Speech by Mr David Koh, Chief Executive of CSA, at CSA’s 10th Anniversary Dinner

Opening and Acknowledgements

1. Good evening.

a. Firstly, I want to thank Coordinating Minister Shanmugam for his inspiring speech and guidance.

b. And for peeling back some of the curtains, which we normally operate behind, to provide the public a glimpse of the work my colleagues and I deal with on a regular basis.

2. Cyberspace is indeed contested, and we are on the frontlines of this dynamic domain.

a. It is a challenging space.

b. But I daresay I speak for all my CSA colleagues – past, and present – as well as all our partners across the ecosystem – in government, CIIs, industry, academia and so forth – when I say that we are proud to be here.

c. And as Coordinating Minister has directed: we will continue to be agile, adapt to emerging threats, and demonstrate our collective will and commitment to secure our cyberspace.

3. Tonight, we gather to commemorate the 10th anniversary of the Cyber Security Agency of Singapore (CSA).

a. This evening is as much about reaffirming our commitment to our mission, and the future, as it is about reflecting on our journey here.

The Birth of CSA: A Puzzle in the Making

4. When CSA was established in 2015, it was not created from scratch.

a. Instead, it was built upon strong foundations laid by various agencies across Singapore’s cybersecurity landscape.

b. Much like assembling a complex puzzle, the pieces were already in existence but scattered across different entities.

c. At the heart of this early effort was the Singapore Infocomm Technology Security Authority (SITSA) – part of the Ministry of Home Affairs, whose 30 officers, led by our former Deputy Chief Executive Officer (Operations), Mr Ng Hoo Ming, played a pivotal role in bringing together the country’s cybersecurity efforts.

d. Their work set the stage for the creation of CSA.

3. But bringing these different pieces and efforts together into a single, unified agency required more than technical expertise — it demanded vision and close collaboration.

a. Key agencies such as the National Security Coordination Secretariat, the National Research Foundation, IDA (now IMDA), and MCI (now MDDI) all played important roles, with many talented professionals joining CSA to help build a new agency ready to protect Singapore’s digital future.

Honouring Leadership and Ensuring Continuity

4. Our journey would not have been possible without the steadfast support and vision of Mr Teo Chee Hean, who served with distinction as Senior Minister and Coordinating Minister for National Security until his retirement earlier this year.

a. From the very beginning, Mr Teo recognised the strategic importance of cybersecurity and championed the establishment of CSA, helping to build it on strong foundations.

b. His leadership and mentorship guided CSA through its formative years and shaped it into a cornerstone of Singapore’s digital security.  Thank you Mr Teo.

5. We are heartened that Min Shan has since taken up the mantle as our new Coordinating Minister for National Security.

a. Min Shan’s deep commitment, thoughtful leadership and clear guidance give us great confidence as we continue to navigate an ever-evolving cyber landscape.

b. Together, building on the strong legacy left by Mr Teo, we look forward to advancing Singapore’s cybersecurity capabilities and safeguarding our digital future.

Our Journey – Piecing Together a New Path

6. Reflecting on the past decade, I am struck not only by what we have achieved, but by the way we achieved it—through collective effort, shared vision and a fair bit of chutzpah.

a. The story of CSA is not about following a well-trodden path but about discovering and charting our own course.

b. There was no ready-made blueprint for building a national cybersecurity agency; while we drew inspiration from around the world, Singapore had to create our own path, face our own unique challenges and seize the opportunities.

7. Our journey has often felt like assembling a puzzle without a picture on the box and not being sure if we had all the pieces. Partner agencies, such as MINDEF, MHA, and sector lead CIIOs; industry; academia; staff and alumni — each brought their own unique pieces: different perspectives or capabilities.

a. At times, the pieces didn’t seem to fit, and the way forward was unclear.

b. Yet, through collaboration and a shared sense of purpose, the bigger picture gradually emerged.

c. Every contribution mattered: partner agencies provided operational wisdom and strategic foresight; critical information infrastructure owners (or CIIOs) anchored our efforts in protecting essential services; industry and research partners pushed us to innovate; and our staff and alumni held everything together with their passion and resilience.

8. Our collective efforts are reflected in the milestones we have achieved.

a. The Cybersecurity Act, which continues to evolve with new amendments to address emerging threats, speaks to our adaptability and resolve, and the political support that our mission receives.

b. Our coordinated response to the SingHealth breach reaffirmed our mission to protect Singapore’s digital backbone.

c. Initiatives such as the Operational Technology Cybersecurity Masterplan and the Cybersecurity Labelling Scheme for IoT devices—now recognised internationally—demonstrate how industry, government, and consumers can move forward together.

d. On the global stage, Singapore now hosts key conversations through the Singapore International Cyber Week and the ASEAN Ministerial Conference on Cybersecurity, and contributes actively to international efforts like the UN Open-Ended Working Group and the Counter Ransomware Initiative.

Looking Ahead: Our Commitment to Mission

9. As we reflect on these achievements and embark on the next 10 years, we are clear on the importance of our mission.

a. Min Shan earlier spoke about how, on top of the challenges that cybercrime poses to our businesses and public interest, the cyber threat is also to our national security.

b. Singapore has been, and continues to be, a target of Advanced Persistent Threats (APTs).

10. These APT groups are highly sophisticated, and their tactics are constantly evolving.

a. As one example, they might deploy customised malware designed exclusively for targeted devices — demonstrating a high level of resources at their disposal, and remarkable persistence.

b. They are intentional in selecting their targets, which include our critical infrastructure. 

c. This is a stark reminder of the playing field on which we operate.

11. Let me assure you that we are no less determined and resolved.

a. Singapore is working closely with CII owners, industry partners, and others to defend against the ongoing threats, as well as future ones.

b. We have enhanced requirements, built sectoral capabilities, and deployed early warning systems that combine technical telemetry with intelligence insights.

c. We have built robust and operationally effective partnerships—working together to protect, detect, respond, and recover from threats in our cyberspace.

12. The journey ahead will demand even greater agility and resolve.

a. The cybersecurity puzzle will never be complete—its contours shift with every technological advance and emerging threat.

b. But with determination, vigilance, and agility (and I would add, a bit of luck), we can continue to shape a resilient and adaptive model—one that protects Singapore and sets an example for others confronting the shifting landscape of cybersecurity.

13. Our upcoming move to the Punggol Digital District—a hub for innovation and collaboration—reflects this vision.

a. It will be a place where government, industry, academia and community come together to co-create solutions, anticipate risks, and set new standards for digital trust and safety.

A Special Gift and Puzzle for You

14. To mark this milestone, we have prepared a special gift for each of you—a CSA 10th Anniversary puzzle set.

a. It symbolises our daily work: solving complex challenges, piece by piece, through creativity and teamwork.

15. Just as each puzzle requires collaboration and fresh perspectives, so does our work in cybersecurity.

b. And every piece matters.

c. And the whole is greater than the sum of the parts.

d. Together, our unique strengths form a clearer picture—and solve even the toughest cybersecurity challenges.

e. As you assemble your puzzle, I hope you reflect on how our collective efforts bring clarity to even the most complex problems.

16. Let this gift remind us that every challenge is an opportunity to connect ideas and build stronger solutions.

a. Together, we will continue to create a safer and more secure digital future for Singapore and beyond.

Final Thoughts

17. In closing, I want to express my sincerest gratitude:

a. To public officers, past and present — within CSA, and across all sister agencies — your dedication is the foundation of our success.

b. As silent guardians, you work around the clock away from the public eye to help keep the rest of Singapore safe.

c. I thank you for your service.

d. To our partners across government, industry and academia—thank you for your unwavering support and collaboration.

e. We deeply appreciate the professional knowledge, actionable insights, and swift actions that you offer.

f. And to everyone here tonight—together, we will continue to solve the cybersecurity puzzles that lie ahead.

g. Let’s build the future—one piece, one step, together.

h. Thank you all.