Singapore’s Cybersecurity Landscape

Singapore’s Cybersecurity Landscape

Presented by:

Dr Lee Shiang Long

Leader

SAEng Expert Group on Cyber Security

With the advent of Smart Nation, Cybersecurity is a key technological component of the stack – it will protect the data, systems and communication platforms that will make Singapore smart. At the same time, Singapore as a sovereign nation needs protection from malicious cyberactors. Finally, there is global market demand for Cybersecurity solutions which Singapore can fulfil with homegrown IP. There are a few components required to achieve these goals related to the Cybersecurity domain – Operational Capabilities, R&D and Education.

The first is addressed by the Cyber Security Agency (CSA) setup at the national level to guide policy and make system-level recommendations for various important operational domains. CSA is closely coordinated with IDA, other relevant government agencies and the industry sector to realise the full value of its policies and recommendations across Singapore’s ecosystem, both governmental and private. It will ensure that systems deployed in Singapore have the appropriate security built into them, and it will also manage any relevant incidents at the national level. CSA’s Cyber Security Awareness and Outreach programme aims to augment existing outreach channels and explore new avenues that offer wider coverage and reach to users, such as broadcast media. In addition, the National Cyber Security Masterplan 2018 will also include initiatives to facilitate information sharing between the government and private sector, as well as collaborations with industry and trade associations to promote Cybersecurity.

Singapore’s local Cybersecurity R&D ecosystem itself is growing and going from strength to strength. Singapore has invested increasingly in R&D over more than two decades and this is expected to continue. Under the Prime Minister’s Office, NRF recently started the National Cybersecurity R&D Programme which aims to fund Singapore’s research performers and develop expertise in Cybersecurity and improve cyberinfrastructure with an emphasis on security, reliability, resiliency and usability. There are research-performers in Cybersecurity across A*STAR, universities and polytechnics. NTU’s Cyber Security Laboratory was inaugurated in March 2013, and comprises faculty members from the School of Computer Engineering in NTU. The main research of the Cyber Security Laboratory is in the domains of Network Security, Software Security, Web Security and Forensics and Biometrics. Researchers in the Cyber Security Lab study collaborative security, security protocols, mobile security, collaborative intrusion detection networks, web application security, forensics and biometrics. Research is focused on integrating new knowledge and technology to provide law enforcement and security agencies with automatic devices and capabilities to improve prevention, detection and solution of crimes, and acts of terrorism. NUS research in this domain covers software security, systems security, cryptography and privacy. Research of their faculty members have had research impact on various emerging aspects of security including quantum and applied cryptography, systems security, network & web security, mobile security, language-based security, hardware security and distributed systems security. A*STAR-I2R has two departments researching this domain, strategically focused on Cyberphysical Security and Cyberforensics & Intelligence. It has setup joint-labs with Sopia Steria and ST Info-Security for Cybersecurity R&D. One aspect that could make Cybersecurity R&D in Singapore even more effective and impactful would be better access to real operational data. This would allow for local R&D to create solutions that can make commercial impact on the global stage.

With regards to Education, the relatively stretched local talent pool in the domain of Cybersecurity is a well-known challenge for Singapore’s education ecosystem. One of the key prongs of the National Cyber Security Masterplan 2018 is to grow Singapore’s expertise in Cybersecurity. Accordingly, IDA has been working with educational institutions to incorporate infocomm security courses and degree programmes into their curriculum and offer more scholarships to specialise in Cybersecurity. 30 post graduate scholarships have been introduced for those who wish to carry out research in Cybersecurity. The programme, co-developed by IDA and NRF, will help Singapore develop a pool of post-graduate researchers and technologists to meet the needs of a growing cybersecurity R&D community. Many institutes of higher learning have also stepped up to the plate to offer new infocomm security programmes. The Singapore Institute of Technology (SIT), for example, will launch Singapore’s first undergraduate Information Security degree programme. NTU has also introduced an Information Security specialisation as part of its undergraduate programme. NUS offers a specialisation in Information Security under its Computer Science and Information Systems programmes. AISP and ISS have launched the AISP Qualified Information Security Professional course. NEC and EDB have made a multi-year agreement to build strategic capabilities in cybersecurity through EDB’s Strategic Attachment and Training (STRAT) Programme. Singapore Polytechnic’s Cyber Security Academy and Singapore Technologies Electronics and Engineering’s DigiSAFE Cyber Security Centre will provide training and skills-upgrading opportunities.