Be aware of scammers impersonating as IMDA officers and report any suspicious calls to the police. Please note that IMDA officers will never call you nor request for your personal information. For scam-related advice, please call the Anti-Scam helpline at 1800-722-6688 or go to

Infocomm Security - Going Offline is NOT an Option

Mr Khoong Hock Yun, Assistant Chief Executive, (Industry) Infocomm Development Authority of Singapore Keynote Speech - Cisco Security Summit, Suntec Convention & Exhibition Centre

Mr Khoong Hock Yun, Assistant Chief Executive, (Industry)
Infocomm Development Authority of Singapore
Keynote Speech - Cisco Security Summit, Suntec Convention & Exhibition Centre
Singapore, 14 April 2004

Good Morning,
Distinguished Speakers,
Ladies and Gentlemen.


1. Thank you for inviting me here today. Many economies today have been greatly transformed both economically and socially by information and communications technologies (ICT). With easy access to information and increased information flows, companies and industries are able to make better and more informed business decisions. Productive capacity and international competition have also risen due to the reduction in transaction costs involved in the production and exchange of goods and services1.

2. Undeniably, one of the main drivers of this revolution is the Internet. According to a report by research firm, Gartner, business-to-business (B2B) ecommerce transaction in Singapore for 2002 was an impressive S$106.5 billion.

Increasing Cyber Attacks

3. As more businesses go online to capitalize on the potential of the Internet, we can expect a corresponding increase in the number of cyber attacks. According to TruSecure's ICSA labs2, the number of vulnerability probes per IP address per day almost doubled from 13 in Dec 2001, to 23 per IP address per day in January 2003. Vulnerability probes are attempts to collect information or compromise source. This is often done maliciously by sending packets through the computer network. One common analogy to this is like a thief knocking on every door of a HDB block of flats to find out which one is open. In January 2001, 135 Remote Access Trojans or (RATs) were planted daily in computers. This has more than doubled to 290 in January 2003.

4. In terms of damage caused by these cyber attacks, the MyDoom worm, for example, has caused worldwide havoc and wreckage at an estimated cost of US$38.5 billion dollars. This is in terms of overtime payments, contingency, loss of business, bandwidth clogging, productivity-erosion ,management time re-allocation, cost recovery and software upgrades.

5. To help businesses monitor and address cyber attacks, IDA had set up a Singapore Computer Emergency Response Team (SingCert) as a one-stop centre for security incident response in Singapore. This centre facilitates the detection, resolution and prevention of security related incidents on the Internet. SingCERT broadcasts alerts, advisories and security patches to its members. For those of you interested in this, you can subscribe to the mailing list via the SingCERT's website (

Enabling Security in Transactions

6. With the rise in electronic transactions, appropriate policies and regulations, infrastructure and programmes need to be put in place to assist the businesses to conduct secured transactions on an open platform.

7. In the area of policy and regulation, the Electronic Transactions Act (ETA) was enacted in 1998 to provide a legislative framework for electronic transactions in Singapore. It gives legal recognition, predictability and certainty to transactions conducted over the Internet. It also promotes the development of secure electronic commerce by setting out the supporting legal infrastructure for a Public Key Infrastructure (PKI). The PKI lays the foundation for a trusted and secure environment in electronic commerce.

8. To stay aligned with international developments, Singapore is currently reviewing possible amendments to the ETA to keep our law robust and relevant. In February this year, IDA and the Attorney General Chamber (AGC) issued a joint consultation paper on electronic contracting issues. This is the first stage in a three-stage public consultation exercise that will be carried out over the course of the year.

9. Recently, the Ministry of Home Affairs has also amended the Computer Misuse Act to empower persons or organization to take the necessary steps towards preventing security breaches on national security, essential services, defense or foreign relations to Singapore. This amendment is important because many of our critical services like water, electricity, gas, telecoms and transport have also become dependent heavily on computer networks and information systems. We cannot afford to have these being tampered with because what is at stake is not only the smooth running of our economy and also our national security! This move is significant as it underlines Singapore's resolve in remaining a trusted hub.

Enabling Cross Border Transaction

10. We do not spend money on security for its own sake. Companies want a secure and trusted environment to help themselves and their clients to conduct more businesses over the internet, within the national boundaries and across borders. Appropriate infrastructure needs to be put in place to provide this trusted environment.

11. In this area, efforts have been made, beginning with 3 member countries, Japan, Korea and Singapore, of the Asia Public Key Infrastructure or (PKI) Forum, with Singapore's representation being led by the industry and supported by IDA. The aim of the Asia PKI Forum is to harmonise cross border regulation, facilitate interoperability as well as develop potential applications. The need to interoperate with these countries with the aim to promote and conduct safe and secure electronic transactions cannot be over emphasized. Today, there are 9 member countries and they include Hong Kong, China, Korea, and Thailand amongst others.

12. To facilitate cross border electronic transactions, the Asia PKI Forum recently released a set of technical guidelines that list all the technical criteria needed before a Certified Authority (CA) can interoperate with another CA from another country. This guideline was the result of intensive testing conducted by Chinese Taipei, Japan, Korea and Singapore over a period of 2 years. With these technical guidelines, the participating countries will technically recognize and accept digital certificates issued by other participating countries and this will greatly expedite the business transactions carried out across borders.

13. Another area of development in PKI is in the area of Electronic Certificate of Origin (ECO). This is a fully electronic and paperless system for granting exporters the ECO for goods exported. A world's first, the ECO was developed through the joint efforts of Singapore Confederation of Industries, the Chinese and Indian Chambers of Commerce and Industry, the Singapore International Chamber of Commerce and CrimsonLogic, a local company, to ensure data security and authenticity.

Developing the Infocomm Security Sector

14. Besides putting in place efforts to create a secure and trusted business environment, we also have to look at building capabilities in the area of Infocomm security. IDA launched the SAFE (Securing Assets for End Users) programme last year. This is with the aim to further catalyse the growth of Singapore's infocomm security which according to IDC is poised to grow at a Compound Annual Growth Rate of 27% from US$165 million in 2003 to US$430 million in 2007. More specifically in the area of Identity Management, we had an open invitation or Call for Collaboration (CFC) to industry partners to collaborate and develop end to end solutions in this area. We have received proposals in the area of Finance, Logistics and Retail and we will keep you updated on the results of CFC and what's next in terms of Infocomm Security development.

15. In closing, it has been said that the best defense against these cyber crimes is to go offline completely! However, with the increasing amount of dependency businesses have on the internet as a source of information and as another means of distribution, coupled with the vast potential that the internet holds for businesses, this option of getting off the internet bandwagon is completely nonsensical. We simply do not have the luxury of going offline! As such, I hope all of you in the audience will take a proactive approach to securing your businesses and that each and everyone of you will make Infocomm Security your concern.

16. With that, I would like to wish you an enjoyable conference ahead. Thank You.


1 Ecommerce and Development Report 2003 by United Nations Conference on Trade and Development (UNCTAD) Secretariat.

2 International Computer Security Association Labs