13 July 2010 - Speech By Mr Peter Ho, Head Of Civil Service, At The Conference On Regional Collaboration In Cyber Security On 13th July 2010, 11.30am, At The Shangri-La Hotel
Speech By Mr Peter Ho, Head Of Civil Service, At The Conference On Regional Collaboration In Cyber Security On 13th July 2010, 11.30am, At The Shangri-La Hotel
"Collaboration is Key for Effective Cyber Security"
1. I am pleased to join you today at this conference, which has drawn strong international participation from both the public and private sectors. This surely reflects the growing importance of cyber security.
Growing Dynamism of the Cyber Security Landscape
2. Cyber security is becoming challenging. Cyber threats are constantly changing. The sophistication of these threats is on the rise, posing huge problems for all of us who need to defend against these threats. It is an asymmetrical situation because the defender has to deploy far more resources than the attacker. An example is the Advanced Persistent Threat, or APT for short.
3. Earlier this year, Google revealed that it had been attacked by APTs. APTs are designed to stay undetected in order to gather information over a prolonged period of time. A successful APT attack would allow attackers to gain access into the network of a targeted enterprise. Once inside the network, attackers are able to plant malware or to pilfer sensitive information. McAfee's 2010 Threat Predictions report assessed that such attacks against individuals, corporations and government institutions can be expected to increase.
4. The threat of large scale cyber attacks, such as wide-spread Distributed Denial-of-Service (DDoS) attacks, poses a clear and present danger. Last year, the websites of the South Korean and the US governments came under DDoS attacks. Even technologically advanced nations are not immune from the threat of debilitating cyber attacks.
5. It does not help that there is an "underground" economy in which toolkits to develop malware are sold online. The Symantec Global Internet Security Threat Report, released earlier this year, observed that the availability of these malware toolkits has lowered the barrier for even novice cyber hackers to launch attacks.
6. Infocomm technology and the growing inter-connectivity of the Internet have brought enormous economic and social benefits to the world. Individuals are now more in touch with one another through social networking platforms such as Facebook and Twitter. At the organisational level, most of our work is accomplished with the support of infocomm networks and systems. With the emergence of cloud computing, our reliance on infocomm network connectivity will increase. However, this dependency also makes us vulnerable to attacks in cyberspace.
7. So there is no room for complacency in cyber security. Either we invest to fortify our cyber security, or we end up paying a lot more in the event of a damaging cyber security incident. According to another recent McAfee study of 600 executives across 14 countries, the cost of downtime caused by major cyber attacks is estimated to be US$6.3 million per day.
Collaboration as Impetus to Enhance Cyber Security
8. While the inter-connectivity of our networks has greatly enhanced business efficiency and effectiveness, it is also easier for cyber threats to spread rapidly across the inter-connected networks. Cyber security should not be just seen as a cost of doing business. Instead it should be seen as a strategic business enabler. By putting in place appropriate cyber security measures, we can continue to enjoy the benefits of enhanced business efficiency and effectiveness while keeping cyber threats at bay. Strong cyber security can be a competitive advantage.
9. The inter-connectivity of our networks also underlines the importance of collaboration in enhancing cyber security. Malware, such as worms, that originate from one country can very quickly spread online to other countries. Cyber attacks are very often transnational in nature. Nations need to work together in countering them.
10. Hackers work together to roll out more sophisticated threats. An example is the Conficker worm, which has impacted many systems all over the world. Conficker worm is highly agile as multiple variants of the worm were launched in quick succession. The Conficker worm was created by a collaborative network of highly-skilled hackers. It takes a network to fight a network. To counter threats such as the Conficker worm, cyber defenders and like-minded partners should work together, as a network, leveraging on the combined resources and collective capabilities of the cyber security community.
11. Collaboration is a key impetus to enhancing cyber security as it creates opportunities for partners to build on and complement the strengths and capabilities of one another. This will not only enhance the cyber security of individual organisations, but also lead to an improvement in the overall cyber security posture.
Cyber Security Collaboration in Singapore
12. Singapore has always been mindful of the importance of collaboration in cyber security. Our national cyber security efforts are guided by the Infocomm Security Masterplans. The first Infocomm Security Masterplan was launched in 2005. This was a significant milestone as it marked an important step forward in cyber security through the adoption of a national and coordinated approach towards cyber security.
13. Building upon the success of the first Masterplan, the second Infocomm Security Masterplan was launched in 2008 to boost Singapore's resilience against cyber threats. We are now in the midst of implementing the second Masterplan, and the progress has been good.
14. Both the first and the second Masterplans were the result of collaborative multi-agency efforts led by the Infocomm Development Authority of Singapore, under the guidance of a high-level National Infocomm Security Committee.
15. In implementing the Masterplans, the importance of collaboration across the public, private and people sectors is emphasised. Many of the Masterplans' initiatives can only be implemented through partnership of stakeholders from the different sectors.
16. One such example is the Cyber Security Awareness Alliance, an initiative under the second Masterplan. It aims to build a stronger awareness and adoption of good cyber security practices in Singapore. Members of the Alliance comprise organisations from across the public, private and people sectors. The Alliance helps to amalgamate the different strengths and resources of various member organisations in cyber security. The Alliance also develops and runs outreach programmes.
17. International collaboration is another key emphasis, and one of the strategic thrusts in the second Infocomm Security Masterplan. With the borderless nature of cyber threats, it is important to establish close collaboration with our international counterparts.
18. Singapore has been playing an active role in promoting collaboration among the Computer Emergency Response Teams (or CERTs) of ASEAN. Each year, Singapore plans and executes the ASEAN CERT Incident Drill (or ACID). ACID aims to strengthen cooperation among CERTs in ASEAN and its dialogue partners. It serves as a platform where CERTs can practise working together under simulated cyber threat scenarios. It also helps to establish trusted relationships among the CERTS. Such trusted relationships will be valuable in dealing with cyber security incidents. More significantly, ACID provides the means to strengthen the readiness and ability of the CERTs to mount a coordinated response when dealing with transnational cyber incidents.
Conclusion
19. It is important for us to recognise that collaboration is a key impetus in enhancing cyber security. This is especially so in view of the growing dynamism of the cyber security landscape and the increasing reliance and dependency on infocomm network connectivity. It is no longer practical for an organisation or even a nation to deal with cyber threats effectively on its own. Collaboration provides a springboard for us to achieve a more secure cyber security posture as a whole.
20. At this conference, you will get to hear different perspectives on cyber security strategies, solutions and collaboration approaches. I hope that you will get to meet like-minded partners and identify opportunities for collaboration. Working together, we can strengthen cyber security and make our world a safer place.
21. On this note, I wish you an engaging and fruitful conference.
Thank you.