New steps from Singapore Government to build cybersecurity capabilities in Singapore and ASEAN region in collaboration with industry
In his opening address at the 2nd ASEAN Ministerial Conference on Cybersecurity in Singapore (AMCC), Dr. Yaacob Ibrahim (above), Minister for Communications and Information and Minister in charge of Cyber Security for the Singapore government announced the signing of a Memorandum of Understanding between the Cyber Security Agency (CSA), Singapore and ISACA (Information Systems Audit and Control Association) and the establishment of new partnerships for the Cyber Security Associates and Technologists (CSAT) programme. Dr. Ibrahim also revealed that Singapore will set aside S$1.5 million of the ASEAN Cyber Capacity Programme (ACCP) to build technical capability among incident responders and operators in the ASEAN region.
The AMCC kicks off the 2nd Singapore International Cyber Week 2017, which is organised by CSA and aims to provide an integrated platform for over 6,000 international and regional policy makers, thought leaders, industry experts and visitors to forge partnerships, engage in critical dialogues and knowledge-sharing for a secure and resilient cyberspace. The theme for SICW 2017 is “Building A Secure and Resilient Digital Future Through Partnership.”
MOU with ISACA
The MOU will be signed by Mr. David Koh, Chief Executive of CSA and Ms. Theresa Grafenstine, Chair of the ISACA Board of Directors on 19 September 2017 during SICW 2017.
ISACA is a leading body for information governance, control, security and audit professionals, with members in 188 countries. Its IS (Information Systems) auditing and IS control standards are followed by practitioners worldwide.
The MOU will be in place for an initial period of three years. It is intended to facilitate collaboration on cybersecurity capability and workforce development.
In the area of capability development, the MOU will have CSA and ISACA partner on the development of the Cybersecurity Risk-Based Capability Assessment tool and the potential development of models to assess security readiness and posture of Cll (critical information infrastructure) Sectors and organisations. The assessment tool has an established model that measures the people, process and technology maturity.
In addition, CSA and ISACA will work together to enhance the competencies of professionals in Governance, Risk and Compliance (GRC) roles and strengthen cybersecurity Communities of Practice in Singapore and beyond.
CSA's collaboration with ISACA and other professional bodies is part of a larger drive to develop a vibrant cybersecurity ecosystem, consisting of strong companies, competent professionals and cohesive communities of practice for like-minded professionals.
“Globally, we are confronted with a pressing problem of a shortage of cybersecurity professionals and the government cannot grow the cybersecurity workforce and the ecosystem alone. Joint collaborations between the government and companies, professional bodies and associations serve as gateways to attract advanced cybersecurity companies with highly skilled practitioners,” Dr. Ibrahim said in his speech.
New partnerships for CSAT
CSA and Info-communications Media Development Authority of Singapore (IMDA) have established partnerships with PwC Singapore and PCS Security as part of the CSAT programme. This is part of the Tech Skills Accelerator (TeSA) initiative to train and up skill professionals with ICT or engineering disciplines to take on cybersecurity job roles through company-led training.
The CSAT programme is a joint initiative by CSA and IMDA to on-board fresh professionals and up-skill those with ICT or Engineering background and more than 3 years of working experience for cyber security job roles through On-the-Job Training (OJT) offered by private-sector companies.
The CSAT Programme aims to bridge the gap between demand and supply of cybersecurity professionals by catalysing private-sector companies to invest in the upskilling of professionals for cyber security job roles by collaborating with those that require these professionals. Specifically, this programme is structured to provide OJT for job roles that support the security assessment, operations and technology development of cyber security solutions.
The CSAT Programme consists of OJT, local and / or overseas attachment offered by industry partners, as well as in-depth training through internal and /or external courses. The trainee will acquire practical skills through projects offered and mentored by industry-experienced practitioners. The programme duration may be up to 12 months for fresh professionals (0-3 years of working experience); and up to 6 months for those with more than 3 years of working experience.
Two types of companies are suitable as training partners to offer OJT under the programme; namely user companies and cyber security service provider companies. Selected training partners must be an employer of cyber security professionals, with overall ICT security (including cyber security) staff strength in the company of at least 30; have an established Security Operations Centre (SOC); and they must be prepared to commit resources (including practical projects and mentors) to develop trainees into cyber security associates and / or technologists.
S$1.5 million for building capabilities in the ASEAN region
For the next three years, Singapore will set aside S$1.5 million of the ACCP to build technical capability among incident responders and operators in the ASEAN region.
The S$10 million ACCP was announced by Dr. Ibrahim at the Opening Ceremony of the inaugural ASEAN Ministerial Conference on Cybersecurity during the first Singapore International Cyber Week in 2016. Through a modular, multi-stakeholder and multi-disciplinary approach, the ACCP seeks to develop technical, policy and strategy-building capabilities within ASEAN Member States through workshops, seminars and conferences organised, in collaboration with partners such as Government agencies, industry players and Non-Governmental Organisations (NGOs), including the US Department of State, the MITRE Corporation, Cyber Law International and the ICT4Peace Foundation.
Singapore will also be partnering with industry to run an ASEAN Cybersecurity Industrial Attachment Programme, to offer training opportunity in Singapore for up to 18 candidates from ASEAN member states. The training will focus on security operations centre (SOC) operations and management, and other relevant technical areas of cybersecurity. Through this programme, participants will be able to advance their technical capabilities in effectively monitoring and responding to cyber threats.
Putting forth a call for greater coordination among ASEAN on cyber policy and capacity building for projecting a unified ASEAN voice internationally to protect and advance regional perspectives, Dr. Ibrahim said, “Beyond scaling up capabilities, we can collectively develop and agree upon basic cyber norms in ASEAN. This will support the work of international organisations such as the United Nations, and amplify ASEAN's voice on international cyber discussions. With an agreement on cyber norms among nations, cybersecurity cooperation can be better achieved