19 Sep 2017




“Building a More Secure and Resilient Digital Community Together”


Your Excellencies,


Distinguished guests,


Ladies and gentlemen,


Good morning,


1.      Welcome to the Singapore International Cyber Week. Your presence here today reflects the growing importance of cybersecurity, and the opportunities for our community to learn from one another.




2.     Digital technologies such as artificial intelligence, Big Data, and the Internet of Things are transforming our daily lives. While they offer many new and exciting opportunities, there are also several challenges, including increasing our vulnerability to cyber-attacks - from individuals, groups and also state-sponsored attacks.


3.     Cyber-criminals are devising ever more innovative ways to attack and disrupt our increasingly interconnected world. For instance, the WannaCry and Petya ransomware did not just attack individuals, they attacked critical systems, shutting down hospital emergency services in the UK. Cryptocurrencies worth millions of dollars were also stolen in cyber-attacks in July.


4.     The cumulative effect of these cyber-attacks ultimately undermines trust in the digital future - Trust that our interactions online are secure, and that our sensitive personal data will not be misused. Trust that thieves do not steal our valuable personal savings or commercial intellectual property. Trust that essential services like healthcare will be available at all times, and not held ransom by cyber-attacks. Trust that the news we read online is factual and credible, and not fabricated and spread by tweet-bots to undermine our society.


5.     Trust is the invisible glue that holds the various facets of our digital future together. Good cybersecurity policies and measures help us build this trust. And this is what has brought us all here together in Singapore this week.




6.     Singapore is more exposed than many other countries to cyber- attack. We are already highly connected, and aim to become more so. We are implementing major programmes to become a Smart Nation, harnessing technology to improve the lives of Singaporeans – in business, healthcare, social services and security. Cybersecurity is key to these developments and to support our Future Economy.


7.     Singapore has seen its share of cyber-attacks. In May this year, we found evidence of advanced persistent threats (APTs) in the IT systems of a few of our universities. Separately, personal data belonging to some 850 national servicemen and employees were stolen from an internet-connected system in the Ministry of Defence. In both these cases, the breaches were picked up early, and we have strengthened our defences.


8.     Overall, we have made good progress in building up our cybersecurity capabilities. We established the Cyber Security Agency (CSA) in 2015, and CSA has just achieved Full Operating Capability, after successfully carrying out its first exercise involving all 11 Critical Information Infrastructure (CII) sectors in Singapore. But there is much more to be done.


9.     We are deepening our partnerships with key stakeholders – in industry, the professional associations, owners of Critical Information Infrastructure, and international counterparts to encourage good cybersecurity, and create a safer and more secure cyberspace. We appreciate the fruitful partnerships that we have with many of you here in this room.


10.    We are investing in three areas: our people, our capabilities, and our networks to build a more secure and resilient digital community together.






11.    First, we are investing in our people and growing our pool of cybersecurity professionals.


12.    CSA has implemented a Cybersecurity Professional Scheme to groom skilled cybersecurity manpower for the public sector. Earlier this year, we also announced the formation of the Defence Cyber Organisation to focus our defence cyber efforts, and a new Cyber Vocation for our national service conscripts.


13.    I am happy to announce that CSA will develop a new academy to train cybersecurity professionals. The CSA Academy will partner leading industry players to train those in government and critical information infrastructure sectors. This will be expanded later to train cybersecurity professionals for the wider community. US-based cybersecurity firm, FireEye, will be our first partner to help provide training in incident response and malware analysis. This is an example of how companies can contribute to develop the ecosystem.


14.    We will also launch the Cybersecurity Awards to recognise outstanding cybersecurity professionals, enterprises and students who have made significant contributions to our cybersecurity ecosystem. The Awards are organised by the Association of Information Security Professionals (AISP), and supported by CSA and six other professional and industry associations. The inaugural Awards will be presented in February next year, and I wish the candidates all the best!




15.    Second, we will strengthen our national cybersecurity capabilities. As I mentioned earlier, in July this year, we conducted Exercise Cyber Star to test the emergency incident response capabilities of the lead agencies of all 11 CII sectors, ranging from energy, water and banking sectors.


16.    A priority is to strengthen the resilience of our physical infrastructure. Cyber-attacks affect not only the cyber realm, but also the provision of essential services in the physical world affecting our daily lives. The Government is thus developing a new Cybersecurity Bill, to provide regulatory powers to strengthen the resilience of our critical information infrastructure and essential services. This Bill will enable us to take pre-emptive action to protect against cyber threats, and improve our capability to respond to incidents. This will enable Singapore to achieve its vision of a Smart Nation and a trusted place to do business. The Government has consulted widely on the draft Bill and has received much useful feedback.


17.    We will work with industry partners and other stakeholders to build up our cybersecurity capabilities. For example, CSA has worked with the Industrial Control Systems community to develop a set of cybersecurity guidelines for industrial control systems such as those used in the energy, water, maritime and land transport sectors. With these guidelines, we expect companies and agencies to adopt stronger cybersecurity measures.


International Networks


18.    Third, we will work to strengthen our international networks. All countries need to work together, in order to address cyber-threats effectively. International collaboration will also help build trust among our countries.


19.    At the operational level, we will strengthen cooperation among national Computer Emergency Response Teams (or “CERTs”). When “WannaCry” happened, CSA exchanged insights with the UK, and shared our analysis with those in the Asia Pacific CERT community. Last year, CSA discovered some active malware targeting a particular vulnerability. SingCERT informed counterparts in India on the potential threats to some of their computer systems. This enabled them to swiftly investigate and take action. Such partnerships will allow us to better deploy our limited resources, and speed up our responses globally, to counter increasingly sophisticated cyber threats.


20.    There is another important aspect of international cooperation which we should work together on. Some of our CIIs have impact beyond our shores and they in turn, depend on CIIs located in other countries. These are “supra-national CIIs”, and include global payment systems, port operations systems, and air-traffic control systems. We can coordinate our efforts to conduct regular exercises to validate our collective ability to respond to threats against supranational CIIs, working across countries and sectors. Singapore is a strong advocate of global efforts such as the Global Forum for Cyber Expertise, where we actively contribute to cyber capacity building in our region.


21.    At the policy level, countries are working on global cyber norms which help build trust in cyberspace, especially in the protection of supranational CIIs. We have made an encouraging start within ASEAN, with two runs of the ASEAN Ministers Meeting on Cybersecurity (or “AMCC”). The AMCC recognised the need for ASEAN leaders to adopt a common set of norms. I am glad that there is keen interest from ASEAN Member States to coordinate and work on regional cyber policy norms, via both AMCC and other established ASEAN platforms with our Dialogue partners. I look forward to taking this further when Singapore chairs ASEAN next year.


22.    Beyond ASEAN, Singapore has been working closely with our partners in the Forum of Small States to foster a more inclusive and cross-cutting conversation on norms. Singapore stands ready to contribute and has joined the management board of the Global Commission on the Stability of Cyberspace (GCSC). This is a key platform for Singapore to collaborate with our international and ASEAN partners. The International Cyber Leaders Symposium later this afternoon will be part of this effort. I am glad that the UN Office of Disarmament Affairs which has competence over cyber-security matters has been supportive of Singapore’s contributions.




23.    By investing in our people, capabilities and international networks, I am confident that we can raise the overall quality of cybersecurity in Singapore, advance our vision of being a Smart Nation, and contribute to regional and international efforts to build a safer and more secure cyberspace. Good cybersecurity practices enable trust. And mutual trust will allow us to build a secure and resilient digital community together.


24.    To all our overseas friends, we value your friendship and partnership. Have a fruitful Singapore International Cyber Week and a pleasant stay in Singapore. Thank you.