29 June 2005 - Keynote Address By Dr Lee Boon Yang, Minister for Information, Communications & the Arts At The 17th Annual First Conference, The Shangri-La Hotel Singapore, Tower Ballroom.
Keynote Address By Dr Lee Boon Yang, Minister for Information, Communications & the Arts At The 17th Annual First Conference on 29 June 2005, The Shangri-La Hotel Singapore, Tower Ballroom.
Ladies and Gentlemen,
1. I am pleased to be here today at the 17th Annual FIRST Conference held for the first time in Asia. I understand the FIRST Conference is an important annual conference that brings together computer security incident response teams and IT professionals from government, commercial, and educational organisations globally. This event provides an important platform for the exchange of experiences, expertise, ideas and valuable security insights between experts and peers on managing cyber threats in today's digital and connected economy. Singapore is indeed proud to be the host this year and I warmly welcome all participants especially those who come from distant countries.
The Global Cyber-Environment Today
2. The global environment today is far more connected and complex than ever before. In the past decade, rapid advances in Infocomm Technology (ICT) had transformed the way businesses operate and the way we live, work and play.
3. Increased connectivity has brought about benefits for business and also individuals. But it has also resulted in a surge in cyber security incidents. Malicious codes once sent out are able to multiply and spread at an incredible pace. Both businesses and internet users are faced with increasingly sophisticated cyber threats such as phishing, botnets, spyware and adware. These cyber threats are a cause for concern by everyone. They undermine our ability to protect personal data and financial information online. The most recent example is the security breach at the United States-based credit card processing company CardSystems Solutions, where the credit card database was compromised by a hacker trying to steal credit card information. This was a very significant security breach in the US which has affected credit cardholders worldwide, including in Japan, Hong Kong, Australia and Singapore. This incident potentially exposed up to 40 million credit card accounts worldwide, including 20,000 Singaporeans. Fortunately for Singaporean card users, the impact has been minimal with only a small number of fraudulent transactions detected up to now. Such damaging cyber attacks have an adverse impact on businesses where loss of productivity can amount to billions. Internet users therefore need to be more infocomm savvy and ready to cope with the dangers faced in the cyber environment. Financial institutions also have a role to play. The Monetary Authority of Singapore's Internet Banking and Technology Risk Management Guidelines outline the diversity and complexity of internet banking systems and actions which financial institutions should take to manage these risks and exposures. All financial institutions operating in Singapore are well-advised to comply with these guidelines.
4. In this new environment, there is no room for complacency on the part of anyone. Any organisation or company's network may well become the next target. The only protection is to deploy effective and vigilant network security measures in anticipation of attacks by hackers and other cyber criminals.
International Collaboration is Key
5. Given the borderless world of cyberspace, international collaboration is key to dealing with this issue of cyber security. Cyber security is an issue that needs to be tackled in a collective manner by all countries. Attacks by malware and other viruses over the past year have affected a large number of computers networks across the globe, causing significant worldwide productivity losses. These attacks reinforced the urgency for network operators to be part of a larger global community to tackle cross-border cyber threats. It is increasingly important that countries work together and build strong collaborative response systems to address cyber security issues.
6. In ASEAN, we have taken significant steps to monitor and respond to cyber threats. For the past few years, Singapore has actively collaborated and assisted several ASEAN partners to jumpstart the creation of their own Computer Emergency Response Teams (CERT). I am happy to note that 8 out of the 10 ASEAN members states have established their CERTs. These CERTs while responding to their national cyber-threats will also engage in frequent exchange of experience, ideas and also take time to explore opportunites for collaborations to curb cyber threats.
Singapore's Efforts to Curb Cyber Threats
7. In February this year, Singapore announced a three-year Infocomm Security Masterplan which is part of our national security strategy to address cyber security and cyber terrorism. We need to be more well-informed about cyber threats and be equipped with up-to-date cyber security measures so as to prevent the damage and losses caused by cyber criminals.
8. Under this Masterplan, the National Cyberthreat Monitoring Centre, or NCMC in short, has been set up as a national resource to safeguard Singapore's cyber security as well as provide focused tracking of cyber threats. Besides the round-the-clock monitoring of critical networks, the centre will provide regular in-depth analysis of cyber threats by incorporating information and findings from all available sources. The NCMC will provide latest trends in cyber threats so that we can better respond to, and even pre-empt future attacks.
Enhancing Cyber Security through a 3P (People-Private-Public) Partnership
9. Cyber security is a national concern that would require all ICT users to adopt a united front approach. This calls for a strong partnership amongst the people, private and public sectors to tackle the challenges in a holistic manner. The people sector plays an integral role in curbing cyber threats. Users must be equipped with ways to defend themselves against cyber attacks in a world of increasing on-line interactions and transactions. Proper personal firewalls for home computers and patching of operating systems are some examples of essential security know-how for internet users. To address the need for education on internet security and better equip our citizens with the necessary internet security knowledge, IDA Singapore will work with three local major internet service providers; namely PacNet, SingNet and StarHub, to educate subscribers on infocomm security issues.
Attaining Common Criteria Recognition
10. In addition, supporting systems and infrastructure are also key components in our efforts to counter cyber threats. The supporting equipment must be of a world-class standard to ensure that cyber security is not compromised. To promote the development of security products here, Singapore was the first ASEAN country to sign the Common Criteria Recognition Arrangement (CCRA) in March this year. Products with Common Criteria certification receive worldwide acceptance and gain access to markets that mandate the use of these criteria.
11. IDA is working with PSB and T-Systems to establish a National Common Criteria Certification Scheme in Singapore. Singapore will provide a cost-competitive and reliable venue for companies to obtain Common Criteria Certification for their security products. Companies that have their products Common Criteria-certified will be able to tap into the worldwide market for security solutions and systems which require this certification. This market is estimated to be worth US$2.3 Billion 1. This initiative will greatly enhance Singapore's position as an ideal test bed for infocomm technologies and solutions.
Building a Skilled Infocomm Security Workforce
12. A secure environment will not be effective without a skilled workforce equipped with the necessary competencies. To gear up against cyber threats, IDA Singapore is exploring ways of developing a larger pool of competent infocomm security professionals through industry feedback and 3P partnerships. The objective of this initiative is to transform Infocomm Security into a distinguished profession, which is similar to the accounting and legal professions, with a recognized professional body, standardized qualifications, established career roadmap and career development programmes. This will help raise our manpower capabilities and resource to build a cyber security haven, and reinforce Singapore's reputation as a trusted Infocomm Security Hub.
13. The FIRST Conference is an excellent opportunity for the exchange of ideas, information and expertise on cyber security. I am pleased to note that this year's conference also includes an ASEAN agenda for the sharing of cyber security and incident response developments taking place in member countries. Information sharing among members of FIRST and the user community is an important element in protecting ourselves from the perpetrators of cyber attacks. Cyber threats pose a real and imminent danger to our privacy, financial systems and network security. Hence, it is imperative that we cooperate to develop a global system that can respond effectively to cyber threats. Only then, can we create an environment of trust and confidence that would greatly enhance the deployment of ICT in a highly connected world of today and tomorrow.
14. On this note, I wish all participants a day of fruitful discussion at this conference.
1Estimates based on IDC's "Worldwide IT Security Software, Hardware, and Services 2004-2008 Forecast: The Big Picture"