage;
Build a strong community of practice in product and system
testing based on established international standards, such as the
Common Criteria product assurance certification; and
Continue to refine methodologies and develop new security
validation tools to improve the efficacy of Security-by-Design.
10. Case Study - FinTech
The Monetary Authority of Singapore (MAS) has formed a Financial
Technology & Innovation Group in 2015 to drive the Smart Financial
Centre initiatives. Efforts by MAS to manage risks associated with
FinTech include:
Establishing a FinTech Innovation Lab that allows stakeholders to
experiment with FinTech solutions, including security solutions;
Establishing “regulatory sandboxes” that can be used to carve out
a safe and conducive space to experiment with FinTech solutions,
and where the consequences of failure can be contained;
Providing financial support through the Financial Sector
Technology & Innovation scheme for projects that uplift the
cybersecurity ecosystem in Singapore.
11. Governance and Legislative Framework
The new Cybersecurity Act will establish a comprehensive framework
for the prevention and management of cyber incidents, and
complement the existing Computer Misuse and Cybersecurity Act
(CMCA), which will continue to govern the investigation of cybercrime.
Require CII owners and operators to take responsibility for securing
their systems and networks. This includes complying with policies and
standards, conducting audits and risk assessments, and reporting
cybersecurity incidents.
Facilitate the sharing of cybersecurity information with and by CSA.
Recognising that cybersecurity breaches will happen despite the
best efforts, the Act will empower CSA and sector regulators to work
closely with affected parties to expeditiously resolve cybersecurity
incidents and recover from disruptions.
12. National Cybersecurity Response Plan
Integration of Threat Discovery, Analysis and Incident
Response
Conduct regular multi-sector cybersecurity exercises with
more complex scenarios and involving more sectors
Expand the National Cyber Incident Response Team
(NCIRT)
Strengthen the Disaster Recovery Plans (DRP) and
Business Continuity Plans (BCP) of essential services,
especially against a cyber-attack.
13. Building up Singapore’s Cybersecurity
Industry.
Attract and anchor companies
with advanced capabilities in
Singapore to inject know-how
and dynamism into the local
cybersecurity community;
Support start-ups to boost the
development of niche and
advanced solutions;
Partner with local companies
that possess strategic
cybersecurity
capabilities to develop
advanced solutions for
Singapore;
Develop opportunities for
made-in-Singapore solutions in
the global market and
facilitate access to new market
segments.
14. Strong International Partnerships
Singapore will forge international and ASEAN cooperation to counter cyber threats
and cybercrime. Working closely with the international community and ASEAN
partners to strengthen platforms and procedures for cyber incident reporting and
response. With ASEAN Member States to coordinate the regional approach to
cybercrime. Leverage INTERPOL’s resources to tap the global operational networks
and capabilities to tackle cybercrime.
Champion international and ASEAN cyber capacity building initiatives in operational,
technical, legislative, cyber policy and diplomatic areas. Will partner the international
community, Dialogue Partners and ASEAN Member States to organise workshops,
seminars and conference that seek to advance cooperation and build capabilities in
these aspects .
Facilitate exchanges on cyber norms and legislation. Сontinue to participate in global
and regional discussions on cyber norms, cyber policy and legislation, cyber
deterrence, and cybercrime cooperation. Will host an annual Singapore International
Cyber Week (SICW)
15. Reference
Defending Manufacturing Systems from Cyberthreats
Singapore Cybersecurity Strategy – CSA
PM Lee Launches Singapore’s Cybersecurity Strategy
National cybersecurity strategy aims to make Smart Nation safe: PM
Lee
CSA discusses Singapore’s cybersecurity landscape
Singapore’s Approach to Cyber Security
Singapore cyber security strategy launched, half of public agencies
separate Web surfing from work computers
Cyber Security Agency of Singapore (CSA) releases key findings
from first Cybersecurity Public Awareness Survey