At
CyberTech Asia 2018, Cyber Security Agency of
Singapore (CSA)’s Deputy Chief Executive (Development) Mr Teo Chin Hock
gave a keynote speech on the changing cyber landscape and how CSA is protecting
the cyber space of Singapore.
Mr
Teo started his speech by pointing out major trends in the changing cyber
landscape on global, regional and local levels.
To
begin with, the world is more interconnected than ever and will be even more so
in the coming years. Within two decades, the global population that has access
to the Internet drastically
grew from only 4% to 40% of the world now. In 2017, there were 8.4 billion
connected smart devices and the number is set to grow to 20.4 billion by 2020.
In
addition to being more connected, Mr Teo also said that advancements in digital
technologies are changing the way we live our lives and creating new
opportunities for businesses to better address consumers’ needs.
At
the same time, the increased use of digital technology also translated into
great demand for cybersecurity products and services, with the global market
for cybersecurity estimated to grow by nearly 15% annually to over US$1
trillion by 2021. In Singapore, the cybersecurity market is projected to grow
to over US$678 million by 2020.
However,
Mr Teo cautioned that as we become increasingly interconnected and reliant on
digital services, we become more vulnerable to cyber threats.
Rise of high profile sophisticated malware
“2017
saw many high profile cyberattacks across the globe,” he said, citing the
WannaCry attack in May 2017 which affected more than 200,000 users across 150
countries, causing a global loss of US$8 billion, as “the most notorious” one.
“Cyberattacks
are set to only get more sophisticated,” Mr Teo added.
“Not
only are attackers making use of sophisticated malware that are able to spread
without human intervention, they are also increasingly using encryption and
evasion tactics to avoid detection.”
Rise of state-sponsored cyberattacks
Mr
Teo also stated that another alarming development would be the rise of
state-sponsored cyberattacks, citing findings
by the European Union Agency for Network and Information Security (ENISA)
that nation-states have become the third most active threat agent group,
accounting for more than 20% of incidents in 2017.
According
to him, this is worrying as nation-states often possess the advanced
capabilities and resources required to carry out sophisticated and prolonged
attacks that are difficult to identify and defend against.
“Moreover,
given that the goal of such attacks is usually espionage related, successful
attacks could have a devastating impact for its victims. This is especially the
case if attacks are timed to influence critical events such as national
elections. In the case of attacks targeted at Critical Information
Infrastructure (CIIs), a successful attack may be able to disrupt essential
services, which can have a debilitating effect on the populace,” he explained.
How CSA defends Singapore’s cyber space
In
Singapore, CSA is the national agency tasked with ensuring the high
cyber-resiliency of the country’s CIIs as well as creating a safer
cyberspace.
(1)
Protecting
critical information infrastructure
“Since
our inception in 2015, we have worked closely with the regulators of CIIs
across 11 sectors to understand the cyber risks they face and to put measures
in place to manage these risks,” Mr Teo shared.
CSA
also conducts the multi-sector Exercise Cyber Star, to test Singapore’s cyber
incident management and emergency response plans. In the latest exercise in
last July, more than 200 participants, comprising sector leads and CII owners
from the 11 sectors participated in the successful exercise.
As reported
earlier, recognising that cyberattacks on CIIs are only going to get more
frequent and sophisticated, Singapore passed the Cybersecurity Act early this
year. Among other things, the Act empowers CSA to better prevent and respond to
cyber-attacks as well as formalise the duties CII owners have towards ensuring
the resiliency of the CII that they operate.
(2)
Combat
cybercrime
CSA
is actively working to create a safer cyberspace for all to enjoy. According to
Mr Teo, cybercrime nearly doubled in proportion from nearly 8% 2014 to 13.7% of
all crimes in 2016. As such, CSA is committed to the protection of private
businesses and individuals, through working with other agencies, such as the
Singapore Police Force, the telcos and Internet Service Providers.
(3)
Growing
a cybersecurity ecosystem
“CSA
is unable to do everything on its own,” Mr Teo said.
“A
strong cybersecurity sector capable of producing innovative solutions and
talented manpower is required to support our plans.”
Recognising
this, CSA has adopted a 2-pronged approach to build up Singapore’s
cybersecurity ecosystem: (1) to build the cybersecurity industry and (2) to
develop Singapore’s cybersecurity manpower and capabilities.
Attracting
top industry partners
In building
up Singapore’s cybersecurity industry, CSA is attracting industry partners with
advanced research and engineering capabilities to anchor their advanced
cybersecurity operations and activities in Singapore. Such an approach involved
the active support of the Economic Development Board (EDB) and leverages on
Singapore’s pro-business climate, and an educated and highly-skilled workforce.
Today,
many of the top 100 cybersecurity companies already operating in
Singapore.
R&D
for cybersecurity innovations
At
the same time, CSA is a strong supporter of the National Cybersecurity R&D
(NCR) Programme to bring together government agencies, academia, research
institutes and industry to collaborate on cybersecurity research.
CSA
has also recently launched a funding scheme for Proof-of-Concept projects aimed
to support the development of innovative cybersecurity solutions by
Singapore-registered companies that would meet national cybersecurity needs.
Supporting
cybersecurity startups
Aware
that startups are another key source of innovative solutions, CSA has been
looking to grow the pipeline of cybersecurity startups in Singapore.
Mr
Teo shared that CSA and the Infocomm Media Development Authority (IMDA) will be
supporting Singtel Innov8 and NUS Enterprise, in building Singapore’s first
cybersecurity start-up incubation hub.
The
Innovation Cybersecurity Ecosystem @Block 71 or ICE71, ICE71 will work with
CyLon, the UK’s leading cybersecurity accelerator to offer three programmes for
entrepreneurs at various stages.
The
first programme is a pre-accelerator boot camp that will help participants
kick-start their entrepreneurial journey in turning innovative cyber ideas into
workable business models.
The
second is an accelerator training programme for early-stage startups aimed at
helping them start off their businesses.
The
third is a landing pad for more mature start-ups to scale up their business and
eventually, internationalise.
Developing
cybersecurity manpower
Mr
Teo named the current global shortage of skilled manpower a factor that “may
severely constrain the growth of the cybersecurity industry”.
At a
global level, it is estimated
that there will be 3.5 million unfilled cybersecurity jobs by 2021. On a local
level, in Singapore, it is estimated
that there will be a potential talent gap of up to 3400 cybersecurity
professionals by 2020.
On
one hand, to attracting talent, CSA has worked with IMDA to increase the number
of scholarships offered for cybersecurity under the National Infocomm
Scholarship Programme, so as to encourage top students to pursue a degree in
cybersecurity.
On
the other hand, the Cyber Security Associates and Technologists (CSAT)
Programme aims to facilitate the conversion of professionals in related fields,
such as ICT and engineering, to cybersecurity professionals. Under the CSAT
programme, industry partners provide on-the-job training for fresh and
experienced professionals to help them prepare for cybersecurity roles.
To
boost cybersecurity competency of civil servants, CSA established the CSA
academy to train cybersecurity professionals in the government.
Launched in
October last year, CSA Academy will partner with leading industry training
providers to provide intermediate to advanced training in niche areas that are
currently not available in the market. For
example, CSA Academy is currently partnering with U.S. cybersecurity services
provider, FireEye, to provide training in incident response and malware
analysis.
“While CSA is committed to building up the
cybersecurity ecosystem, this is not something we can do alone.Close
collaboration between governments, industry and academia on various fronts is
critical to the building up of a vibrant cybersecurity ecosystem. As such, CSA
will continue to work with all stakeholders of the cybersecurity ecosystem,
from students to large multi-national companies, to anchor advanced
capabilities in Singapore, build up local capabilities and develop a skilled
workforce," he concluded.