For all critical sectors to establish robust and systematic cyber risk management processes and capabilities
Systematic cyber risk management framework
risk assessments, vulnerability assessments and system reviews;
well-informed and conscious trade-offs in security, cost and functionality
sound systems and procedures to mitigate and manage these risks, including disaster recovery and business continuity plans;
effective implementation that encompasses awareness building and training across the organisation
continuous measurement of performance through process audits and cyber-security exercises.
Cybersecurity legislation in Singapore (2017)Benjamin Ang
Reviewing the Personal Data Protection Act (PDPA), Computer Misuse and Cybersecurity Act (CMCA), and the draft Cybersecurity Act Cybersecurity Bill of Singapore, correct up to November 2017
Singapore's National Cyber Security StrategyBenjamin Ang
Singapore's National Cyber Security Strategy was launched by the Singapore government at the inaugural Singapore International Cyber Week 2016. This presentation gives an overview of the 4 pillars of the Strategy and some of its implementation steps so far, including the upcoming new Cybersecurity Act, and the SGD 10 million fund for capacity building in ASEAN. You can download the full Strategy at www.csa.gov.sg
New developments in cyber law - Singapore and beyondBenjamin Ang
New developments in the Computer Misuse and Cybersecurity Act, Singapore; actions by the Personal Data Protection Commission under the Personal Data Protection Act (PDPA); thought on the upcoming Cybersecurity Act 2017
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSAGovCloud Network
When the government purchases products or services with inadequate in-built “cybersecurity,” the risks created persist throughout the lifespan of the item purchased. The lasting effect of inadequate cybersecurity in acquired items is part of what makes acquisition reform so important to achieving cybersecurity and resiliency.
Currently, government and contractors use varied and nonstandard practices, which make it difficult to consistently manage and measure acquisition cyber risks across different organizations.
Meanwhile, due to the growing sophistication and complexity of ICT and the global ICT supply chains, federal agency information systems are increasingly at risk of compromise, and agencies need guidance to help manage ICT supply chain risks
Singapore Cybersecurity Strategy and Legislation (2018)Benjamin Ang
A primer on Singapore's Cybersecurity Strategy, and the laws of Singapore relating to Cybersecurity (Computer Misuse Act, Personal Data Protection Act, Cybersecurity Act 2018). Also contains a summary of the results of the Public Consultation on the Cybersecurity Bill
Lessons learned from the SingHealth Data Breach COI ReportBenjamin Ang
16 recommendations for better cybersecurity, digested from the 454 page COI (Committee of Inquiry) report on Singapore's biggest data breach to date (1.5 million patients' records), presented at Cyber Resilience and Risk Forum 2019, Singapore. Useful info for board directors, managers, CSOs, CISOs, cybersecurity professionals
Singapore Asean cyber conflict and cybersecurity strategy - for Columbia Univ...Benjamin Ang
lecture for Columbia University - Cyber Conflict and Cybersecurity in East Asia course (Prof Adam Segal) on the challenges for cybersecurity in South East Asia, and ASEAN efforts to develop robust cyber norms
Cybersecurity legislation in Singapore (2017)Benjamin Ang
Reviewing the Personal Data Protection Act (PDPA), Computer Misuse and Cybersecurity Act (CMCA), and the draft Cybersecurity Act Cybersecurity Bill of Singapore, correct up to November 2017
Singapore's National Cyber Security StrategyBenjamin Ang
Singapore's National Cyber Security Strategy was launched by the Singapore government at the inaugural Singapore International Cyber Week 2016. This presentation gives an overview of the 4 pillars of the Strategy and some of its implementation steps so far, including the upcoming new Cybersecurity Act, and the SGD 10 million fund for capacity building in ASEAN. You can download the full Strategy at www.csa.gov.sg
New developments in cyber law - Singapore and beyondBenjamin Ang
New developments in the Computer Misuse and Cybersecurity Act, Singapore; actions by the Personal Data Protection Commission under the Personal Data Protection Act (PDPA); thought on the upcoming Cybersecurity Act 2017
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSAGovCloud Network
When the government purchases products or services with inadequate in-built “cybersecurity,” the risks created persist throughout the lifespan of the item purchased. The lasting effect of inadequate cybersecurity in acquired items is part of what makes acquisition reform so important to achieving cybersecurity and resiliency.
Currently, government and contractors use varied and nonstandard practices, which make it difficult to consistently manage and measure acquisition cyber risks across different organizations.
Meanwhile, due to the growing sophistication and complexity of ICT and the global ICT supply chains, federal agency information systems are increasingly at risk of compromise, and agencies need guidance to help manage ICT supply chain risks
Singapore Cybersecurity Strategy and Legislation (2018)Benjamin Ang
A primer on Singapore's Cybersecurity Strategy, and the laws of Singapore relating to Cybersecurity (Computer Misuse Act, Personal Data Protection Act, Cybersecurity Act 2018). Also contains a summary of the results of the Public Consultation on the Cybersecurity Bill
Lessons learned from the SingHealth Data Breach COI ReportBenjamin Ang
16 recommendations for better cybersecurity, digested from the 454 page COI (Committee of Inquiry) report on Singapore's biggest data breach to date (1.5 million patients' records), presented at Cyber Resilience and Risk Forum 2019, Singapore. Useful info for board directors, managers, CSOs, CISOs, cybersecurity professionals
Singapore Asean cyber conflict and cybersecurity strategy - for Columbia Univ...Benjamin Ang
lecture for Columbia University - Cyber Conflict and Cybersecurity in East Asia course (Prof Adam Segal) on the challenges for cybersecurity in South East Asia, and ASEAN efforts to develop robust cyber norms
Overview of national cybercrime strategiesBenjamin Ang
This is an overview of national cybercrime strategies, presented at the INTERPOL ASEAN Cyber Capacity Development Project’s (ACCDP) Decision Makers Meeting. It reviews best practices in developing national cybersecurity and cybercrime strategies, key pillars to consider, the life-cycle of the strategy process, stakeholders to engage, and best practices.
Cyber threats and cooperation in Indo Pacific for Pacific Forum 2020Benjamin Ang
This public, 90-minute session examined the prevalence of cyber threats in the Indo-Pacific region based on some of the high-profile cyber-attacks and data leaks, as well as advanced persistent threat campaigns. It assessed the growing prominence of information warfare, especially in the current pandemic. The session highlighted the most common tactics, techniques and procedures used by malicious actors, and the countermeasures that governments and the private sector have undertaken to fortify their cyber defenses in the emerging data-driven economy. This session then examined the role played by the US and Singapore in enhancing regional cybersecurity as well as clarify the points of convergence and divergence between Singapore and the US to improve future cooperation.
Framework of responsible state behaviour in cyberspace - for Marshall Center ...Benjamin Ang
Lecture on the different cyber norms frameworks for responsible state behaviour in cyberspace - describing Paris Call, Charter of Trust, Microsoft Digital Geneva Convention, Tech Accord, GCSC, Shanghai SCO, UN GGE, UN OEWG - explaining each of the 11 cyber norms from the UN GGE 2015 meeting, and concluding with a case study on ASEAN's approach to international law in cyber operations
Law and warfare in the cyber domain (for NSSP, AFP, NDCP)Benjamin Ang
Covers 1. Cyber threats to ASEAN and recent incidents, 2. International Law relating to cyber conflict, Gaps in IHL and LOAC, 3. UN and ASEAN steps to prevent cyber warfare. Lecture for the National Defense College of the Philippines (NDCP), government’s highest center for education, training, and research on defense and national security, in the National Security Studies Program (NSSP) for Armed Forces of the Philippines (AFP) officers.
This is my attempt to summarize the policy with salient points. For detailed verbose policy please visit http://deity.gov.in/hindi/sites/upload_files/dithindi/files/ncsp_060411.pdf
This presentation presentated by Mohd Shamir B Hasyim, Vice President Government and Multilateral Engagement, Cyber Security Malaysia, 10th September 2013 on #IISF2013
An Integrated Approach For Cyber Security And Critical Information Infrastructure Protection
Development of National Cybersecurity Strategy and OrganisationDr David Probert
3-Day Master Class given at the University of Technology (UTECH) Kingston, Jamaica - 13th to 15th September 2010 - in Partnership with the UN/ITU Centres of Excellence Network for the Caribbean Region - International Telecommunications Union - Global Cybersecurity Agenda.
The National Cyber Security Strategy 2016 to 2021 sets out the government's p...at MicroFocus Italy ❖✔
The UK is one of the world’s leading
digital nations. Much of our prosperity
now depends on our ability to secure our
technology, data and networks from the
many threats we face.
Yet cyber attacks are growing more
frequent, sophisticated and damaging when
they succeed. So we are taking decisive
action to protect both our economy and the
privacy of UK citizens.
Our National Cyber Security Strategy sets out
our plan to make Britain confident, capable
and resilient in a fast-moving digital world.
Over the lifetime of this five-year strategy,
we will invest £1.9 billion in defending
our systems and infrastructure, deterring
our adversaries, and developing a wholesociety
capability – from the biggest
companies to the individual citizen.
From the most basic cyber hygiene, to the
most sophisticated deterrence, we need a
comprehensive response.
We will focus on raising the cost of
mounting an attack against anyone in the
UK, both through stronger defences and
better cyber skills. This is no longer just
an issue for the IT department but for the
whole workforce. Cyber skills need to reach
into every profession.
The new National Cyber Security Centre will
provide a hub of world-class, user-friendly
expertise for businesses and individuals, as
well as rapid response to major incidents.
Government has a clear leadership role,
but we will also foster a wider commercial
ecosystem, recognising where industry
can innovate faster than us. This includes
a drive to get the best young minds into
cyber security.
The cyber threat impacts the whole of our
society, so we want to make very clear
that everyone has a part to play in our
national response. It’s why this strategy is
an unprecedented exercise in transparency.
We can no longer afford to have this
discussion behind closed doors.
Ultimately, this is a threat that cannot be
completely eliminated. Digital technology
works because it is open, and that
openness brings with it risk. What we
can do is reduce the threat to a level that
ensures we remain at the vanguard of the
digital revolution. This strategy sets out how.
Get Ahead of Cyber Security by Tiffy Issac, Partner EY IndiaRahul Neel Mani
Internet of Things “IoT” can be defined as physical objects that connect to the internet through embedded systems and sensors, interacting with it to generate meaningful results and convenience to the end-user community. According to industry estimates, machine-to-machine communications
alone will generate approximately US$900 billion in revenues by 2020.
Overview of national cybercrime strategiesBenjamin Ang
This is an overview of national cybercrime strategies, presented at the INTERPOL ASEAN Cyber Capacity Development Project’s (ACCDP) Decision Makers Meeting. It reviews best practices in developing national cybersecurity and cybercrime strategies, key pillars to consider, the life-cycle of the strategy process, stakeholders to engage, and best practices.
Cyber threats and cooperation in Indo Pacific for Pacific Forum 2020Benjamin Ang
This public, 90-minute session examined the prevalence of cyber threats in the Indo-Pacific region based on some of the high-profile cyber-attacks and data leaks, as well as advanced persistent threat campaigns. It assessed the growing prominence of information warfare, especially in the current pandemic. The session highlighted the most common tactics, techniques and procedures used by malicious actors, and the countermeasures that governments and the private sector have undertaken to fortify their cyber defenses in the emerging data-driven economy. This session then examined the role played by the US and Singapore in enhancing regional cybersecurity as well as clarify the points of convergence and divergence between Singapore and the US to improve future cooperation.
Framework of responsible state behaviour in cyberspace - for Marshall Center ...Benjamin Ang
Lecture on the different cyber norms frameworks for responsible state behaviour in cyberspace - describing Paris Call, Charter of Trust, Microsoft Digital Geneva Convention, Tech Accord, GCSC, Shanghai SCO, UN GGE, UN OEWG - explaining each of the 11 cyber norms from the UN GGE 2015 meeting, and concluding with a case study on ASEAN's approach to international law in cyber operations
Law and warfare in the cyber domain (for NSSP, AFP, NDCP)Benjamin Ang
Covers 1. Cyber threats to ASEAN and recent incidents, 2. International Law relating to cyber conflict, Gaps in IHL and LOAC, 3. UN and ASEAN steps to prevent cyber warfare. Lecture for the National Defense College of the Philippines (NDCP), government’s highest center for education, training, and research on defense and national security, in the National Security Studies Program (NSSP) for Armed Forces of the Philippines (AFP) officers.
This is my attempt to summarize the policy with salient points. For detailed verbose policy please visit http://deity.gov.in/hindi/sites/upload_files/dithindi/files/ncsp_060411.pdf
This presentation presentated by Mohd Shamir B Hasyim, Vice President Government and Multilateral Engagement, Cyber Security Malaysia, 10th September 2013 on #IISF2013
An Integrated Approach For Cyber Security And Critical Information Infrastructure Protection
Development of National Cybersecurity Strategy and OrganisationDr David Probert
3-Day Master Class given at the University of Technology (UTECH) Kingston, Jamaica - 13th to 15th September 2010 - in Partnership with the UN/ITU Centres of Excellence Network for the Caribbean Region - International Telecommunications Union - Global Cybersecurity Agenda.
The National Cyber Security Strategy 2016 to 2021 sets out the government's p...at MicroFocus Italy ❖✔
The UK is one of the world’s leading
digital nations. Much of our prosperity
now depends on our ability to secure our
technology, data and networks from the
many threats we face.
Yet cyber attacks are growing more
frequent, sophisticated and damaging when
they succeed. So we are taking decisive
action to protect both our economy and the
privacy of UK citizens.
Our National Cyber Security Strategy sets out
our plan to make Britain confident, capable
and resilient in a fast-moving digital world.
Over the lifetime of this five-year strategy,
we will invest £1.9 billion in defending
our systems and infrastructure, deterring
our adversaries, and developing a wholesociety
capability – from the biggest
companies to the individual citizen.
From the most basic cyber hygiene, to the
most sophisticated deterrence, we need a
comprehensive response.
We will focus on raising the cost of
mounting an attack against anyone in the
UK, both through stronger defences and
better cyber skills. This is no longer just
an issue for the IT department but for the
whole workforce. Cyber skills need to reach
into every profession.
The new National Cyber Security Centre will
provide a hub of world-class, user-friendly
expertise for businesses and individuals, as
well as rapid response to major incidents.
Government has a clear leadership role,
but we will also foster a wider commercial
ecosystem, recognising where industry
can innovate faster than us. This includes
a drive to get the best young minds into
cyber security.
The cyber threat impacts the whole of our
society, so we want to make very clear
that everyone has a part to play in our
national response. It’s why this strategy is
an unprecedented exercise in transparency.
We can no longer afford to have this
discussion behind closed doors.
Ultimately, this is a threat that cannot be
completely eliminated. Digital technology
works because it is open, and that
openness brings with it risk. What we
can do is reduce the threat to a level that
ensures we remain at the vanguard of the
digital revolution. This strategy sets out how.
Get Ahead of Cyber Security by Tiffy Issac, Partner EY IndiaRahul Neel Mani
Internet of Things “IoT” can be defined as physical objects that connect to the internet through embedded systems and sensors, interacting with it to generate meaningful results and convenience to the end-user community. According to industry estimates, machine-to-machine communications
alone will generate approximately US$900 billion in revenues by 2020.
All product and company names mentioned herein are for identification and educational purposes only and are the property of, and may be trademarks of, their respective owners.
The Importance of Cybersecurity for Digital TransformationNUS-ISS
In the rapidly evolving landscape of digital transformation, the importance of cybersecurity cannot be overstated. As organizations embrace digital technologies to enhance their operations, innovate, and connect with customers in new and dynamic ways, they simultaneously become more vulnerable to cyber threats.
This talk will discuss the importance of having a well thought through approach in dealing with cybersecurity in the form of a strategy that lays out the various programmes and initiatives that will underpin a secure and resilient digital transformation journey. Not surprisingly, having a pool of well-trained cybersecurity personnel is one of the key ingredient in a cyber strategy as exemplified in Singapore's own national cybersecurity strategy.
The Centre for Strategic Cyberspace + Security Science has created this International Strategy for Cyberspace (ISC) as a strategic-level policy document offering a practical, comprehensive, and clear vision for the future of cyberspace. It sets an agenda for partnering on cybersecurity and associated initiatives at an international level, and highlights the importance of international cooperation in advancing cyberspace as a foreign policy priority.
The digital economy offers many possibilities for APEC member economies, including opportunities in electronic commerce and digital trade. The Internet and the digital economy enable greater economic integration, more innovation, as well as robust, sustainable, and inclusive economic growth for the Asia-Pacific region. The APEC Framework for Securing the Digital Economy provides non-binding principles and strategic recommendations to inform member economies as they develop policy and regulatory frameworks to secure their digital economies and their digital futures. It offers many possibilities for APEC member economies, such as opportunities in electronic commerce and digital trade.
Computer security, also known as cyber security or IT security, is the protection of computer systems from the theft or damage to their hardware, software or information, as well as from disruption or misdirection of the services they provide.
Emphasizing on Cyber Crime and Threats, Cyberwar Terrorism and Countermeasures.
Be smart & Creative in Cyber World. #D3
Using cloud services: Compliance with the Security Requirements of the Spanis...Miguel A. Amutio
Cloud Security Alliance EMEA Congress
Using cloud services: Compliance with the Security Requirements of the Spanish Public Sector
Text of the presentation by Miguel A. Amutio
Singapore’s fintech industry continued its momentum in 2020 on the back of new regulations, fintech initiatives from regulators themselves and the introduction of the city state’s very first digital banks, according to the Singapore Fintech Report 2021 produced by Fintech News Singapore in partnership with Alibaba Cloud.
This report was commissioned by Fintechnews Singapore, created and written by Jocelyn Cheung, from research to layout. For more service like this, please reach me at LinkedIn@jocelyn18 or jocelyncky@gmail.com
npCert Initiatives in Nepal (Nepal Computer Emergency Response Team)OneCoverNepal
Information Security Response Team Nepal (NPCERT)
Cyber Security in Nepal
Promote security awareness across industry, academia & public sector
Research and analysis of cyber security incidents
Gather and disseminate technical information on cyber security.
Information Security Response Team Nepal, fondly known as npCert, is a team of Information Security experts unite together to address the urgent need for the protection of national information and growing cyber security threat in Nepal.
Established in 2016, npCert has been playing active role as the Nation’s flagship cyber defense, incident response, and operational integration center.
Objectives:
The main objectives of npCert are:
To provide cybersecurity incident responses.
To promote cyber security situational awareness across industry, academia, and the public sector.
To support critical national infrastructure companies to handle cyber security incidents.
To provide research and analysis of cyber security incidents.
To gather and disseminate technical information on cyber security incidents, vulnerabilities, security fixes and other security information as well as issue alerts and warnings.
To coordinate with other domestic and international Information Security Response Teams and related organizations.
https://npcert.org/about-us/
Supporting the global efforts in strengthening the safety, security and resilience of Cyberspace, the Commonwealth Cybersecurity Forum 2013, organised by the Commonwealth Telecommunications Organisation. The ceremonial opening examined how Cyberspace could be governed and utilised in a manner to foster freedom and entrepreneurship, while protecting individuals, property and the state, leading to socio-economic development. Speakers of this session, Mr Mario Maniewicz, Chief, Department of Infrastructure, Enabling Environment and E-Applications, ITU; Mr David Pollington, Director, International Security Relations, Microsoft; Mr Alexander Seger, Secretary, Cybercrime Convention Committee, Council of Europe; Mr Nigel Hickson, Vice President, Europe, ICANN and Mr Pierre Dandjinou, Vice President, Africa, ICANN, added their perspectives on various approaches to Cybergovernance, with general agreement on the role Cyberspace could play to facilitate development equitably and fairly across the world.
Hosted by the Ministry of Posts and Telecommunications of Cameroon together with the Telecommunications Regulatory Board of Cameroon and backed by partners and industry supporters including ICANN, Council of Europe, Microsoft, MTN Cameroon, AFRINIC and Internet Watch Foundation, the Commonwealth Cybersecurity Forum 2013 seeks to broaden stakeholder dialogue to facilitate practical action in Cybergovernance and Cybersecurity, some of which will be reflected in the CTO’s own work programmes under its Cybersecurity agenda.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
2. Smart Nation Singapore
Five key domains
Transport;
Home & environment;
Business productivity;
Health and enabled ageing;
Public sector services.
Enablers
Facilitating smart solutions
Open Data & Connectivity
Investment in Research & Development
Living laboratory
Industry and Start-up ecosystem
Cybersecurity and Data Privacy
3. IoT, Interconnectivity, Sensors
The Internet of Things (IoT) is one of the essential elements for Singapore to
realise its vision of a Smart Nation. It is estimated that IoT is set to create a
US$19 trillion global opportunity.
In Singapore, the Information Technology Standards Committee (ITSC)
was formed in 1990 as a neutral and open platform for interested industry
and government parties to come together to agree on technical
standards. It’s an industry-led effort made up of volunteer members from
the industry, but supported by SPRING Singapore
An industry working group, the Internet of Things Technical Committee
(IoTTC), has been set up within ITSC to identify relevant open standards
and establish a set of technical references for homes and public areas
with regard to the Smart Nation plan.
Security is an important aspect of IoT that Singapore is addressing. While
there are significant economic benefits to collecting and opening up
data for sharing, there is also the danger of data being misused.
4. Cybersecurity is a key enabler of
the Smart Nation
The Smart Nation initiative is coordinated by the Smart Nation Programme Office in the Prime
Minister's Office (SNPO), supported by other government agencies
The Government recognises the possible risks and has prioritised safeguarding relevant systems
and networks that relates to security of citizens and privacy of data
GovTech is tasked with counteracting Cyber Threats, spearheads the development of cyber
security policies and assists agencies in complying with them.
The Cyber Security Group acts as the central interface for government agencies as well as
external parties on all cybersecurity incidents.
Cyber Security Agency (CSA) is working with the Smart Nation Programme Office (SNPO) to
realise Singapore’s Smart Nation vision.
Mr David Koh, the chief executive of the Cyber Security Agency (CSA) co-chairs the
cybersecurity unit in SNPO
CSA adopts a “light touch’” when the SNPO is experimenting. Once it is decided that the pilot
will be deployed extensively, then CSA will come in and ensure online security is built into the
design. The fine balance is not to interfere with the ideas, while ensuring that systems are
secure
5. Cybersecurity Strategy - Four Pillars
Launched by the Prime Minister at the Singapore
International Cyber Week (or SICW) on 10 October
2016
Building a Resilient Infrastructure
Creating a Safer Cyberspace
Developing a Vibrant Cybersecurity Ecosystem
Strengthening International Partnerships
6. History
2005 Infocomm Security Masterplan (ISMP) (2005-2007)
coordinated effort to secure Singapore’s digital environment
2008 Infocomm Security Masterplan (2008-2012)
2009 Singapore Infocomm Technology Security Authority (SITSA)
Able to coordinate national-level responses against large-scale cyber-attacks
2013 National Cyber Security Masterplan (NCSM2018)
2013 National Cybersecurity R&D (NCR) Programme
2014 National Cyber Security Centre (NCSC)
2015 Cyber Security Agency of Singapore (CSA)
the central agency to oversee and coordinate all aspects of cybersecurity for the nation
2015 Cybercrime Command
a unit within the Criminal Investigation Department of the Singapore Police Force
(2016 National Cybercrime Action Plan (NCAP) - priorities
7. 11 Singapore’s Critical Information
Infrastructure (CII) sectors
Singapore is an international financial, shipping and aviation hub, houses critical systems that
transcend national borders, such as global payment systems, port operations systems, and
air-traffic control systems.
SERVICES
Government and emergency services, healthcare, media, banking and financial services.
UTILITIES
Power, water and telecommunications
TRANSPORT
Singapore Port and Changi Airport
8. CII Protection Programme with systematic
cyber risk management processes
For all critical sectors to establish robust and systematic cyber risk
management processes and capabilities
Systematic cyber risk management framework
risk assessments, vulnerability assessments and system reviews;
well-informed and conscious trade-offs in security, cost and functionality
sound systems and procedures to mitigate and manage these risks,
including disaster recovery and business continuity plans;
effective implementation that encompasses awareness building and
training across the organisation
continuous measurement of performance through process audits and
cybersecurity exercises.
9. Security-by-Design as the
governance framework for CII protection;
Pre-empt cyber vulnerabilities by promoting Security-by-
Design practices.
Promote the practice of penetration testing to discover
vulnerabilities early for remediation at the design stage;
Build a strong community of practice in product and system
testing based on established international standards, such as the
Common Criteria product assurance certification; and
Continue to refine methodologies and develop new security
validation tools to improve the efficacy of Security-by-Design.
10. Case Study - FinTech
The Monetary Authority of Singapore (MAS) has formed a Financial
Technology & Innovation Group in 2015 to drive the Smart Financial
Centre initiatives. Efforts by MAS to manage risks associated with
FinTech include:
Establishing a FinTech Innovation Lab that allows stakeholders to
experiment with FinTech solutions, including security solutions;
Establishing “regulatory sandboxes” that can be used to carve out
a safe and conducive space to experiment with FinTech solutions,
and where the consequences of failure can be contained;
Providing financial support through the Financial Sector
Technology & Innovation scheme for projects that uplift the
cybersecurity ecosystem in Singapore.
11. Governance and Legislative Framework
The new Cybersecurity Act will establish a comprehensive framework
for the prevention and management of cyber incidents, and
complement the existing Computer Misuse and Cybersecurity Act
(CMCA), which will continue to govern the investigation of cybercrime.
Require CII owners and operators to take responsibility for securing
their systems and networks. This includes complying with policies and
standards, conducting audits and risk assessments, and reporting
cybersecurity incidents.
Facilitate the sharing of cybersecurity information with and by CSA.
Recognising that cybersecurity breaches will happen despite the
best efforts, the Act will empower CSA and sector regulators to work
closely with affected parties to expeditiously resolve cybersecurity
incidents and recover from disruptions.
12. National Cybersecurity Response Plan
Integration of Threat Discovery, Analysis and Incident
Response
Conduct regular multi-sector cybersecurity exercises with
more complex scenarios and involving more sectors
Expand the National Cyber Incident Response Team
(NCIRT)
Strengthen the Disaster Recovery Plans (DRP) and
Business Continuity Plans (BCP) of essential services,
especially against a cyber-attack.
13. Building up Singapore’s Cybersecurity
Industry.
Attract and anchor companies
with advanced capabilities in
Singapore to inject know-how
and dynamism into the local
cybersecurity community;
Support start-ups to boost the
development of niche and
advanced solutions;
Partner with local companies
that possess strategic
cybersecurity
capabilities to develop
advanced solutions for
Singapore;
Develop opportunities for
made-in-Singapore solutions in
the global market and
facilitate access to new market
segments.
14. Strong International Partnerships
Singapore will forge international and ASEAN cooperation to counter cyber threats
and cybercrime. Working closely with the international community and ASEAN
partners to strengthen platforms and procedures for cyber incident reporting and
response. With ASEAN Member States to coordinate the regional approach to
cybercrime. Leverage INTERPOL’s resources to tap the global operational networks
and capabilities to tackle cybercrime.
Champion international and ASEAN cyber capacity building initiatives in operational,
technical, legislative, cyber policy and diplomatic areas. Will partner the international
community, Dialogue Partners and ASEAN Member States to organise workshops,
seminars and conference that seek to advance cooperation and build capabilities in
these aspects .
Facilitate exchanges on cyber norms and legislation. Сontinue to participate in global
and regional discussions on cyber norms, cyber policy and legislation, cyber
deterrence, and cybercrime cooperation. Will host an annual Singapore International
Cyber Week (SICW)
15. Reference
Defending Manufacturing Systems from Cyberthreats
Singapore Cybersecurity Strategy – CSA
PM Lee Launches Singapore’s Cybersecurity Strategy
National cybersecurity strategy aims to make Smart Nation safe: PM
Lee
CSA discusses Singapore’s cybersecurity landscape
Singapore’s Approach to Cyber Security
Singapore cyber security strategy launched, half of public agencies
separate Web surfing from work computers
Cyber Security Agency of Singapore (CSA) releases key findings
from first Cybersecurity Public Awareness Survey