#WorkinginCSA: Enhancing Readiness through Exercises

13 Apr 2020

How do interactions between humans and machines bring about cybersecurity risks? Find out from Chia Bing Qiang of CSA’s Joint Operations Readiness Division (JORD) as he shares interesting aspects of his job, and the process behind delivering a successful cyber crisis management exercise.

1. What sparked your interest in cybersecurity?

It started during my time with the Republic of Singapore Air Force when I was managing a project on the development of a new information system. One of the biggest challenges I faced was striking a balance between functionality and security. The teams working on the project could not see eye-to-eye. As the project manager, I had to be the arbitrator and that required me to learn more about cybersecurity so I could provide a balanced perspective. Through this experience, I gained an appreciation of the breadth and depth of the cybersecurity field.

2. Tell us something interesting about your job that not many people know about.

An interesting part about my job is that I need to understand how the interactions between humans and machines can bring about cybersecurity risks. Most imagine cybersecurity as purely a technology problem, but it is more often a “human” problem rather than a technical issue.

Computers, on their own, are predictable machines. But when you look at any cyber incident, the one behind the screen is a human with their own belief systems, motivations and abilities. To thwart an attack before it happens, we need to understand the perpetrator’s objectives, modus operandi and capabilities. With an understanding of these, we can then better design our exercises to improve our incident response capabilities and readiness.

3. What is a typical day at work like for you?

To deliver a successful cybersecurity exercise, we conduct extensive research and work with exercise participants across the 11 Critical Information Infrastructure (CII) sectors to understand their IT environment. This enables us to design realistic scenarios and mechanics for exercise play. The entire process is challenging, as it requires a wide variety of skillsets. For example, we need soft skills to work effectively with people from different organisations and creativity to dream up new attack scenarios. Last September, we held the third edition of Exercise Cyber Star – a nationwide cyber crisis management exercise. CSA, CII sector leads and their CII owners, came together to test and validate their operational plans in response to complex attack scenarios.

4. What makes you excited about coming to work?

It is the teamwork. Everyone in the team is trained in different domains, and all of us bring different skills to the table. We play to each other’s strengths, and collectively, we achieve so much more. For example, one of my team members is more artistically-inclined, and he was put in charge of producing the exercise collaterals, which greatly helped in engaging the exercise participants!

The friendships that I’ve forged here also keeps me motivated to give my best at work. It’s heartening to be working alongside friends who look out for each other.

5. What are 3 qualities that are important for someone in your role to have?

The person must be able to reason clearly, be comfortable around large groups of people, and be imaginative!