Singapore's cyber defence firepower gets $130m boost

Funds will support research to make networks, IT systems more secure

Singapore yesterday unveiled a $130 million plan to enhance the nation's cybersecurity firepower in the face of a rising tide of global cyberattacks.

The funds, to be spent over five years, will support research efforts to make computer networks and other information technology systems more secure, reliable and resilient.

These efforts will also boost the pool of qualified personnel able to combat increasingly sophisticated cyberattacks.

The move was spurred by increasing cyberattacks which could threaten government agencies and critical services such as banks and utility firms.

Bolstering cybersecurity research was a major recommendation made yesterday by the high- level Research, Innovation and Enterprise Council chaired by Prime Minister Lee Hsien Loong. Other key areas are a programme to attract expatriate senior scientists to return to Singapore, and developing innovation clusters around technologies such as 3-D printing and diagnostics.

Speaking at a press conference to announce the research areas, Mr Lee said: "If we can develop ideas and solutions which reduce cyber risks, I think that can save us a lot of trouble.

"All you need is one bad cyberattack averted and you pay back all the research you put in there. I think nobody can say that our system is safe and that there is no need to secure it, or that nobody can break it. All over the world, these are matters that are taken very seriously."

The cybersecurity programme will be jointly funded by the National Research Foundation (NRF), the Ministry of Defence, Ministry of Home Affairs and the National Security Coordinating Secretariat.

The NRF will be inviting applications from local and international communities for research grants in seven areas.

They include cyberforensic techniques, combating insider threats, identifying the source of attacks, and making computer hardware, software and electronics more reliable and resilient.

This will be complemented by studies into cyberspace governance and policy research.

Studies will seek to better understand human behaviour to develop programmes to educate business users and consumers on how to protect their companies and themselves against cyberattacks.

According to research company Ponemon Institute, the average annualised cost of cybercrime incurred per organisation this year worldwide was US$11.56 million (S$14.3 million), a 26 per cent jump over last year.

NRF chief executive, Professor Low Teck Seng, said at a media briefing earlier this week that this initiative enhances national security interest and helps businesses.

It is also addresses other tech sectors such as data centres and cloud computing.

Critically, the research comes amid a global shortage of highly skilled IT security professionals, said NRF director (physical sciences and engineering) George Loh.

"As of 2011, there were only 1,500 IT security specialists in Singapore, just 1 per cent of the total infocomm industry manpower," he said.

The types of cyberthreats facing Singapore are extremely challenging. Malicious software, or malware, can disrupt online services, deface websites and steal personal data, identity or intellectual property, he said.

New threats, such as cyberespionage operations and sophisticated advanced persistent threats (APTs), or targeted attacks, are also rising, he said.

No IT infrastructure or smartphone is safe today from cyberattacks, said Mr Chong Rong Hwa, senior malware researcher with software security firm FireEye. As long as users are online, hackers will try to steal information anywhere in the world and Singapore is no exception.

"APTs can be sent by hackers through software programs like Word or even embed them in Internet browsers. As soon as a user opens the Word file or surfs the Internet, his phone or computer is infected," he said.

Malware can steal identities, corporate secrets or credit card numbers. He added that software tools to combat cyberattacks are only part of the solution. Trained personnel are vital in learning how to take precautions against online attacks and to recognise when they have been infected.

chngkeg@sph.com.sg