10 Oct 2016


Your Excellencies
Distinguished Guests
Ladies and Gentlemen

I am very happy to join you this morning to open the GovernmentWare Conference, and the inaugural Singapore International Cyber Week.

This year marks the 25th anniversary of GovernmentWare. We started it in 1991 to raise awareness of IT security threats amongst public officers. We started with just 50 participants that year and now we have 3,000 participants from over 30 countries. The Singapore International Cyber Week builds on the success of GovernmentWare and reflects the importance of cybersecurity issues not only to Singapore, but also regionally and internationally.

Singapore has long embraced infocomm technologies (ICT) for our economic and social development. It has helped us progress from third world to first, it has made us a knowledge-based economy, boosted our workers’ productivity so that we can do more with a lean workforce and improved the lives of Singaporeans. ICT continues to be critical for the future, as we strive to become a Smart Nation because technology is disrupting everything, from retail, to transport to professional services. For Singapore to continue as an international centre of exchange and commerce, we must always be open to new technologies, know-how and to be at the leading edge.

While ICT brings many new opportunities, it also opens up new vulnerabilities for us. Globally, cyber threats and attacks are becoming more frequent and sophisticated, with more severe consequences. For example, last December, a successful attack on the power grid in Ukraine left many Ukrainians without electricity for hours. This year, thieves siphoned US$81mil from the Bangladesh Bank, the central bank of Bangladesh, in a sophisticated cyber-heist. In Taiwan, hackers used malware to withdraw more than US$2mil from dozens of ATMs in a coordinated attack.

Singapore has also been targeted. Our government networks are regularly probed and sometimes attacked. We have experienced phishing, intrusions, and malware. From time to time, our systems have been compromised. Websites have been defaced. We have also suffered concerted DDOS attacks that have sought to bring our systems down.

Our financial sector has suffered DDOS attacks, and also leaks of data. Individuals too have been targeted. There are fake websites out there, masquerading as government websites, as Singapore Police Force, Ministry of Manpower, Immigration and Checkpoints Authority or the Central Provident Fund. All pages which Singaporeans visit in millions all the time. The fake sites are hosted overseas, and they phish for personal information or they scam people into sending money.

That is why Singapore set up the Cyber Security Agency of Singapore (CSA) last year, to coordinate our national efforts in cybersecurity. CSA has done good work. It has developed a national cybersecurity strategy, which we are launching today. This national cybersecurity strategy will have four key components.

First, we will strengthen our critical infrastructure. We are investing more to strengthen government systems and networks, especially those handling sensitive data to protect them from cyber attacks. Operators of essential services will have to develop robust cyber risk management frameworks and responses.

One initiative which we have already taken and which has caught public attention a few months ago, is Internet Surfing Separation in the public service. We are separating internet surfing from other work systems such as emails. You can still surf the internet as government officers, whether to access news websites or Wikipedia, but they have to use a different device that is not connected to the internal network. Your emails and work systems are on a separate and more secured internal network. Ministers, senior civil servants and half of our public agencies have already started separating their networks. The rest of the agencies are on track to implement it by middle of next year.

Secondly, we are working with businesses and individuals in this national effort. The CSA will have powers to direct private sector operators and essential services, for example, financial payments systems, which affect many Singaporeans. CSA will also partner businesses because regulating by fiat, will not do the trick. CSA will issue regular advisories to businesses on imminent cyber-attacks and emerging cyber threats to remind them to keep up their cyber security measures. They will provide technical guides and self-help cybersecurity checklist to help strengthen the security of their networks.

Companies have to understand that cybersecurity is also your problem and make the necessary investments to protect yourself and your customers, because you are prime targets too, as businesses. Almost every month, we hear of companies having their customer data compromised by hackers. The most recent and spectacular being Yahoo!, 500 million emails and details are stolen. What is lost is not just data or money, but the company’s hard earned reputation.

At the same time, individuals have to stay safe online and practise good cyber hygiene. Be vigilant about potential phishing and suspicious activity, keep our machines secure, avoid being infected by malware, or worse spreading malware to other machines.

That is why for Singpass, which is the login system for government services in Singapore, we have implemented two-factor authentication (2FA) to protect users. More than two million SingPass users have already signed up, a handful not yet. I strongly encourage all users to sign up, so that you can be better protected when you access e-services.

Thirdly, we are growing our cybersecurity capabilities. We face a severe shortage of talent and skilled expertise, as do many countries. Demand will increase as cyber threats grow and businesses invest more in cybersecurity.

We have developed manpower programmes and initiatives to train more cybersecurity professionals. All our universities and polytechnics offer cybersecurity programmes. They have sophisticated facilities, where students can practise defending computer systems against attack. They produce students who are well trained and who are in demand.  

We have good success stories to tell. For example, Rayden Chia. He was a student at Nanyang Polytechnic studying information security. He won the Singapore Cyber Conquest Network Security competition, two years in a row and graduated two years ago with a Diploma. Harvard and MIT both offered him undergraduate places. He decided to go to MIT, and has now just started school, after finishing his NS. I hope that Rayden’s success will inspire other students who share the same passion to go for it, master the subject and make a contribution.

The Government is also working with our industry to develop talent. We focused on SkillsFuture which develops people in their jobs during their careers. There is a SkillsFuture programme for Cybersecurity: the Cyber Security Associates and Technologists (CSAT) Programme. If you are an ICT graduate or an experienced professional, you can gain new skills through on-the-job training programmes with companies that have signed up as training partners of CSAT.

We have started with two partners, Singtel and ST Electronics. Two new home-grown companies have just come on board, Quann and Accel Systems & Technologies. These are home-grown companies which have regional offices over the world and will offer good career prospects for cybersecurity professionals. We hope more companies will join.

The Government also provides National Cybersecurity Postgraduate Scholarships for graduates and working professionals. Cybersecurity is therefore a growing industry and in developing our capabilities, we will also create good jobs and opportunities for Singaporeans.

Fourthly, we are cooperating with other countries to respond to cyber threats because cyber attackers do not respect jurisdictions. Attacks can come from anywhere in the world and can be routed through any number of intermediate nodes. The IP addresses that you see are probably not the real, ultimate attackers.

We are working with other Governments to share intelligence, work together to block attacks, shut down networks and to learn good practices from one another. For example, Singapore hosts the Interpol Global Complex for Innovation. One of its priorities is to enhance capabilities in digital security.

We will therefore, strengthen our partnership with ASEAN. With closer ASEAN integration, we are much more inter-connected than before and cybersecurity cooperation will help us to protect our supranational information infrastructures like internet submarine cables and the SWIFT global interbank payments network. It will also support our growth as an ASEAN community. So, ASEAN members should work more closely to promote consensus on cyber norms, to strengthen operational linkages and to build cyber capability.

Singapore will partner fellow ASEAN members to do so, by facilitating discussions and dialogues, such as the ASEAN Ministerial Conference on Cybersecurity, and capacity building initiatives. Minister Yaacob Ibrahim will be sharing further details when he speaks at the conference tomorrow. We appreciate the support of fellow ASEAN members, every ASEAN member represented here today. The ASEAN Secretary-General will also be joining us. So thank you all for taking the time to be here and for the ASEAN Ministerial Conference on Cybersecurity tomorrow.

Singapore aspires to be a Smart Nation. But to be a Smart nation, we must also be a safe, cyber nation. The potential of ICT and digital technologies depends on how much we can trust the internet and cyberspace. We have got to get cybersecurity right, to capture the benefits of a more connected world. This is why cybersecurity is an issue of national importance. We must put the systems and defences in place to ensure our cybersecurity. Only then, can IT deliver innovation, growth and prosperity for our businesses and citizens.

Therefore, it gives me great pleasure now to launch Singapore’s Cybersecurity Strategy, and also Governmentware 2016 and the inaugural Singapore International Cyber Week. I wish all of you a good conference ahead. Thank you very much.