Cyber security: Can Singapore lead in this space?

The pace of technology improvements in hardware and software has resulted in rapid adoption of cloud storage and computing, the emergence of a new way of managing IT development known as Agile that shortens product development, and a quantum leap in the design of user interface and user experience.

Digitisation is on hyper drive across all industries, disrupting current industries and creating new ones. As a result, companies ranging from manufacturing to transportation to finance have digitised their work processes and records. This has resulted in high reliance on the availability and existence of systems and data, and created one of the greatest challenges facing the global economy - increased vulnerability to cyber attacks.

Over 707 million records were breached in the year 2015. That meant nearly two million data records were leaked, lost or stolen every day . These numbers are just one indication of how cyber attacks are now one of the greatest challenges facing the global economy in the 21st century.

The business ecosystem of outsourcing, supply chain and digitisation has brought all parties to greater digital integration than ever before, and the resilience of any one ecosystem to cyber attacks is highly dependent on the strength of its weakest link.

In the last 35 years, Singapore has attracted investments from leading players across several industries that have chosen to deepen their capabilities and build their regional headquarters and hub services here. Singapore is in a unique position to leverage the presence of these companies to harness their common need and shared interests to protect their respective eco-business systems from cyber threats.

It is encouraging to see the Singapore Government taking proactive steps to develop frameworks and infrastructure to lay the foundations for a cyber-security industry. These include its Smart Nation vision and digital economy, and the National Cyber Security Masterplan 2018, a five-year plan that serves to reinforce the nation's cyber-security programmes by intensifying efforts in Government and the nation's Critical Infocomm Infrastructure as well as the wider infocomm ecosystem which includes businesses and individuals.

Visitors at the Singapore International Cyber Week event last month. The Singapore Government is laying the foundations for a cyber security industry. PHOTO: AGENCE FRANCE-PRESSE

The formation of the Cyber Security Agency of Singapore as the national agency in charge of cyber-security matters and reporting to the Prime Minister's Office, coupled with a proposed Cybersecurity Bill to govern the oversight and maintenance of national cyber security, will provide both cyber surveillance and enable sharing of cyber intelligence between Government and the business community.

These planned investments, initiatives and legislation will help to position Singapore at the forefront of the cyber-security landscape, but success, ultimately, will hinge on a few critical factors:

  • Cyber-security ecosystem - a dedicated focus on building a cyber-security ecosystem will be necessary for Singapore to be a leader in this space. Sectional security operations centres (SOCs) covering critical sectors and infrastructure such as energy, telecommunications and the financial industry, coupled with incentives for multinational companies to hub their Asian/global SOCs here, will provide the core spine of the industry for information sharing on cyber threats and attacks. In addition, it will be critical for the industry to build a vibrant hub of investors (angel and venture capitalists) and innovators to develop, innovate and sharpen new technologies through deep partnerships between institutes of higher education, start-ups, companies and Government.
  • Collaboration - this needs to be multi-faceted and involve the public and private sectors, including law enforcement agencies. As we learn to navigate relatively uncharted territory, we need to have industry stakeholders come together to share expertise, intelligence and experience. Nothing is more powerful than collaborating and sharing intelligence, which helps dissemination of security guidance and corrective actions and in identification of emerging trends and preparation for future events.
    To be a leader in cyber security, it is also imperative for Singapore to look outside of its own national ecosystem. There is a requirement for greater collaboration with nations that have established SOCs and industry-led groups such as FS-ISAC (Financial Services Information Sharing and Analysis Centre) in the United States. This will facilitate the sharing of real-time intelligence information for greater synergy and a strong level of readiness when it comes to combating cybercrime.
  • Robust cyber risk management strategy - all members of the ecosystem must work hand-in-hand in a dynamic way to develop a robust cyber risk management strategy to guard against emerging and unforeseen threats. The key here is to have a good understanding and assessment of the gap between the current digital defence posture and the need for strong and in-depth frontline defence capabilities and strategy so that we can respond quickly in times of adversity.
  • Talent development and education - as the landscape of cybercrime continues to propagate and evolve, it is necessary for those who work at every level in this space to be equipped with the latest intelligence and tools as well as the know-how to deal with them.

Within the banking industry, workshops and courses have been introduced in recent years to raise awareness among employees and train them to handle the risks and implications of cyber security as more companies invest in digital and innovation hubs. With a serious shortage of professionals in this area, academic institutions should consider incorporating a comprehensive curriculum across all spheres of cyber security - people, process and technology - to support the manpower needs.

The threat landscape is constantly changing. If the past year and recent cyber-attack incidents have taught us anything, it is that all companies are facing ever-increasing cyber threats which are becoming more ominous and menacing. No one is immune. Cyber security extends beyond protection of confidential data. It is about building and maintaining trust and confidence with the public and customers as well as safeguarding assets and intellectual property and ensuring continued operation of essential services. Singapore has the necessary building blocks to lead and build a cyber-security industry that will provide a new growth engine for our economy.

  • The writer is Chief Executive Officer of Citibank Singapore Limited and a member of the Main Committee on the Future Economy (CFE) and CFE's subcommittee on Future Growth Industries and Markets.
A version of this article appeared in the print edition of The Straits Times on November 25, 2016, with the headline 'Cyber security: Can Singapore lead in this space?'. Print Edition | Subscribe