Singapores Strategy in Promoting Global Cybersecurity

1
Singapores Strategy in Promoting Global
Cybersecurity
Asia Pacific Forum on Telecommunications Policy
And Regulation 2006

• Presented by Geraldine Lim
• 17 May 2006

2
Agenda

• Cybersecurity in Singapore
• Infocomm Security Masterplan
• National Trust Framework
• Implementation Approach
• International Cooperation
• Conclusion

3
1 /
Cybersecurity in Singapore
4
Cyberthreats

• Like other open economies, Singapore faces threat
  from all vectors
• Epidemic, Terrorism, Cross-border crimes
• Attacks against infocomm environment
• Challenges in protection of infocomm environment
• Malware worms, virus and trojan horses
• Irresponsible hackers, cyber-criminals
  cyber-terrorists
• Ignorant users system owners

5
Proactive Efforts in Cybersecurity

• Legislation Level
• Computer Misuse Act in 1993
• Electronic Transactions Act in 1999
• Policies and Guidelines Level
• Model Data Protection Code in 2001
• Infocomm Security Best Practices for government
  agencies

6
Proactive Efforts in Cybersecurity
7
Proactive Efforts in Cybersecurity

• Strategic Level
• Infocomm Security Masterplan in 2005
• Intelligent Nation 2015 (iN2015) National
  Trust Framework (NTF) in 2006

8
2 /
Infocomm Security Masterplan

9
Overview of Infocomm Security Masterplan

• Three year (FY2005-2007) strategic roadmap with
  S38 million seed fund
• Objectives
• Defend Singapores critical infrastructure from
  cyber attacks
• Maintain a secure infocomm environment for the
  government, businesses and individuals
• Development
• Multi-agency effort led by IDA
• Driven by a high-level steering committee
• Input from businesses government agencies

10
Strategies

• Six strategies
• Securing the People Sector
• Securing the Private Sector
• Securing the Public Sector
• Developing National Capabilities
• Cultivating Technology and RD
• Securing National Infrastructure

11
Highlights of Selected Projects

• National Cyberthreat Monitoring Centre (NCMC)
• Critical Infocomm Infrastructure Surety
  Assessment (CII-SA)
• Infocomm Security Health Scorecard
• National Infocomm Security Awareness Programme

12
National Cyberthreat Monitoring Centre (NCMC)

• Enhance situational awareness of the nations
  cyber-presence
• Enable stakeholders to be proactive through
  immediate actions
• Provide threat analysis and security network
  monitoring capabilities on a 24/7 basis
• Extend current capabilities and build new ones
• Cyber-WatchCentre (CWC)
• Threat Analysis Centre (TAC)

13
Critical Infocomm Infrastructure Surety Assessment

• Assess the infocomm security readiness of
  the national critical infocomm infrastructures
  (CII)
• Commence with CII asset identification and
  inter-dependency analysis
• Work with Sector Regulators CII owners
• Infocomm
• Energy
• Banking Finance
• Healthcare
• Water
• Transport
• Government

14
Infocomm Security Health Scorecard

• Provide assurance of adequate infocomm security
  measures in the public sector
• Help government agencies identify gaps in
  infocomm security measures address them
  proactively
• Benchmark agencies security health
  against the scorecard annually

15
National Infocomm Security Awareness Programme

• Educate end-users in People, Private Public
  Sectors on infocomm security
• Resources Activities
• Online portal contests
• Collaboration with ISPs
• Advertorials on print media
• Gameshow
• Video clips
• Collaterals booklets, CD-ROMs, brochures

16
3 /
National Trust Framework

17
National Trust Framework

• Part of IDAs iN2015 Masterplan
• Aims to enhance Singapores reputation as a
  Trusted Hub
• Focuses on four strategic thrusts
• Infrastructure
• Manpower Development
• Education Adoption
• Regulation

18
Strategic Thrusts

• 1 Infrastructure
• Focuses on developing the hard and soft
  aspects of an infrastructure
• National Authentication Framework
• Security Measurement and Benchmarking
• Product Assurance

19
Strategic Thrusts

• 2 Manpower Development
• Focuses on building a critical pool of competent
  Infocomm security (IS) professionals to secure
  information assets
• Professional body to elevate the status,
  competencies and trust accorded to Infocomm
  Security Professionals
• IS Professional Roadmap, which dovetails into the
  National Infocomm Competency Framework
• Code of Conduct

20
Strategic Thrusts

• 3 Education Adoption
• Focuses on equipping end-users with the knowledge
  and tools to protect their computers from cyber
  threats and privacy infringements.
• Leverages on the public awareness and education
  initiatives under the Infocomm Security
  Masterplan.
• 4 Regulation
• Focuses on the need to safeguard digital assets
  through regulatory measures.
• Study for a National Cyber Security Privacy Act

21
4 /
Implementation Approach

22
Infocomm Security Masterplan and National Trust
Framework
INFOCOMM SECURITY MASTERPLAN
NATIONAL TRUST FRAMEWORK

• Complement each other
• Share common initiatives

23
Implementation Approach

• Inter-agency and multi-stakeholder approach
• Collaboration among government agencies
• Participation of critical sectors
• Private-public partnerships are important
• Both government and businesses in working groups
• Expertise from solution providers sought
• International Cooperation

24
5 /
International Cooperation
25
International Cooperation

• Active participation in Global and Regional Arena
  by SingCERT
• Forum of Incident Response and Security Teams
  (FIRST)
• Asia Pacific CERT (APCERT) forum
• Regular exchanges of threats and vulnerability
  information between CERTs in the region
• Sharing of pertinent cyber threat information and
  experiences in protecting critical infocomm
  infrastructure

26
International Cooperation

• ASEAN TELMIN
• ASEAN CERTs Incident Drill (ACID)
• ASEAN - China Cooperation Framework
• ATRC Framework for Cooperation in Network
  Security
• ASEAN Regional Forum (ARF)

27
6 /
Conclusion
28
Conclusion

• Enhancing the infocomm security, resilience and
  preparedness of the nation is a journey without
  end
• Positive mindset to treat cyber security with
  priority should be encouraged and sustained
• Partnership and participation from public,
  private and people sector is critical

29
Thank you www.ida.gov.sg