26 Aug 2014 - Opening Address by Dr Yaacob Ibrahim, Minister for Communications and Information, at the Infocomm Security Seminar 2014, on Tuesday, 26 August 2014, 9.10am, at Peony Ballroom 4503, Level 4, the Marina Bay Sands Convention Centre.
Opening Address by Dr Yaacob Ibrahim, Minister for Communications and Information, at the Infocomm Security Seminar 2014, on Tuesday, 26 August 2014, 9.10am, at Peony Ballroom 4503, Level 4, the Marina Bay Sands Convention Centre
Mr Lim Chuan Poh
Chairman National Infocomm Security Committee
Mr Leong Keng Thai and Ms Shirley Wong
Co-chairs of the Cyber Security Awareness Alliance
Mr Wally Lee, President, Association of Information Security Professionals (AISP)
Ladies and Gentlemen
1. It is my pleasure to join you today for the Information Security Seminar.
2. Large-scale cybersecurity breaches have made headlines and raised public concerns. Prominent victims have included Target, the giant American retailer, which revealed last December that hackers stole millions of data including credit and debit card details of its customers. According to a Financial Times report, the discovery of the “Heartbleed” bug left two-thirds of the world’s websites vulnerable to cyber attack. Cyber security breaches also have grave national security implications. Last year in March, South Korea experienced a massive cyber-attack where the networks of its banks and broadcasters were nearly paralysed. The operation, dubbed “Dark Seoul”, affected many South Koreans as they were unable to withdraw money from ATMs.
3. Of course, we hope that incidents like these are not repeated here but we need to remain vigilant. It has become all the more important to ensure the security of infrastructure and systems. Governments, businesses, manufacturers and consumers must guard against data leakage, unauthorised access to corporate resources and malware attack against their networks. We need to pay attention to our efforts to promote the adoption of appropriate infocomm security measures among individuals and businesses.
4. The impact of a fall out from a cyber threat has implications not just for businesses’ bottomlines but also their reputations. Even as organisations take steps to secure their systems against these threats, they also need to pay attention to their suppliers’ level of cyber security. Vulnerabilities to the suppliers’ IT systems could potentially lead to the theft of client data entrusted to them, or worse, provide a pathway for attackers to gain access to their clients’ IT systems. Organisations must protect their own interests by ensuring that their suppliers meet accepted standards of cyber security. The public sector has, for a start, extended its best practices on internal risk management and cyber security to its suppliers.
5. We need to grow Singapore's pool of infocomm security experts and build their capabilities. The biggest growth in manpower requirements will be in the areas of security operations, security engineering and technology. Apart from dedicated cybersecurity experts, other ICT professionals in areas like network engineering and application development are also needed in defending network infrastructure or applications from ever-increasing cyber threats. Our infocomm security experts need to be able devise ways to detect and deter ever-evolving attack methods, and also administer appropriate IT security governance for organisations.
6. IDA will be doing a number of things to improve cybersecurity expertise in Singapore at different levels. Firstly, we will look into increasing the number of cybersecurity professionals in Singapore at both degree and diploma levels. Secondly, we will help to enhance the skills of ICT professionals who may not be cybersecurity experts, but nonetheless need to understand and deal with the evolving threat landscape they operate in. Finally, we will do more to help develop a pool of postgraduate researchers and technologists to meet the needs of a growing cybersecurity R&D community that is interested in finding solutions and creating tech products in this space.
7. Our Institutes of Higher Learning are stepping up to offer specialised training in cybersecurity. I am pleased to announce that the Singapore Institute of Technology (SIT) will be launching Singapore’s first undergraduate Information Security degree programme in September 2015. Students from SIT will get a chance to pick up practical skills from host organisations through an integrated Work-Study scheme. The Nanyang Technological University (NTU) has also included an information security specialisation programme as part of its undergraduate curriculum since August. I am encouraged to learn that more than 30% of the final year cohort has opted for this programme, paving the way for more graduates to join the infocomm security workforce annually.
8. As we create pathways for those to join the sector, IDA has also established on-the-job training and attachment programmes together with industry partners such as KPMG and OCBC to provide real-life training and experiences. From next year, those with the interest and talent who wish to further their studies and carry out research in cyber security can apply for postgraduate scholarships. This scholarship programme, co-developed by IDA and the National Research Foundation (NRF), will sponsor more than 30 postgraduate candidates.
9. Apart from cybersecurity experts, we need to raise the security skills of other ICT professionals in technical roles such as maintaining network infrastructure. Earlier this year, Singapore Polytechnic launched a Cyber Security Academy and Singapore Technologies Electronics and Engineering opened a DigiSAFE Cyber Security Centre. These facilities will provide job opportunities for those interested in a career change as well as upgrade the skills of existing personnel in technical roles.
10. At the same time, we will continue to secure our systems against attacks and vulnerabilities. As technology and risks evolve, our security measures need to stay updated. In the public sector, we will enhance the security and resilience of our critical infocomm infrastructure. We are upgrading the Cyber-Watch Centre by January 2015 to strengthen the Government’s detection and analytical capabilities. This upgrade, will allow us to better monitor government websites and inspect if there are malicious activities, which could affect access to online public services. In addition, the Government will appoint Chief Information Security Officers to strengthen the infocomm security governance in government agencies. The IDA will also be setting up a Monitoring and Operations Control Centre to provide the Government with a full suite of capabilities to guard against security threats and respond to them in a timely manner.
11. The resilience of our cyber-infrastructure is everyone’s responsibility. This year’s Cyber Security Awareness Campaign, “Think before You Click!”, will reinforce the security awareness messages and the need to take personal and workplace responsibility by adopting secure online practices. The GoSafeOnline.sg portal offers cyber security tips for individuals, and information that caters to the needs of organisations particularly for small and medium sized enterprises (SMEs) looking to embrace mobility at work. IDA will also continue to work with partners, such the Cyber Security Awareness Alliance, Singapore Infocomm Technology Federation and Association of Infocomm Security Professionals to reach out to the community and businesses. It requires everyone’s cooperation to ensure that our infrastructure is robust against vulnerabilities and attacks.
12. This year’s seminar provides us the opportunity to discuss, debate and find solutions to mitigate cyber threats, and provide a trusted and secure online environment for individuals and organisations in a constantly changing environment. On this note, let me wish everyone a rewarding and fruitful conference.
13. Thank you.