05 Jun 2020
To respond to an ever-changing cyber threat landscape, Critical Information Infrastructure (CII) sectors need to ensure that they have the capabilities to detect, respond to and recover from cyber-attacks. Find out how Annie Sim of CSA’s CII Division engages with organisations from critical sectors to strengthen their cyber resilience.
1. What sparked your interest in cybersecurity?
I started out as a Network Engineer and at that time, security controls were largely focused at the network perimeter. My job function gradually expanded to other security domains involving host application layer encryption and security, and it provided me with an opportunity to build up my cybersecurity knowledge as I was involved in implementing and operating the many domains of security technology.
Cybersecurity grew from what was previously seen as an IT issue into an important focus of many organisations today. It is the purpose and dynamic nature of the cybersecurity that drives my enthusiasm.
2. What is a typical day at work like for you?
I lead a team of three and look after two CII sectors – Energy and Water. Our mission is to strengthen the cyber resilience of these essential service sectors against cyber-attacks through governance, supervision and confidence-building engagements.
My team and I engage the sectors to oversee their compliance to the Cybersecurity Act. We also collaborate with them on capability development initiatives such as introducing a cyber threat monitoring and detection system, setting up sectoral and industry committees, as well as conducting joint workshops and industry conferences. We also measure the CIIs’ cybersecurity readiness through cyber exercises, together with colleagues from the Joint Operations Readiness Division.
When we observe any increase in threat activity, I am the liaison between the CSA’s National Cyber Security Centre (NCSC) and CII Division, planning and coordinating operations’ activities to enable better cross-sector coordination, and reporting the overall readiness of all the CII sectors to the NCSC.
3. What makes you excited about coming to work?
I get to interact with people in different job roles, from an operator working in a power plant to the Chief Executive Officer. In our interactions, I gain new insights, such as learning more about Operational Technology (OT) systems. OT is integral to our everyday lives. For example, the sensors detecting the chemical content in our drinking water to the electricity grid that powers up our appliances are all managed by OT systems. A successful cyber-attack on an OT system can bring an essential service in Singapore to a halt, which will impact the lives of many people.
I have hands-on opportunities to apply what I have learnt from previous jobs in private sector to solve real life problems to improve people’s livelihood. This gives me immense satisfaction and a sense of purpose.
4. Tell us something interesting about your job that not many people know about
The work that we do is not limited to Singapore. We also actively participate in international engagements with other countries to discuss challenges and share best practices on ways to secure CIIs. Through these engagements, we are also able to learn how other countries formulate and execute their national cybersecurity strategy. We then review these best practices and look at how to apply them in Singapore’s context.
5. What are 3 qualities that are important for someone in your role to have?
The person must possess technical knowledge of both cybersecurity and the business environment, have good communications skills and grit to overcome challenges.