22 March 2010 - Opening Address By Mr Lui Tuck Yew, Acting Minister For Information, Communications And the Arts At The Information Security Seminar, Suntec Singapore International Convention & Exhibition Centre
Opening Address By Mr Lui Tuck Yew, Acting Minister For Information, Communications And the Arts At The Information Security Seminar On 22 March 2010, 9.05am, At The Suntec Singapore International Convention & Exhibition Centre
Mr Peter Ho
Mr Gerard Tan
Ladies and Gentlemen,
1. Good morning. I am pleased to join you today for the Information Security Seminar.
Global Infocomm Security Developments
2. Today, infocomm technology is ubiquitous. Everyone is connected and contactable. We receive constant updates on our friends and likewise, some of them will help to provide constant updates on us. Online business transactions have become a way of life. But the more connected we are in cyber space, the greater the emphasis we need to place on security measures to protect ourselves - from malicious attacks, identity theft to cyber fraud.
3. Computer hackers are getting more organised and cyber attacks more targeted. In recent times, hackers have seen how popular social networking sites are, and they have often targeted such sites for data theft through malware and social engineering techniques. There are also syndicates that systematically steal credit card information and banking credentials online. These stolen data and the tools to attack these sites are then traded in the black market for profit.
4. Cyber attacks can affect anyone, any organisation and any country. South Korea and the United States were struck by sustained distributed-denial-of-service (DDoS) attacks in July last year, disrupting infocomm services in the public and private sectors. More recently, the Google incident has demonstrated that attackers can steal important information by targeting selected victims and exploiting system weaknesses. Emails or instant messages that appeared to come from trusted colleagues and friends were combined with malwares exploiting vulnerabilities of common applications.
5. Such cyber attacks have profound impact on organisations and businesses. The 2010 Symantec State of Enterprise Security Study showed that 75% of businesses worldwide experienced cyber attacks in the past year. Singapore is not immune to such attacks. Two thirds of our businesses have encountered cyber attacks in the same duration. The study also revealed that 42% of businesses globally rated cyber crime as the greatest threat to their well-being, higher than the threat from natural disaster, terrorism and traditional crime combined. According to a recent McAfee study, more than 800 businesses from around the world have estimated that they lost data worth a total of $4.6 billion, and spent about $600 million cleaning up after breaches.
Singapore's Approach to Infocomm Security
6. Singapore is therefore mindful of the potential threats and has made concerted efforts to enhance infocomm security. At the national level, we have in place our Infocomm Security Masterplans. Under the leadership of the National Infocomm Security Committee, these plans were developed in consultation with various public and private organisations. These plans factor in the needs and priorities of government, businesses and citizens. More importantly, we adopt a collaborative approach towards managing infocomm security risks among the public, private and people sectors.
Securing the Internet Infrastructure
7. Under our second Infocomm Security Masterplan, we have introduced more programmes to manage infocomm security. Firstly, we are looking to enhance the security of Singapore's Internet infrastructure. Across the world, Singaporeans are among the most highly connected to the Internet. According to the Annual Survey on Infocomm Access in Households by IDA for 2009, 81% of our households have Internet access. In another IDA survey on Infocomm Usage by Enterprises for 2009, 78% of enterprises use computers and of these, 96% of them use the Internet. It is thus critical that we have a secure and trusted internet infrastructure. IDA is working with the Internet Service Providers (ISPs) on a Code of Practice to set specific security controls and outcomes to ensure that a sound level of baseline security is in place to deal with current and emerging cyber threats. Feedback from ISPs is being gathered to align their infocomm security plans with the implementation of the Code. This Code will be issued by the third quarter of this year under the telecommunications regulatory framework.
8. In addition, the sharing of infocomm related security information among ISPs will also be established through IDA's co-ordination. This will improve the level of early warning to emerging threats and enable timely pre-emptive actions.
Securing the Public Sector
9. Secondly, the Government will be further strengthening public sector capability to mitigate security threats by fine-tuning policies, adding more advanced technical controls as well as building deeper competency.
10. With the need to address evolving risks and cyber security threats, it is important that decision makers, and security managers get the most accurate information to make timely and informed decisions. The Government aims to leverage business analytics technologies to analyse various security information to obtain actionable insights so that tactical and strategic decisions can be made more effectively.
Enhancing Infocomm Security Awareness and Adoption
11. Thirdly, we want to raise infocomm security awareness and adoption. Enterprises are becoming increasingly mindful of the importance of having the appropriate infocomm security measures at their workplace. According to the Annual Infocomm Usage by Enterprises Survey by IDA for 2009, 67% of enterprises have virus checking or protection software. We still need to encourage the others to adopt infocomm security measures. For those already doing so, they need to keep their protection measures updated. As a result, the Cyber Security Awareness Alliance was formed through a partnership of like-minded organisations, with the objective to build a positive culture of cyber security in Singapore.
12. Through the Alliance, the collective resources and outreach channels of the partners are harnessed to reach out to different target groups such as students, home-users and SMEs. For example, the National Crime Prevention Council, together with the Alliance, is developing a 'Virtual Cyber Security Park' akin to the Road Safety Park to promote the learning of good infocomm security practices among students. It enables students to learn about various facets of cyber wellness safety and security through fun and educational online games.
13. As part of this Information Security Seminar, the Alliance has organised a half-day programme for polytechnics and university students to help them learn more about sound infocomm security practices from industry leaders and professionals. In reaching out to the community-at-large, the Alliance is leveraging the increasing popularity of social networking platforms to create interest groups for sharing cyber security tips and best practices. Even hobby groups such as those for photography enthusiasts could be used. Infocomm security practices can, for example, be incorporated into the learning of digital photography software.
14. Changing behaviour and habits require security messages to be continuously reinforced. To this end, the Alliance will also organise events throughout the year, tapping established events such as today's seminar, trade associations networking sessions and SiTF outreach events.
15. In summary, the challenge is global and complex. Attacks can happen anytime, anywhere and to anyone. Infocomm security is a shared responsibility. I am therefore encouraged to see users, businesses and organisations coming together to put in place measures to manage the risks and meet the challenges.
16. On this note, I wish you a fruitful seminar. Thank you.
- Infocomm Security in the Government - Speech By Mr Peter Ho, Head Of Civil Service, And Chairman, National Infocomm Security Committee, At The Information Security Seminar On 22 March 2010, 9.20am, At The Suntec Singapore International Convention & Exhibition Centre
- Media Release - Strengthening National Preparedness To Mitigate Cyber Threats