The document emphasizes the critical importance of securing classified information to protect national security and maintain public confidence in the Singapore government. It discusses data classification frameworks, distinguishing between structured and unstructured data, and highlights the need for controlled access to sensitive data through methods like unidirectional gateways and tiered security levels. Ultimately, it advocates for a risk-based security approach that balances security, costs, and functionalities by categorizing information into different tiers based on sensitivity.

1. The security of Classified Information is of utmost
importance, as its unauthorized disclosure or leakage
may cause damage to National Security or Interest,
and is also likely to cause Embarrassment to the
Singapore Government and the Loss of confidence in
the Singapore Public Service by the public.
Security
1

2. ■ ISO/IEC 27001:2005 – Information Technology – Security techniques – Information Security Management systems
■ ISO/IEC 27002:2005 – Information Technology – Security techniques – Code of practice for Information Security Management
■ Infocomm Development Authority of Singapore, Infocomm Security Best Practices
Classifications started during WW2 from the US Los Alamos Manhattan Project !
Information is Classified into these categories:-
TOP SECRET
Security
$
$$
$$$
$$$$
Security Level Requirement starts from Defining Data Classification
Category, so that the Appropriate Risk Management can be implemented
considering Technology Changes, Sustainability, Cost Efficiency and
Operations
UNRESTRICTED
Unclassified
SECRET CONFIDENTIAL RESTRICTED
Publicly available
via Google, FB,
Twitter, Libraries
2

3. Business Times 3rd
Aug 2018 : Singapore Lifts halt on Smart
Nation projects; 11 Critical sectors told to cut off Internet access
https://www.businesstimes.com.sg/government-economy/singapore-lifts-halt-on-smart-nation-projects-11-critical-sectors-told-to-cut-off
All connections to Unsecured external networks to be removed, a
process also known as Internet surfing separation. If there are strong
business or operational reasons to keep the Internet connections,
these should be mediated through unidirectional gateways to prevent
data leakage, said CSA.
Security
3
A unidirectional gateway is a network appliance or device allowing
data to travel only in one direction, to guarantee information security.
And should two-way communication between the secured network and
unsecured external network be required, a secured informational
gateway has to be implemented, CSA added
Which Dataset to Protect ?
What is the Value of the Data ?
Protect Real Time or Historical Data ?
Why protect ?
What is the Risk ?

4. Data Classification for Security Framework
is well established for Structured
Data (Human Readable form),
Data Classification
While Unstructured Data
(Voice Signals, Pictures,
Videos) are very new
and evolving
4

5. Data
Object Scene
Voice
Numbers
Data Classification
5

6. Transits from Structured to Unstructured Data
In each record, it
is usually in rows
1 Data Point / Minute
1 Data Point / Sec
10 Data Points / Sec
100 Data Points / Sec
1,000 Data Points / Sec
10,000 Data Points / Sec
Velocity of Sensor Data
Structured
Data
Unstructured
Data
SQL
Sensor & IoT
data has Value,
Veracity, Volume,
Velocity, Variety,
Vagueness &
Vigor
C
o
n
v
e
r
t
s
t
o
S
t
r
u
c
t
u
r
e
d
D
a
t
a
How to handle
10,000 SQL Data
Points / Sec from
just one Sensor ?
Data Classification
6

7. Human Speech
AI
Speech
to Text
Structured
Readable Text
Classification ?
Accuracy > 99%
Accuracy < 80% ??
If Speech2Text > 99% ,
Confidential
If Speech2Text < 50%
due to background noise
and other people ?, High
errors and Text output
not interpretable ? Then
How ?
Data Classification is End 2 End Information Chain

8. A Microphone Sensor measuring Voice waveform
Expand the Time scale
10,000 points
1,000 points
In Time Domain:-
Average
Root Mean Square (RMS)
Sound Pressure Level (SPL)
Maximum
Minimum
Signal/Data Processing techniques
can extract 9 Parameters
1 second
0.1 second
In Frequency Domain:-
Peak Amplitude
Peak Frequency
Harmonics
Weighted Amplitude (Curve A weighting)
Time to Frequency Domain Processing via Fast Fourier Transform
In this Example,
what is Data and
Information ?
Data Classification
8

9. If the Raw data is just Waveform, need understand
Intended use to extract Information out.
For Condition Based
Monitoring :-
Peak Amplitude
Peak Frequency
Harmonics
Weighted Amplitude (Curve
A weighting)
Data Classification
9
Waveform
Data
For Natural Language
Processing :-
Speech to Text
Machine Translation
C
l
a
s
s
i
f
i
e
d
I
n
f
o
?
Engineering Information
only used for Designing
Audio Products ?
N
ot
Possible
Unclassified

10. If Equipment owned by Govt, Data Collected is then
owned by Govt . Hence collected Data collected is
Confidential
Data is 36o
C ? Tan Yi Wei (G1234567A) is 36o
C
If Temperature Measured varies at 36.6, 36.2, 36.4, 35.9o
C, then
which number do you record is correct? Average, Min, Max ?
Data Classification
10
Som
e users are cleverer,
they buy Data only !

11. Agency CCTV footages are collected in Public places
Footages of Stray dogs be Classified ? Outsourced to 3rd
party
https://www.straitstimes.com/singapore/cameras-installed-to-monitor-stray-dogs
Data Classification
11

12. https://www.tech.gov.sg/media/technews/how-the-government-chief-information-security-officer-keeps-cyberspace%20secure
When it comes to
CyberSecurity, “throwing” all
security controls at the problem
won’t work, in Mr Chai’s
opinion. Instead, he advocates
a balance among Three Key
Parameters: Security, Costs
and Functionalities.
What’s needed, then, is a Calibrated Framework, whereby protections in CyberSpace
are pegged to the level of sensitivity of activities being carried out, or data being
accessed. One useful way to do this is to Segregate information into Different Tiers
—for example, ‘Secret’, ‘Confidential’, ‘Restricted’ and ‘Unclassified’. Each tier
will then be subjected to different levels of access restrictions, activity logging and so
on. This approach advocates a Risk-Based Security approach, said Mr Chai, and will
help organizations better prioritize their CyberSecurity efforts.
6 Oct 2019
GovTech CyberSecurity
12

13. ICT
Data
Centre
Data
Centre
Firewall
Classical ICT Cyber Security
• Humans are
generating the data
using Keyboards to
access the IT
system
• Network security
attacks
Security
Firewall
• Data inside the ICT systems are Quasi Static
databases
• Human can type only 1 word / 2 seconds
13

14. ICT
Data
Centre
Data
Centre
Firewall
• Machines are
generating Sensor data
to access the ICT
systems
• IoT Sensor Data are
Real Time Dynamic
accessing Databases
IoT Cyber Physical Security
• Accelerometer generates 10,000 data points / sec
• HD camera generates 62,000,000 pixel points / sec
HD camera
Accelerometer
Accelerometer
HD camera
• By 2050, Machines : Man Ratio > 10:1 !
Security
Firewall
Encryption @ Sensor
Decryption @ Gateway is Bottleneck !
14

15. Central Monitoring
System Data Centre
Sensor
Aggregation
System
#Vendor A
Sensor
Aggregation
System
#Vendor B
Sensors on
sites
Sensors on
sites
Context Based IoT Security
• Unclassified Data Global
• Vendors have their own
System to handle
• Data is pulled by the CMS at fixed regular
interval
• Data cannot be push up to the CMS
• The encryption module is given to the
various vendors to that their systems will
follow the format.
Data Secured by
Encryption & pulled
at fixed intervals
Only when merge
with other
Classified Data
Data Classification
15

16. • Move Raw Sensor Data Processing into Unclassified
Data Processing Zones. (Sensor Data Acquisition and
Signal Processing Domains)
• Only when Processed Information is linked to a Pre-
Registered CLASSIFIED ( such as Restricted /
Confidential) Database, then only the Paired
Information together is CLASSIFIED.
Cost Efficient Approach: Manage Security
Level through Appropriate Data Classification
in System Design
Data Classification
16

17. In SNP 1.0, the Sensor data is classified from End2End !
• With 100M objects, securing everything End2End is
NOT affordable and unsustainable
• Smarter Classification of Data and Information
• Leveraging of Private sector assets for Cost
Management
• Risk Management Approach as No One Size fits All
cost model
Data Classification
17

18. What is Data ?
What is Information ?
Classification of Information is NOT
Classification of Data at all
G1234567A
Data needs context to be Information
G1234567A
is just Alphanumeric and has
no meaning at all by itself
RFID is for a cow
Data Classification
18

19. NRIC Identity card
Alphanumeric Meta Data
• Name
• Race
• Date of Birth
• Sex
• Country of Birth
• Date of Issue
• Residential Address
• Why should the individual Alphanumeric Metadata be classified ?
• By itself, the individual Metadata contains very general data
• When all the Metadata are linked together, the whole dataset becomes
confidential, tracible to an individual
7 Metadata
to identify a
unique
individual
Data Classification
19

20. Video
Analytics
Secured Ammunition Depot
Name NRIC
Unclassified information
Classified information
Public Road
Data Classification
Classified information
G1234567A
Tan Wei Yi
999 AA + +
+ Storage
Location
Data
Classification is
about Information
with Context
Video
Analytics 999 AA
Unclassified information
Data Classification
20

21. • Move Sensor Data Processing into Unclassified Data
Processing Zones. (Sensor Data Acquisition and Signal
Processing domains)
• Only when Processed Information is linked to a pre-
registered CLASSIFIED Database, then only the Paired
information together is CLASSIFIED.
Traditional Data Classification Thinking:
Any Processed Data should be Classified
Cost Efficient way: Manage Security Level through
Appropriate Data Classification in System Design
Data Classification
21

22. 22
IoT Sensor Data Flow
Sensor
Video camera
Gateway
Box
Data Centre
UNCLASSIFIED
Normal Security
CLASSIFIED
Higher Security
Data Fusion
Applications
Considerations
• Encryption
• Product assurance & Longevity
• Configuration Management
• Vulnerability Management
• Network Management
• Resiliency
Sensor Data
Processing
Sensor Data
Processing
Firewall Firewall
Security

23. 23
Field sensor
Video camera
AG Box Data
Concentrator
Secured Data Centre
Security Level Designed based upon
Confidential System from Technology View
Applications
Application Layer : IPsec, EAP-TLS, SSH, HTTPS
Transport Layer: IPsec, EAP-MD5, SSH, HTTPS
Considerations
• Product Assurance
• Config Mgmt
• Vulnerability Mgmt
• Network Mgmt
• Resiliency
Firewall
From Outdoor Sensor Data to Application End2End
System Security needs to consider Context
and Risk for Cost Sustainability for years !
Security Vendors
will recommend
the Best $ to
Earn Yearly $ !
Personal Data like NRIC,
Income Tax, LTA, etc
SQL
Security

24. Traditionally Classified Data is stored in a Secured Data
Centre, the data is extracted through a secured Network to
run in others servers.
Data is transaction and/or event based type
ICT
Risk Management
• Data Security
• Network Security
Data Classification determines the Security Level used
No one Size fits all approach
Data
Centre
Data
Centre
Firewall
Data Sharing
Security
24

25. Thank you for your attention
Have a great Day ahead
Dr Tan Guan Hong
97271973
drtangh@gmail.com
25