How Cyber Security Agency is protecting Singapore in the changing cyber landscape
At CyberTech Asia 2018, Cyber Security Agency of Singapore (CSA)’s Deputy Chief Executive (Development) Mr Teo Chin Hock gave a keynote speech on the changing cyber landscape and how CSA is protecting the cyber space of Singapore.
Mr Teo started his speech by pointing out major trends in the changing cyber landscape on global, regional and local levels.
To begin with, the world is more interconnected than ever and will be even more so in the coming years. Within two decades, the global population that has access to the Internet drastically grew from only 4% to 40% of the world now. In 2017, there were 8.4 billion connected smart devices and the number is set to grow to 20.4 billion by 2020.
In addition to being more connected, Mr Teo also said that advancements in digital technologies are changing the way we live our lives and creating new opportunities for businesses to better address consumers’ needs.
At the same time, the increased use of digital technology also translated into great demand for cybersecurity products and services, with the global market for cybersecurity estimated to grow by nearly 15% annually to over US$1 trillion by 2021. In Singapore, the cybersecurity market is projected to grow to over US$678 million by 2020.
However, Mr Teo cautioned that as we become increasingly interconnected and reliant on digital services, we become more vulnerable to cyber threats.
Rise of high profile sophisticated malware
“2017 saw many high profile cyberattacks across the globe,” he said, citing the WannaCry attack in May 2017 which affected more than 200,000 users across 150 countries, causing a global loss of US$8 billion, as “the most notorious” one.
“Cyberattacks are set to only get more sophisticated,” Mr Teo added.
“Not only are attackers making use of sophisticated malware that are able to spread without human intervention, they are also increasingly using encryption and evasion tactics to avoid detection.”
Rise of state-sponsored cyberattacks
Mr Teo also stated that another alarming development would be the rise of state-sponsored cyberattacks, citing findings by the European Union Agency for Network and Information Security (ENISA) that nation-states have become the third most active threat agent group, accounting for more than 20% of incidents in 2017.
According to him, this is worrying as nation-states often possess the advanced capabilities and resources required to carry out sophisticated and prolonged attacks that are difficult to identify and defend against.
“Moreover, given that the goal of such attacks is usually espionage related, successful attacks could have a devastating impact for its victims. This is especially the case if attacks are timed to influence critical events such as national elections. In the case of attacks targeted at Critical Information Infrastructure (CIIs), a successful attack may be able to disrupt essential services, which can have a debilitating effect on the populace,” he explained.
How CSA defends Singapore’s cyber space
In Singapore, CSA is the national agency tasked with ensuring the high cyber-resiliency of the country’s CIIs as well as creating a safer cyberspace.
(1) Protecting critical information infrastructure
“Since our inception in 2015, we have worked closely with the regulators of CIIs across 11 sectors to understand the cyber risks they face and to put measures in place to manage these risks,” Mr Teo shared.
CSA also conducts the multi-sector Exercise Cyber Star, to test Singapore’s cyber incident management and emergency response plans. In the latest exercise in last July, more than 200 participants, comprising sector leads and CII owners from the 11 sectors participated in the successful exercise.
As reported earlier, recognising that cyberattacks on CIIs are only going to get more frequent and sophisticated, Singapore passed the Cybersecurity Act early this year. Among other things, the Act empowers CSA to better prevent and respond to cyber-attacks as well as formalise the duties CII owners have towards ensuring the resiliency of the CII that they operate.
(2) Combat cybercrime
CSA is actively working to create a safer cyberspace for all to enjoy. According to Mr Teo, cybercrime nearly doubled in proportion from nearly 8% 2014 to 13.7% of all crimes in 2016. As such, CSA is committed to the protection of private businesses and individuals, through working with other agencies, such as the Singapore Police Force, the telcos and Internet Service Providers.
(3) Growing a cybersecurity ecosystem
“CSA is unable to do everything on its own,” Mr Teo said.
“A strong cybersecurity sector capable of producing innovative solutions and talented manpower is required to support our plans.”
Recognising this, CSA has adopted a 2-pronged approach to build up Singapore’s cybersecurity ecosystem: (1) to build the cybersecurity industry and (2) to develop Singapore’s cybersecurity manpower and capabilities.
Attracting top industry partners
In building up Singapore’s cybersecurity industry, CSA is attracting industry partners with advanced research and engineering capabilities to anchor their advanced cybersecurity operations and activities in Singapore. Such an approach involved the active support of the Economic Development Board (EDB) and leverages on Singapore’s pro-business climate, and an educated and highly-skilled workforce.
Today, many of the top 100 cybersecurity companies already operating in Singapore.
R&D for cybersecurity innovations
At the same time, CSA is a strong supporter of the National Cybersecurity R&D (NCR) Programme to bring together government agencies, academia, research institutes and industry to collaborate on cybersecurity research.
CSA has also recently launched a funding scheme for Proof-of-Concept projects aimed to support the development of innovative cybersecurity solutions by Singapore-registered companies that would meet national cybersecurity needs.
Supporting cybersecurity startups
Aware that startups are another key source of innovative solutions, CSA has been looking to grow the pipeline of cybersecurity startups in Singapore.
Mr Teo shared that CSA and the Infocomm Media Development Authority (IMDA) will be supporting Singtel Innov8 and NUS Enterprise, in building Singapore’s first cybersecurity start-up incubation hub.
The Innovation Cybersecurity Ecosystem @Block 71 or ICE71, ICE71 will work with CyLon, the UK’s leading cybersecurity accelerator to offer three programmes for entrepreneurs at various stages.
The first programme is a pre-accelerator boot camp that will help participants kick-start their entrepreneurial journey in turning innovative cyber ideas into workable business models.
The second is an accelerator training programme for early-stage startups aimed at helping them start off their businesses.
The third is a landing pad for more mature start-ups to scale up their business and eventually, internationalise.
Developing cybersecurity manpower
Mr Teo named the current global shortage of skilled manpower a factor that “may severely constrain the growth of the cybersecurity industry”.
At a global level, it is estimated that there will be 3.5 million unfilled cybersecurity jobs by 2021. On a local level, in Singapore, it is estimated that there will be a potential talent gap of up to 3400 cybersecurity professionals by 2020.
On one hand, to attracting talent, CSA has worked with IMDA to increase the number of scholarships offered for cybersecurity under the National Infocomm Scholarship Programme, so as to encourage top students to pursue a degree in cybersecurity.
On the other hand, the Cyber Security Associates and Technologists (CSAT) Programme aims to facilitate the conversion of professionals in related fields, such as ICT and engineering, to cybersecurity professionals. Under the CSAT programme, industry partners provide on-the-job training for fresh and experienced professionals to help them prepare for cybersecurity roles.
To boost cybersecurity competency of civil servants, CSA established the CSA academy to train cybersecurity professionals in the government.
Launched in October last year, CSA Academy will partner with leading industry training providers to provide intermediate to advanced training in niche areas that are currently not available in the market. For example, CSA Academy is currently partnering with U.S. cybersecurity services provider, FireEye, to provide training in incident response and malware analysis.
“While CSA is committed to building up the cybersecurity ecosystem, this is not something we can do alone.Close collaboration between governments, industry and academia on various fronts is critical to the building up of a vibrant cybersecurity ecosystem. As such, CSA will continue to work with all stakeholders of the cybersecurity ecosystem, from students to large multi-national companies, to anchor advanced capabilities in Singapore, build up local capabilities and develop a skilled workforce," he concluded.