06 Oct 2015

SPEECH BY DR YAACOB IBRAHIM, MINISTER FOR COMMUNICATIONS & INFORMATION AND MINISTER-IN-CHARGE OF CYBER SECURITY, AT GOVERNMENTWARE 2015 ON 6 OCT 2015, AT 9.10 AM, AT THE SUNTEC SINGAPORE INTERNATIONAL CONVENTION AND EXHIBITION CENTRE

Distinguished Guests

Ladies and Gentlemen

I am delighted to join you for GovernmentWare 2015 this morning.

Introduction

2. Cyber security has evolved to become one of the pre-eminent challenges facing the world today. This conference does not have to be reminded of the growing sophistication and pervasiveness of cyber-attacks. In recent years, we have been inundated with news of cyber-attacks on governments and businesses. While the threat of cyber-attacks undoubtedly poses a challenge that we must learn to manage, there are also opportunities that we can harness to strengthen our capabilities and infrastructure.

3. For Singapore to bring cyber-security to the next level, we need to develop a national cyber security strategy, to prioritise our efforts and raise awareness across the country. Today, I will talk about three thrusts in this strategy. First, we will need to ensure we allocate resources smartly to build our cyber defences. Second, we will need to develop our capabilities both in the government and industry and ensure close collaboration between the various sectors. Third, we need to grow a vibrant cyber security ecosystem that strengthens our capabilities and brings good jobs to Singaporeans.

Allocating for Cyber Security Expenditure

4. First, everyone can play their part by allocating the right budget for cyber security. Countries like Israel and South Korea even prescribe the level of cyber security expenditure. Israel stipulates that 8% of its total government IT budget must be allocated to cyber security while South Korea prescribed 10%. This underscore the importance accorded to cyber security. Here in Singapore, we intend to adopt a similar approach for government ICT projects. I am also asking CSA to study how this can be institutionalised beyond the Government Critical Infocomm Infrastructure (CII) sector. If the current allocation of the IT budget on cyber security differ from the 8-10% mentioned, the figures should be relooked and revised to ensure we are allocating sufficient resources to mitigate this emerging and pressing threat.

Cyber Security Capabilities

5. The second thrust is to develop our capabilities both in the government and industry sectors. I have spoken before about the need for security-by-design, to strengthen our national cyber capabilities. In short, security-by-design is about assessing threats and risks, building and configuring our systems with security in mind from the start, checking for intrusions after implementation, disposing the assets securely at the end of their life span, and educating the end-users to be CyberSmart. If we do this right, we will avoid piecemeal implementation and the need for costly and often ineffective ‘retrofitting’ later on. The Government will lead the way by implementing Cyber Security-by-Design when developing new or retrofitting existing systems.

MOU with Check Point, FireEye and SingTel

6. As part of capability-building, CSA intends to develop industry partnerships for cybersecurity manpower and operational development. It has signed three Memoranda-of-Understanding (MOU), namely with Check Point, FireEye, and SingTel, to increase our capacity for advanced technology in the development of defensive capabilities and operational readiness.

7. Check Point and FireEye are widely recognised as top-tier global cybersecurity firms. For SingTel, they have put a firm commitment and investment in cybersecurity, which is aligned with our intention to grow the local enterprise for cybersecurity.

8. By fostering closer collaboration between global firms and interested local companies, we will help to localise advanced cybersecurity services and solutions, manpower development as well as technological innovations. Such partnerships will reap operational advantages to the CII enterprises based in Singapore, and potentially generate economic benefits given the projected growth of cyber security industry.

Cyber Security Associates and Technologists Programme

9. The demand for cyber security is growing due to increasing threats and cyber security awareness. However, there is insufficient manpower supply to fulfil the growing demand. Fresh ICT professionals lack the necessary skillsets and experience to take on specialised roles while mid-career ICT professionals find it challenging to convert to the cyber security profession.

10. I am therefore happy to announce that CSA and IDA will introduce the Cyber Security Associates and Technologists Programme (CSAT) to train and up-skill ICT professionals. Modelled on IDA’s successful Company-Led Training initiative, CSAT would enable our ICT professionals to acquire practical skills for specialised job roles for cyber security operations. The programme will help to bridge the employment gap for fresh ICT professionals and lower the barriers for mid-career ICT professionals. CSAT will therefore enlarge the pool of cyber security professionals with in-depth technical skills relevant to the industry.

Cyber Security Ecosystem

11. The third thrust is to encourage the development of a vibrant cyber security ecosystem in Singapore. Cyber security is not only a threat to mitigate; it is also a high value industry that will bring good jobs to Singaporeans. To catalyse the development of this ecosystem, Government will work to create common certification and standards as well as support the broadening of the cyber security talent pool.

MOI with AISP and CREST International

12. CSA, the Association of Information Security Professionals (AISP), and the Council for Registered Ethical Security Testers or CREST International have signed a Memorandum of Intent to introduce CREST certifications in Singapore. CREST certifications for penetration testing will offer transparent and open standards that serve as a competency baseline for practising professionals and service providers. In the UK and Australia, CREST certifications are the prevailing industry standards for penetration testing, with the standards being endorsed by the UK and Australian Government. A CREST SG Chapter will be set up next year through a multi-agency collaboration among CSA, AISP, the Association of Banks in Singapore, and sector regulators, the Infocomm Development Authority of Singapore and the Monetary Authority of Singapore.

13. By introducing these certifications in Singapore, we will grow local capabilities in penetration testing. We will also provide the assurance for professionals and service providers that perform penetration tests, hence, raising the quality of cyber security services and workforce through such professional certifications.

Conclusion

14. In conclusion, Cyber Security is a team effort, everyone has a part to play, and everyone has to play their part. The Government will take the lead to spearhead initiatives to enhance Singapore’s cyber security stance, and we will need everyone’s cooperation to reap long term benefits for the cyber ecosystem. We aim to build a Smart Nation – one that will be enabled by trustworthy infrastructure and technology.

15. It is my pleasure to declare GovernmentWare 2015 open. I wish everyone a fruitful conference ahead. Thank you.