For all critical sectors to establish robust and systematic cyber risk management processes and capabilities Systematic cyber risk management framework risk assessments, vulnerability assessments and system reviews; well-informed and conscious trade-offs in security, cost and functionality sound systems and procedures to mitigate and manage these risks, including disaster recovery and business continuity plans; effective implementation that encompasses awareness building and training across the organisation continuous measurement of performance through process audits and cyber-security exercises.

1. Industry 4.0 Cybersecurity
Singapore
Yuri Anisimov
Ability Factors Pte. Ltd.

2. Smart Nation Singapore
Five key domains
 Transport;
 Home & environment;
 Business productivity;
 Health and enabled ageing;
 Public sector services.
Enablers
 Facilitating smart solutions
 Open Data & Connectivity
 Investment in Research & Development
 Living laboratory
 Industry and Start-up ecosystem
 Cybersecurity and Data Privacy

3. IoT, Interconnectivity, Sensors
 The Internet of Things (IoT) is one of the essential elements for Singapore to
realise its vision of a Smart Nation. It is estimated that IoT is set to create a
US$19 trillion global opportunity.
 In Singapore, the Information Technology Standards Committee (ITSC)
was formed in 1990 as a neutral and open platform for interested industry
and government parties to come together to agree on technical
standards. It’s an industry-led effort made up of volunteer members from
the industry, but supported by SPRING Singapore
 An industry working group, the Internet of Things Technical Committee
(IoTTC), has been set up within ITSC to identify relevant open standards
and establish a set of technical references for homes and public areas
with regard to the Smart Nation plan.
 Security is an important aspect of IoT that Singapore is addressing. While
there are significant economic benefits to collecting and opening up
data for sharing, there is also the danger of data being misused.

4. Cybersecurity is a key enabler of
the Smart Nation
The Smart Nation initiative is coordinated by the Smart Nation Programme Office in the Prime
Minister's Office (SNPO), supported by other government agencies
 The Government recognises the possible risks and has prioritised safeguarding relevant systems
and networks that relates to security of citizens and privacy of data
 GovTech is tasked with counteracting Cyber Threats, spearheads the development of cyber
security policies and assists agencies in complying with them.
 The Cyber Security Group acts as the central interface for government agencies as well as
external parties on all cybersecurity incidents.
 Cyber Security Agency (CSA) is working with the Smart Nation Programme Office (SNPO) to
realise Singapore’s Smart Nation vision.
 Mr David Koh, the chief executive of the Cyber Security Agency (CSA) co-chairs the
cybersecurity unit in SNPO
 CSA adopts a “light touch’” when the SNPO is experimenting. Once it is decided that the pilot
will be deployed extensively, then CSA will come in and ensure online security is built into the
design. The fine balance is not to interfere with the ideas, while ensuring that systems are
secure

5. Cybersecurity Strategy - Four Pillars
Launched by the Prime Minister at the Singapore
International Cyber Week (or SICW) on 10 October
2016
 Building a Resilient Infrastructure
 Creating a Safer Cyberspace
 Developing a Vibrant Cybersecurity Ecosystem
 Strengthening International Partnerships

6. History
 2005 Infocomm Security Masterplan (ISMP) (2005-2007)
 coordinated effort to secure Singapore’s digital environment
 2008 Infocomm Security Masterplan (2008-2012)
 2009 Singapore Infocomm Technology Security Authority (SITSA)
 Able to coordinate national-level responses against large-scale cyber-attacks
 2013 National Cyber Security Masterplan (NCSM2018)
 2013 National Cybersecurity R&D (NCR) Programme
 2014 National Cyber Security Centre (NCSC)
 2015 Cyber Security Agency of Singapore (CSA)
 the central agency to oversee and coordinate all aspects of cybersecurity for the nation
 2015 Cybercrime Command
 a unit within the Criminal Investigation Department of the Singapore Police Force
 (2016 National Cybercrime Action Plan (NCAP) - priorities

7. 11 Singapore’s Critical Information
Infrastructure (CII) sectors
Singapore is an international financial, shipping and aviation hub, houses critical systems that
transcend national borders, such as global payment systems, port operations systems, and
air-traffic control systems.
 SERVICES
 Government and emergency services, healthcare, media, banking and financial services.
 UTILITIES
 Power, water and telecommunications
 TRANSPORT
 Singapore Port and Changi Airport

8. CII Protection Programme with systematic
cyber risk management processes
For all critical sectors to establish robust and systematic cyber risk
management processes and capabilities
 Systematic cyber risk management framework
 risk assessments, vulnerability assessments and system reviews;
 well-informed and conscious trade-offs in security, cost and functionality
 sound systems and procedures to mitigate and manage these risks,
including disaster recovery and business continuity plans;
 effective implementation that encompasses awareness building and
training across the organisation
 continuous measurement of performance through process audits and
cybersecurity exercises.

9. Security-by-Design as the
governance framework for CII protection;
Pre-empt cyber vulnerabilities by promoting Security-by-
Design practices.
 Promote the practice of penetration testing to discover
vulnerabilities early for remediation at the design stage;
 Build a strong community of practice in product and system
testing based on established international standards, such as the
Common Criteria product assurance certification; and
 Continue to refine methodologies and develop new security
validation tools to improve the efficacy of Security-by-Design.

10. Case Study - FinTech
The Monetary Authority of Singapore (MAS) has formed a Financial
Technology & Innovation Group in 2015 to drive the Smart Financial
Centre initiatives. Efforts by MAS to manage risks associated with
FinTech include:
 Establishing a FinTech Innovation Lab that allows stakeholders to
experiment with FinTech solutions, including security solutions;
 Establishing “regulatory sandboxes” that can be used to carve out
a safe and conducive space to experiment with FinTech solutions,
and where the consequences of failure can be contained;
 Providing financial support through the Financial Sector
Technology & Innovation scheme for projects that uplift the
cybersecurity ecosystem in Singapore.

11. Governance and Legislative Framework
The new Cybersecurity Act will establish a comprehensive framework
for the prevention and management of cyber incidents, and
complement the existing Computer Misuse and Cybersecurity Act
(CMCA), which will continue to govern the investigation of cybercrime.
 Require CII owners and operators to take responsibility for securing
their systems and networks. This includes complying with policies and
standards, conducting audits and risk assessments, and reporting
cybersecurity incidents.
 Facilitate the sharing of cybersecurity information with and by CSA.
Recognising that cybersecurity breaches will happen despite the
best efforts, the Act will empower CSA and sector regulators to work
closely with affected parties to expeditiously resolve cybersecurity
incidents and recover from disruptions.

12. National Cybersecurity Response Plan
 Integration of Threat Discovery, Analysis and Incident
Response
 Conduct regular multi-sector cybersecurity exercises with
more complex scenarios and involving more sectors
 Expand the National Cyber Incident Response Team
(NCIRT)
 Strengthen the Disaster Recovery Plans (DRP) and
Business Continuity Plans (BCP) of essential services,
especially against a cyber-attack.

13. Building up Singapore’s Cybersecurity
Industry.
 Attract and anchor companies
with advanced capabilities in
Singapore to inject know-how
and dynamism into the local
cybersecurity community;
 Support start-ups to boost the
development of niche and
advanced solutions;
 Partner with local companies
that possess strategic
cybersecurity
 capabilities to develop
advanced solutions for
Singapore;
 Develop opportunities for
made-in-Singapore solutions in
the global market and
facilitate access to new market
segments.

14. Strong International Partnerships
 Singapore will forge international and ASEAN cooperation to counter cyber threats
and cybercrime. Working closely with the international community and ASEAN
partners to strengthen platforms and procedures for cyber incident reporting and
response. With ASEAN Member States to coordinate the regional approach to
cybercrime. Leverage INTERPOL’s resources to tap the global operational networks
and capabilities to tackle cybercrime.
 Champion international and ASEAN cyber capacity building initiatives in operational,
technical, legislative, cyber policy and diplomatic areas. Will partner the international
community, Dialogue Partners and ASEAN Member States to organise workshops,
seminars and conference that seek to advance cooperation and build capabilities in
these aspects .
 Facilitate exchanges on cyber norms and legislation. Сontinue to participate in global
and regional discussions on cyber norms, cyber policy and legislation, cyber
deterrence, and cybercrime cooperation. Will host an annual Singapore International
Cyber Week (SICW)

15. Reference
 Defending Manufacturing Systems from Cyberthreats
 Singapore Cybersecurity Strategy – CSA
 PM Lee Launches Singapore’s Cybersecurity Strategy
 National cybersecurity strategy aims to make Smart Nation safe: PM
Lee
 CSA discusses Singapore’s cybersecurity landscape
 Singapore’s Approach to Cyber Security
 Singapore cyber security strategy launched, half of public agencies
separate Web surfing from work computers
 Cyber Security Agency of Singapore (CSA) releases key findings
from first Cybersecurity Public Awareness Survey