13 May 2016
OPENING REMARKS BY DR YAACOB IBRAHIM, MINISTER FOR COMMUNICATIONS AND INFORMATION AND MINISTER-IN-CHARGE OF CYBER SECURITY AT THE OFFICIAL OPENING OF THE ST ELECTRONICS-SUTD CYBER SECURITY LABORATORY ON 13 MAY 2016, 10.20 AM AT SUTD
“Fostering R&D Partnerships in Cybersecurity”
Mr Lee Fook Sun, President, ST Electronics
Professor Thomas Magnanti, President, SUTD
Professor Low Teck Seng, CEO, National Research Foundation
Ladies and gentlemen
It gives me great pleasure today to launch the ST Electronics-SUTD Cyber Security Laboratory. The growth of ICT and the Internet have already transformed the way Singaporeans live, work and play, as well as how we connect with one another. However, as we become more reliant on ICT, we also become more vulnerable to cyber threats.
2. Cyber attacks have successfully disrupted critical services in the physical world. In 2010, Iran’s nuclear facilities were found to contain a sophisticated worm known as Stuxnet, designed to subvert industrial systems. Last December, cyber attacks caused a power outage for over 200,000 customers in Ukraine. Cyber attacks have also caused problems for businesses and consumers. Recently, hackers compromised the Bangladesh’s central bank and attempted to steal $1 billion from its account with the New York Fed, and successfully made off with almost $100 million!
3. Individuals and families are not spared either. Through various cyber attacks, people have lost everything from credit card data, to health insurance and background data, to potentially embarrassing data about personal habits, such as those from the website Ashley Madison. Nowadays, we even need to think carefully about the toys we buy for our children. Last November, a Chinese toymaker VTech was breached, and this exposed the personal details, pictures and voice recordings of millions of children.
The need for cybersecurity R&D partnerships
4. There are no easy solutions to these cybersecurity issues. Attackers will continue to exploit weaknesses in ICT systems, and defenders will continue to engage in a race to stop them. Unfortunately, users who are unaware or choose to ignore the cybersecurity risks may try to take the easy way out, and circumvent cybersecurity requirements that they think are unnecessary or cumbersome.
5. We must therefore strive to build smarter and more trustworthy systems. These should be designed with cybersecurity in mind, while being less onerous for users. A well-designed system can also detect and stop malicious users before they cause damage or steal information. Given that traditional methods such as signature-based detection of malware can no longer keep up with the innovative methods used by cyber attackers, we must constantly find novel approaches to problems.
6. To do so, we will require strong cybersecurity research and development (“R&D”) capabilities. With R&D, we will be able to design systems more securely from the outset, whether these are critical infrastructure or children’s toys. R&D can also help us gain intelligence about emerging cyber threats, and enable us to identify and fix the vulnerabilities early. Over time, this will reduce the prevalence of cyber attacks and importantly, their impact to society.
7. R&D is especially important in light of Singapore’s push for Smart Nation. We have an opportunity to incorporate cybersecurity into nascent areas such as the Internet of Things, to build a secure Smart Nation. But neither government, nor industry or academia can do this alone. We need a strong partnership that enables us to collaborate closely, cross-pollinate innovative ideas, and direct R&D to the relevant areas. All of us must come together to identify core problems and to rapidly prototype new and improved solutions. In this way, R&D can be more relevant to solving real-world cybersecurity challenges, and cross the proverbial “valley of death”, in which innovation dies on its journey from the research lab to the commercial market.
8. I am therefore heartened that ST Electronics and SUTD have taken the lead in this respect, in developing the ST Electronics-SUTD Cyber Security Laboratory. This is the first lab for cybersecurity R&D to be developed under the National Research Foundation’s Corporate Laboratory @ University Scheme. The lab is a tripartite partnership that the Government is co-investing in to better align academic research with industry needs, so that research efforts will be directed towards solutions that can be readily commercialised in the marketplace. The Lab will bring together industry and academia under one roof, and ST Electronics and SUTD staff will jointly run the Lab and its research.
Strengthening local cybersecurity capability
9. I am pleased that SUTD is extending its focus on cybersecurity with this Cyber Security Laboratory. SUTD has an existing research programme in applied cybersecurity, focusing on areas such as security-by-design, cyber-physical systems and the Internet of Things. The innovation areas identified for the Lab are at the forefront of cybersecurity challenges today, and will benefit from SUTD’s capabilities in applied cybersecurity research.
10. I am also happy to note that a large local enterprise like ST Electronics is committed to developing cybersecurity capabilities and expertise. This is indeed a win-win situation for us here in Singapore. On one hand, we need to nurture local champions for cybersecurity. It is vital for Singapore that our local companies strengthen their own engineering capabilities. This will build up a pool of industry-ready manpower, and support our long-term national cybersecurity needs. On the other hand, this will also enhance our companies’ market positions. By creating and investing in new technologies, they have the potential to become market leaders both regionally and internationally.
Developing tomorrow’s cybersecurity professionals
11. A vibrant ecosystem is one with both strong companies and a sustainable pool of manpower. The two must go hand in hand. The best investments in facilities and infrastructure will be lost without investments in people. To this end, we need to enhance the pipeline of cybersecurity professionals, and elevate the cybersecurity profession.
12. This is why the Cyber Security Agency of Singapore and the Infocomm Development Authority have been working in partnership with the private sector on the Cyber Security Associates and Technologists Programme, or CSAT. Under CSAT, both fresh ICT graduates and experienced ICT professionals can be upskilled through on-the-job training programmes led by companies which are CSAT training partners. They will also have the chance to take courses and be mentored by experienced practitioners, and participate in attachments identified by CSAT training partners.
13. I would like to congratulate ST Electronics for qualifying as a CSAT training partner. With this, and the launch of the Lab, ST Electronics has demonstrated a strong commitment to cybersecurity. Besides ST Electronics, the only other company which has qualified as a CSAT partner is Singtel. But I am pleased to note that a number of other companies, such as Ernst & Young, NEC, Quann, Palo Alto Networks, and PwC have shown interest in being CSAT partners and in working with us to grow the pool of cybersecurity experts in Singapore.
Cybersecurity as opportunity
14. Cybersecurity is not only a threat. It is also an area of opportunity for Singapore. Today, Singapore’s cybersecurity market is worth around $570m, according to estimates by PwC. This has the potential to grow into a $1 billion market by 2020.
15. Singapore is indeed well-placed to realise this potential. Our workforce is educated and technology-savvy, and ready to take on skilled jobs in cybersecurity, including in R&D. Singapore is an attractive home for global cybersecurity companies and their R&D efforts, and we are committed to building up this sector. With high-quality R&D, Singapore-based companies can develop useful products and services and be part of the growing cybersecurity market.
16. Once again, I would like to congratulate ST Electronics and SUTD on the launch of the joint ST Electronics-SUTD Cyber Security Laboratory. I hope that this Laboratory will nurture and inspire a future generation of cybersecurity researchers, and spur more local companies to bring innovative solutions to market. Together, we can strengthen Singapore’s stance against cyber threats, and, at the same time, realise the opportunities that cybersecurity brings to us.
 ‘Valley of death’ is a term commonly used within the R&D community, to refer to the significant roadblocks that R&D must overcome to progress from an idea, to the laboratory bench, to the point where it finally provides the basis of an application, a product or a commercially successful business.
 These are: (i) applying big-data machine-learning to cybersecurity; (ii) developing trusted monitoring and mitigating techniques; and (iii) innovative methods for detecting malicious insider threats.