Cyber Public - Private Partnerships: Why Cyber is a Team Sport Keynote Address by Mr Ong Kok Wee, Assistant Chief Executive (Policy & Corporate Development), Cyber Security Agency of Singapore at GITEX Asia on 9 April 2026

Distinguished guests,

Ladies and gentlemen,

Colleagues, and partners

Introduction

1      It is often said that Cyber is a Team Sport. We certainly say this so often in Singapore, that it has become something of a cliché.

2      But like most cliches, there is a strong element of truth in it.

3      Today, the nature of cyber threats has evolved significantly. They are no longer isolated incidents affecting a single organisation. Instead, they are coordinated, cross-border, and often simultaneous—impacting governments, businesses, and critical infrastructure at the same time.

4      Add AI-enabled attacks to the mix, and there is a real danger that attacks will come at a scale and speed that overwhelm our individual defences.

5      In such an environment, no single entity—public or private—can manage cyber risk alone.

6      Public–private partnership, therefore, is not simply a policy preference. It is a strategic necessity.

7      The question before us is not whether we should collaborate, but how we can do so more effectively, more systematically, and with greater trust.

8      For Singapore, we have taken a pragmatic and structured approach, bringing these elements together—within a system that is coordinated, consistent, and anchored in trust.

9      Rather than separate initiatives, our focus is on an integrated partnership model, where collaboration is embedded across operations, technical work, ecosystem development, as well as intelligence sharing.

10  Allow me to outline four key areas where deepened public–private partnerships have supported Singapore’s cybersecurity efforts and capability building.

Pillar 1: Joint Operations with Industry

11  First, joint operations.

12  Earlier today, the Cyber Security Agency of Singapore’s Chief Executive, Mr David Koh shared that Singapore has experienced a four-fold increase in APT attacks between 2021 and 2024. In 2025, Singapore announced that our critical information infrastructure (CII) was attacked by APT actor UNC3886. We took an unprecedented step to name the threat actor to educate our own public that our CIIs were under attack.

13  In February this year, Minister for Digital Development and Information, and Minister-in-charge of Cybersecurity, Mrs Josephine Teo announced that Operation CYBER GUARDIAN, led by CSA, represented Singapore’s most extensive and coordinated cyber defence effort against a sophisticated campaign that targeted our telecommunications infrastructure.

14  Together with multiple government agencies—including the Infocomm Media Development Authority, Government Technology Agency, Centre for Strategic Infocomm Technologies (CSIT), Digital and Intelligence Service (DIS) and Internal Security Department—to conduct threat hunting, forensic investigations, and system hardening.

15  Equally, the operation also underscored the strength of Singapore’s public–private partnership model in cybersecurity. Telecommunications operators worked hand-in-hand with government agencies as frontline defenders—detecting intrusions, sharing critical data, and jointly implementing remediation measures.

16  This reflects a broader national doctrine where cybersecurity is co-produced through trust, transparency, and shared responsibility between the state and industry. Operation CYBER GUARDIAN therefore exemplifies how Singapore operationalises joint action across sectors, forming a seamless and adaptive defence ecosystem capable of responding decisively to evolving cyber threats.

17  Above that, regular cross-sector exercises can also play an important role.

18  They allow us to test assumptions, refine response protocols, and build the trust that is necessary when future incidents occur.

19  The principle here is straightforward: we must train together in peacetime, so that we can respond effectively in times of crisis.

Pillar 2: Technical Collaborations with Key Partners

20  Second, technical collaborations.

21  Traditionally, engagement between government and industry has centred on procurement or compliance. However, the complexity of today’s cyber threats requires us to move beyond this model.

22  We should then aim to co-create capabilities.

23  This includes joint research and development in areas such as artificial intelligence for threat detection, securing operational technology environments, and strengthening cloud resilience.

24  It also means working together to develop practical mechanisms that protect our civilian population.

25  In 2024, CSA partnered Google on a pilot for Enhanced Fraud Protection (EFP) within Google Play Protect (GPP) or the Google Play store, which was rolled out to about 8 million users in Singapore. This feature automatically blocks the installation of potentially malicious applications. As of Feb 2026, the EFP feature has successfully blocked more than 2.9 million potentially malicious installation attempts across 685,000 devices. This feature is now being rolled out in other countries by Google, protecting citizens beyond Singapore’s shores. 

Pillar 3: Ecosystem Development

26  Third, ecosystem development.

27  Cyber resilience is not only about defending against threats—it is also about building a strong and vibrant ecosystem.

28  Singapore is well positioned to serve as a regional hub for cybersecurity capability building.

29  For example, just last year, CSA and Microsoft co-organised the ASCCE-Microsoft Cybersecurity Roundtable on AI at the ASEAN-Singapore Cybersecurity Centre of Excellence (ASCCE). The Roundtable aimed to provide a platform for regional national cyber agencies to discuss developments in emerging technology, with a focus on AI in cybersecurity. The partnership with Microsoft reaffirmed CSA’s shared interests in regional cyber capacity building with industry partners.

30  And as a hub for innovation and expertise, CSA also supports the growth of local cybersecurity companies through its various initiatives, while also attracting leading global firms to establish a presence here.

31  At the same time, we have and can develop sector-specific capability hubs—for example, in finance, maritime, and energy—where industry players, technology providers, and researchers can collaborate closely.

32  Such an ecosystem ensures that capabilities are distributed, continuously evolving, and responsive to emerging risks.

Pillar 4: Cyber Threat Intelligence Sharing

33  Lastly, on intelligence sharing.

34  At the heart of effective cyber defence lies timely and actionable intelligence sharing.

35  However, information sharing cannot be taken for granted. It depends fundamentally on trust.

36  To strengthen this, we consider tiered frameworks for intelligence sharing, where the depth and sensitivity of information exchanged are aligned with the level of trust between partners.

37  This is why CSA participates in regular cyber threat intelligence exchange sessions with trusted, key partners like Google, Microsoft and AWS. Whether the exchange of intelligence is done over a dialogue between senior leaders; deep dive sessions between analysts on both side; or simply quick pings or phone calls on actionable insights, the intelligence shared between partners prove that public-private partnerships also benefit both parties.

38  Ultimately, trust is the currency of cyber defence—and it must be built deliberately and sustained over time.

Key Enablers & Vision

39  Beyond these four areas, there are several key enablers that underpin successful public–private partnerships.

40  First, trust and discretion.

41  In many Asian contexts, relationships are built not only on formal agreements, but also on mutual respect and confidence. Safeguarding sensitive information and honouring commitments are essential.

42  Second, clarity of roles.

43  Government agencies play a critical role as convenors, regulators, and strategic leaders. At the same time, industry operators are often the first line of defence and a key source of innovation.

44  Recognising and respecting these roles allows partnerships to function effectively.

45  Third, consistency and predictability.

46  Long-term collaboration requires a stable policy environment and sustained engagement. Partnerships cannot be built on an ad hoc basis.

47  Finally, regional positioning.

48  As a trusted and connected hub, Singapore can play a constructive role in facilitating collaboration across ASEAN and beyond, strengthening collective resilience in the region.

49  In closing, public–private partnership in cybersecurity is not a single initiative, nor a fixed endpoint.

50  It is an ongoing commitment—to deepen trust, to strengthen collaboration, and to align our capabilities in the face of evolving threats.

51  In having and by working together in a structured and sustained manner, Singapore can continue to be a secure and trusted digital hub in an increasingly complex world.

52  Thank you and I wish all of you a fruitful conference.