#WorkinginCSA: Ensuring Cybersecurity Compliance and Collaboration

Published on 09 Jul 2024

Alan Yap is a Deputy Director in CSA’s Policy & Corporate Development Cluster, Regulations Division (REG). He oversees teams within REG and works with them on policy and operational matters related to the Cybersecurity Act (CS Act) and the licensing regime for Cybersecurity Services Providers. Outside of work, he enjoys reading and participating in endurance events such as triathlons.

1. Tell us more about your team’s work and your role as a Deputy Director in the Regulations Division (REG).  

I lead a team of officers in addressing matters related to the Cybersecurity Act (CS Act) and the licensing regime for Cybersecurity Services Providers. Our close collaboration with both internal and external stakeholders is aimed at allowing them to understand why the CS Act matters and also ensuring their compliance with the CS Act. For example, we work closely with our colleagues in the Critical Information Infrastructure (CII) Division to ensure our CII owners understand and undertake the necessary measures required under the CS Act.  

When working on the amendments to the CS Act, we conducted multiple engagement sessions with external stakeholders to explain the rationale behind the policies essential for safeguarding Singapore’s national cybersecurity, economic competitiveness, and reputation as a trusted digital hub. We are heartened to observe that most of our external stakeholders understood and appreciated the necessity for these amendments. We are also very glad that amendments to the CS Act was passed in Parliament in May 2024.

2. What inspired you to pursue a career in this field? 

My background was in economics and I have prior experience in regulatory roles in both the public and private sector. I also have a keen interest in the dynamic interplay between government-developed regulations and the incentives influencing private firms. These have helped me greatly when developing purposeful regulations and improving existing ones. 

As a regulatory professional, I am particularly drawn to the relatively new field of cybersecurity, given its increasing importance and the challenges posed by evolving technology trends, such as the increasing adoption of cloud computing by both private and public entities. As the national cybersecurity authority, CSA must remain vigilant, proactive, and aware of the evolving technology landscape so that our regulations continue to be relevant and do not fall behind the curve.   

3. What are some projects you’ve worked on in CSA that you found particularly interesting and/or challenging? Also, share something about your job that's not widely known.

I am part of the CSA team that recently contributed to the CS Act Amendment Bill. This was an interesting piece of work as it provided me with firsthand insights into the necessity of amending the CS Act to keep up with evolving technology trends. For example, the original CS Act, in 2018 did not impose ex-ante measures on digital infrastructure such as cloud computing and data centres, as these services were not as prominent back then. However, we have since amended the CS Act to encompass such digital infrastructure, recognising its importance to our digital way of life.  

While the process of amending the CS Act is interesting, my involvement in the team working on the CS Amendment Bill provided a valuable learning experience, given that my expertise was in regulatory work rather than cybersecurity-related matters. Nevertheless, with the invaluable support from numerous CSA colleagues, especially from the technology divisions, I swiftly enhanced my understanding of key cybersecurity concepts and made meaningful contributions to the team.

My division is called Regulations, but we don’t just set regulations! We also conduct investigations into any potential non-compliances of the Cybersecurity Act and recommend enforcement actions to be taken, when required.

4. Have you had a colleague whose guidance helped shape your professional journey in CSA?

Being a new joiner in any organisation, it is always important to have the right contacts within the organisation and know who to approach for the many cross-divisional work that we often work and collaborate with. I am thankful to my colleagues for sharing these contacts with me. 

Additionally, REG fosters a collaborative culture, with officers readily assisting each other as needed. A big shoutout to my colleagues for their tremendous support when I first joined CSA.

5. Outside of work, do you have any hobbies and interests? How do you unwind from work?

I enjoy reading. I think it is important to read widely    outside of work as it provides one with perspectives from different disciplines to tackle problems, be it in life or at work. Recently, I was deeply moved by the memoir 'Addicted', which illustrates the power of determination in overcoming personal challenges. This book has reinforced my belief that with conviction and determination, one can conquer any obstacle, including personal demons.

Triathlons are also something I really love, as it has taught me so much about perseverance which helped me to achieve a certain balance in work and life. I recently took part in the T100 triathlon held in Singapore in May, and I strive to dedicate at least an hour to exercise daily, either before or after office hours.