24 July 2013 - Speech by Dr Yaacob Ibrahim, Minister for Communications and Information, at the Information Security Seminar 2013, 24 July 2013, 9.00am, at Marina Bay Sands Convention Centre
Speech by Dr Yaacob Ibrahim, Minister for Communications and Information, at the Information Security Seminar 2013, 24 July 2013, 9.00am, at Marina Bay Sands Convention Centre.
"Security of Our Cyber Environment - Looking to the Future"
Mr. Wally Lee,
President, Association of Information Security Professionals
Ladies and Gentlemen,
1. It is my pleasure to join you today for the Information Security Seminar 2013.
Infocomm Creates a Nation of Connected People
2. With widespread use of infocomm technology by both businesses and individuals, Singapore is a nation of connected people. The World Economic Forum's Global Information Technology Report 2013 ranked Singapore second, out of 144 economies in its Network Readiness Index. Our businesses are plugged online into the global marketplace and our people enjoy digital lifestyles. According to the International Telecommunication Union, the percentage of Singaporeans using the Internet has more than doubled from year 2000 to 2012, from 36 to 74 per cent!
Challenges to Security in Cyber Space
3. In today's converging media landscape, the Internet has become a platform that is susceptible to attacks. These attacks are multifaceted and extremely challenging to defend, particularly with the emergence of sophisticated Advanced Persistent Threats (APTs) and cyber espionage operations. The recent defacement of websites belonging to a Singapore healthcare company during the haze highlights how vulnerable we are to cyber-attacks. Cyber-attacks also disrupt the operations of key infocomm infrastructure.
4. Cyber-attacks are also increasingly targeting small and medium enterprises or SMEs; stealing data, spreading misinformation or disrupting services. Social engineering attacks have also evolved from the targeting of individuals to "watering hole" attacks, which involves compromising SME websites and targeting site users. The rise of sophisticated cyber-attacks is also exacerbated by a worldwide shortage of highly-skilled infocomm security professionals.
5. We also need to be more vigilant and protect ourselves from cyber threats. According to McAfee's 2012 State of Security Survey, about a quarter of business respondents in Singapore did not test their incident response plans or rehearse incident response scenarios after a security breach. McAfee's Digital Assets survey 2013 further found that while seven in 10 Singaporeans were familiar with security dangers threatening their digital assets, nearly the same proportion did not have any security software installed on their smartphones and close to 90 per cent did not protect their tablet devices!
6. It is thus vital for the Government, businesses, and us as individuals, to be more vigilant and further strengthen the security and resilience of Singapore's infocomm infrastructure and systems. Given our heavy reliance on infocomm, Singapore needs to build up our pool of infocomm security professionals and develop their competencies. Only then can we better mitigate cyber threats and provide a trusted and secure online environment for businesses and individuals.
A Secure Cyber Environment for a Better Quality of Life
7. We need to work in partnerships across the public, private and people sectors. The first Infocomm Security Masterplan or ISMP was implemented from 2005 to 2007, to initiate Singapore's coordinated approach towards a secure environment by equipping the public sector with capabilities to mitigate cyber threats.
8. The ISMP was succeeded by a five-year Infocomm Security Masterplan that widened its focus to include critical infocomm infrastructure. Initiatives under this masterplan include the running of cyber security exercises for key industry sectors like Finance and Telecommunications, as well as the rolling out of an Internet Infrastructure Code of Practice for designated Internet Service Providers.
9. We need to ensure that Singapore remains prepared for the challenges that will come our way. I am pleased therefore, to announce today, the launch of the five-year National Cyber Security Masterplan 2018 which aims to develop Singapore as a trusted and robust infocomm hub by 2018.
10. The National Cyber Security Masterplan will focus on three key areas. First, the masterplan will enhance the security and resilience of critical infocomm infrastructure or CII. This includes a CII Protection Assessment Programme to identify vulnerabilities and gaps to facilitate the strengthening of our CII against complex cyber threats. National cyber security exercises will continue to be conducted for critical industry sectors over the next five years, with the addition of new cross-sector exercises. For the public sector, the existing Cyber Watch Centre and Threat Assessment Centre will both be upgraded for improved detection and analytical capabilities.
11. The second area of focus is to increase efforts to promote the adoption of appropriate infocomm security measures among individuals and businesses. The Infocomm Development Authority of Singapore, or IDA, will continue to reinforce cyber security awareness through online platforms, road shows, educational and current affairs programmes. Collaborations with industry and trade associations will also take place to promote cyber security and share cyber threat information.
12. The third focus area of the Masterplan aims to grow Singapore's pool of infocomm security experts. Demand for cyber security expertise is expected to grow exponentially. As of 2011, there were only 1,500 IT security specialists in Singapore - just 1 per cent of the total infocomm industry manpower. I am heartened that the IDA will be working with Singapore's Institutes of Higher Learning to incorporate infocomm security courses and degree programmes into the curriculum. IDA will also work with industry partners to attract and retain such skilled professionals in Singapore.
13. Adopting a collaborative approach across the public, private and people sectors, the Masterplan will enhance the security of Singapore's critical infocomm infrastructure and address the security of businesses and individuals. This will create a truly robust infocomm ecosystem and improve our quality of lives.
Promoting Infocomm Security Awareness
14. Today, we also mark Cyber Security Awareness Day – themed "Security at Home and in the Workplace". It is championed by the Cyber Security Awareness Alliance jointly led by IDA and the Singapore Infocomm Technology Federation. This year's Awareness Day – in its third year, received more than 674,000 pledges to date, from individual and businesses to secure both their devices and online identities. The Alliance is also launching a new mobile application by end 2013 to promote public awareness and adoption of appropriate cyber security practices. I hope everyone will continue to adopt safe and secure practices at home and at the workplace.
15. This year also saw the inaugural National Infocomm Security Competition, where more than 300 submissions were received. Apart from enhancing security awareness, the competition recognises individuals from all walks of life, for their ideas and contributions towards raising the adoption of infocomm security best practices. I would like to congratulate all winners and I look forward to a robust participation in the competition next year as well.
In our quest for a secure, national infocomm environment, we must go beyond having a set of strategic national capabilities. With rapid changes in the cyber threat landscape; and infocomm security now a shared responsibility, I am confident we can work together to create new capabilities, develop greater awareness, and adopt good cyber security practices. This way, we enhance our quality of life with a secure and trusted cyber environment.
17. In this spirit of collaboration, I wish everyone a most fruitful seminar ahead. Thank you.