Singapore cyber security strategy launched, half of public agencies separate Web surfing from work computers

PM Lee Hsien Loong speaking at the opening of the inaugural Singapore International Cyber Week and the 25th GovernmentWare Conference at Suntec Singapore.
PM Lee Hsien Loong speaking at the opening of the inaugural Singapore International Cyber Week and the 25th GovernmentWare Conference at Suntec Singapore.ST PHOTO: ALPHONSUS CHERN

SINGAPORE - The Government on Monday (Oct 10) embarked on a comprehensive blueprint that maps out Singapore’s long-term approach towards securing its cyberspace against incursions, while tapping into opportunities to grow the infocomm technology (ICT) sector locally.

Launching the national cybersecurity strategy at the opening of the first Singapore International Cyber Week at Suntec Singapore, Prime Minister Lee Hsien Loong said cyber security is "an issue of national importance" as the country becomes more connected in its mission to become a smart nation.

"Singapore aspires to be a smart nation. But to be one, we must also be a safe nation," he told more than 3,000 public servants and technology professionals from 30 countries at the event.

"The potential of ICT and digital technologies depends on how much we can trust the Internet and cyberspace: we must get cyber security right, to capture the benefits of a more connected world."

Singapore's national cyber security strategy, which has four key components, was developed by the Cyber Security Agency of Singapore (CSA). The agency was set up last year to coordinate the country's national efforts in cyber security.

PM Lee said the first pillar of the cyber security strategy involves strengthening the country's critical infrastructure.

"We are investing more to strengthen government systems and networks, especially those that handle sensitive data, and protect them from cyber attacks," he said.

For one thing, ministers, senior civil servants and half of all public agencies have started separating Internet surfing from their work computers to boost the security of critical Government systems, said PM Lee.

The rest of the Government agencies are on track to implement the initiative by the middle of next year, said PM Lee.

When the move to separate Internet surfing in the public service takes full effect next year, civil servants can still access the Web via separate government computers dedicated to that purpose, or use their personal mobile devices. But their work computers, where they access their e-mail, will not have Internet surfing capabilities. The initiative was first reported in June.

The other three pillars of Singapore's cyber security strategy are:

- Developing a vibrant cyber security ecosystem by educating businesses and individuals;

- Creating jobs by developing cyber security talent; and

- Strengthening international partnerships to better respond to cyber threats.

PM Lee said that while ICT creates business opportunities and boosts productivity, it also makes its users vulnerable.

Globally, cyber threats and attacks are becoming more frequent and sophisticated, with more severe consequences, he added.

Last December, a successful attack on the power grid in Ukraine left many Ukrainians without electricity for hours. This year, thieves siphoned US$81 million (S$111.2 million) from the Bangladesh Bank, the central bank of Bangladesh, in a sophisticated cyber heist.

Meanwhile, hackers used malware to withdraw more than US$2 million from dozens of ATMs in Taiwan.

Singapore has not been spared.

"Our government networks are regularly probed and attacked," he said, adding that attacks included a combination of phishing attempts and malware infection.

"From time to time, government systems have been compromised; websites have been defaced. We also suffered concerted DDOS (distributed denial of service) attacks that sought to bring our systems down," he said.

The financial sector, for instance, has suffered DDOS attacks, and leaks of data. Individuals, too, have become victims of scams.

Fake websites of the Singapore Police Force, Manpower Ministry, Central Provident Fund Board, and the Immigrations and Checkpoints Authority have been set up overseas to phish for personal information or trick people into sending money.