#WorkinginCSA: Developing Systems for Cybersecurity Operations and Securing 5G

27 Jan 2021

How does CSA’s Cybersecurity Programme Centre (CSPC) play its part to enhance the strength and resilience of Government agencies’ networks and systems? Find out from Senior Assistant Director Nicholas Goh as he elaborates on his role in CSPC and shares exciting projects he is involved in, such as ensuring the security of 5G networks in Singapore.

1. What sparked your interest in cybersecurity? 

My interest in cybersecurity began nearly three decades ago when I was developing an authentication function for my class project in junior college. I wanted a means of authentication that did not rely on hardcoded passwords in the program and required the legitimate user to possess something more than a password. A rudimentary form of what we know today as Two-Factor Authentication (2FA) was developed. After working in another industry for several years, I landed myself a role in the then Singapore Information Technology Security Authority (SITSA) and that was how my career in cybersecurity began.

2. What is a typical day at work like for you?
I oversee a team of nine consultants and we work together to enhance the cybersecurity posture of our nation and implement programmes outlined in Singapore's Cybersecurity Strategy. Some of our tasks include providing cybersecurity consultancy services as well as architecting and developing systems for cybersecurity operations that balances security, usability and cost. Once these systems are developed, we will then pass them to colleagues who will use them for their operational work. We also review system designs for potential security flaws, recommend mitigation measures, and ensure that they are implemented according to required security postures. 
I am also a member of the 5G Task Force (5GTF), which was formed by CSA to focus on security matters arising from the new acme of telecommunication technology – 5G. The 5GTF works closely with the Infocomm Media Development Authority (IMDA) and other government agencies to ensure the security of our upcoming 5G infrastructure. Examples of what we do include developing reference architectures, threat risk and security assessments, and more recently, working with IMDA on the security portions of the Call For Proposal (CFP) for local Mobile Network Operators to set up 5G networks in Singapore.

3. What makes you excited about coming to work?
There are always new challenges to face and overcome given the dynamic nature of cybersecurity, and this gives me a sense of purpose. From program development where actual systems are developed and built, to understanding the implication of new technologies to the nation and how to best protect them, to the architecting of robust security systems. There is simply never a dull moment at work. While dealing with such challenges may be daunting at times, having a team of dedicated colleagues who are always steadfast in resolving issues certainly makes work more enjoyable. I find enjoyment when we manage to overcome seemingly insurmountable issues!

4. Tell us something interesting about your job that not many people know about.
There is no fixed formula when coming up with solutions to protect our systems. The cyber arena is ever-changing and even more so for its security aspects. The security solutions that worked for one scenario may not work for another, and what worked today may be vulnerable tomorrow. So, we must continuously innovate to forestall the adversaries, tap on our experience and professional understanding of security principles, and enhance our know-how to accord the most suitable security solutions to keep our nation safe from cyber criminals. 

In CSA, we have the opportunity to be posted out to other agencies as part of the job rotation policy framework. In February this year, I will be heading to the Housing & Development Board as the agency’s Chief Information Security Officer. This exciting opportunity will allow me to oversee and contribute to both the operation and governance aspect of cybersecurity.

5. What are 3 qualities that are important for someone in your role to have?
Curiosity and interest to understand the latest technology without being daunted by the ever-changing landscape.
Imaginative to be able to think outside the box and be prepared for unexpected tactics used by our adversaries. 
Persistence to thwart threats and constantly safeguard all fronts of a system.