Singapore announces third cyber-security masterplan

By Gabey Goh July 26, 2013

Focus on 3 key areas: Critical infrastructure, adoption of security measures and talent development
Development of local cyber-security expertise with private sector partners a core mission

Singapore announces third cyber-security masterplan TO better respond to the increasingly complex challenges of security in cyberspace, the Singapore Government has announced a five-year National Cyber Security Masterplan 2018, which aims to develop the country as a trusted and robust ‘infocomm hub’ by that year.

It is Singapore’s third masterplan centred on security – the first Infocomm Security Masterplan (ISMP) from 2005 to 2007 kicked off the nation’s coordinated approach towards a secure environment by equipping the public sector with capabilities to mitigate cyber-threats.

The second ISMP introduced encompassed critical ICT (information and communications technology) infrastructure and included the running of cyber-security exercises for key industry sectors like finance and telecommunications, as well as the rolling out of an Internet Infrastructure Code of Practice for designated Internet service providers (ISPs).

In a speech announcing the third masterplan, Dr Yaacob Ibrahim, Singapore’s Minister for Communications and Information, noted that cyber-attacks were increasingly targeting small and medium enterprises (SMEs), stealing data, spreading misinformation or disrupting services.

Social engineering attacks have also evolved from the targeting of individuals to ‘watering hole’ attacks, which involve compromising SME websites and targeting site users, he said during an information security seminar on July 24.

“The recent defacement of websites belonging to a Singapore healthcare company during the haze highlights how vulnerable we are to cyber-attacks,” Dr Yaacob said.

“It is thus vital for the Government, businesses, and us as individuals, to be more vigilant and further strengthen the security and resilience of Singapore’s infocomm infrastructure and systems,” he added.

According to McAfee’s 2012 State of Security Survey, about a quarter of business respondents in Singapore did not test their incident response plans or rehearse incident response scenarios after a security breach.

The survey also found that while seven in 10 Singaporeans were familiar with security dangers threatening their digital assets, nearly the same proportion did not have any security software installed on their smartphones and close to 90% did not protect their tablet devices.

Masterplan’s triple focus

According to Dr Yaacob (pic), the National Cyber Security Masterplan will be focused on three key areas.

First, it will enhance the security and resilience of critical infocomm infrastructure (CII). This includes a CII Protection Assessment Programme to identify vulnerabilities and gaps to facilitate the strengthening of Singapore’s ICT infrastructure against complex cyber-threats.

National cyber-security exercises will continue to be conducted for critical industry sectors over the next five years, with the addition of new cross-sector exercises, he added.

For the public sector, the existing Cyber Watch Centre and Threat Assessment Centre will both be upgraded for improved detection and analytical capabilities.

The second area of focus is on increasing efforts to promote the adoption of appropriate security measures among individuals and businesses.

The Infocomm Development Authority of Singapore (IDA), will continue to reinforce cyber-security awareness through online platforms, road shows, educational and current affairs programmes.

Collaborations with industry and trade associations will also take place to promote cyber-security and share cyber-threat information.

The third focus area of the masterplan aims to grow Singapore’s pool of ICT security experts.

“The rise of sophisticated cyber-attacks is also exacerbated by a worldwide shortage of highly skilled infocomm security professionals,” said Dr Yaacob.

Demand for cyber-security expertise is expected to grow exponentially. As of 2011, there were only 1,500 IT security specialists in Singapore -- just 1% of the total IT industry manpower.

Singapore has already made moves to address the talent gap in a collaboration with RSA, the security division of EMC Corporation, announced in June.

The multi-year agreement between RSA and the Singapore Economic Development Board (EDB) is intended to help accelerate training and workforce development for a new generation of local cyber-security professionals.

Dr Yaacob said that the IDA will be working with Singapore’s Institutes of Higher Learning to incorporate infocomm security courses and degree programmes into the curriculum. IDA will also work with industry partners to attract and retain such skilled professionals in Singapore.

He added that by adopting a collaborative approach across the public, private and people sectors, the masterplan would enhance the security of Singapore’s critical infocomm infrastructure and address the security of businesses and individuals.

“Given our heavy reliance on infocomm, Singapore needs to build up our pool of infocomm security professionals and develop their competencies. Only then can we better mitigate cyber-threats and provide a trusted and secure online environment for businesses and individuals,” he added.