New regional cyber security centre to boost defence against online threats

Deputy Prime Minister Teo Chee Hean at the opening of the third annual Singapore International Cyber Week, held at the Suntec Singapore Convention and Exhibition Centre on Sept 18, 2018.
Deputy Prime Minister Teo Chee Hean at the opening of the third annual Singapore International Cyber Week, held at the Suntec Singapore Convention and Exhibition Centre on Sept 18, 2018. ST PHOTO: GAVIN FOO
Mr Teo said that the new regional cyber-security centre will train Computer Emergency Response Teams (Certs) across Asean member states by increasing their technical expertise and cyber-incident response skills.
Mr Teo said that the new regional cyber-security centre will train Computer Emergency Response Teams (Certs) across Asean member states by increasing their technical expertise and cyber-incident response skills.ST PHOTO: GAVIN FOO

SINGAPORE - With cyber attacks mounting, Singapore is expanding its programme to deepen Asean's cyber capabilities and enhance the region's ability to respond to emerging global cyberthreats.

Announcing this on Tuesday (Sept 18) at the opening of the third annual Singapore International Cyber Week event, Deputy Prime Minister Teo Chee Hean said the Republic will set up an Asean-Singapore Cybersecurity Centre of Excellence to strengthen Asean members' cyber strategy development, legislation and research capabilities.

The centre will expand on the existing Asean Cyber Capacity Programme, a $10 million investment that Singapore made in 2016 to build cyber capabilities for officials from Asean member states, involving governments, industry and academic partners.

The centre will also train national Computer Emergency Response Teams (CERTs) in the region, and promote CERT-to-CERT open-source information sharing.

"Cyberthreats are global threats. No country can tackle these emerging cyberthreats on its own.

"We need to work together to strengthen our collective resilience against such threats," said Mr Teo, who is also the Coordinating Minister for National Security.

Emphasising that cyber attacks are no longer a question of if, but when, he said Singapore suffered its worst data breach in July, when an advanced persistent threat group attacked healthcare group SingHealth and stole the private data of 1.5 million patients.

At the national level, Mr Teo said Singapore is continuing to strengthen its cyber-security capabilities. Besides introducing a Cybersecurity Law, it has accelerated efforts to build up the Cyber Security Agency of Singapore (CSA), and has worked closely with Critical Information Infrastructure (CII) owners to strengthen their cyber defences.

To help identify the Government's cyber-blind spots and benchmark its defences against skilled global hackers, a Government Bug Bounty Programme will be launched at the end of this year. Local and international ethical computer hackers and experts, known as "white-hat hackers", will be invited to test selected, Internet-facing government systems and identify vulnerabilities.

"We also hope that through this process, we can bring together a community of cyber defenders, who share the common goal of making cyberspace safer and more resilient by securing our systems against malicious attacks.

"This builds a shared sense of collective ownership over the cyber security of our systems, which is vital to achieve our Smart Nation goals," said Mr Teo.

The Ministry of Defence (Mindef) had organised a smaller scale bug bounty exercise last December where 264 white-hat hackers were invited to find vulnerabilities in eight of Mindef's web-facing systems. It paid out US$14,750 (S$20,000) in bounties to 17 successful hackers.

This week, the CSA will also put out an Industry Call for Innovation which will see cyber-security companies submitting proposals to the agency to match the cyber needs of five large-scale organisations, namely Ascendas-Singbridge Group, PacificLight Power, Singapore LNG Corporation, Singapore Press Holdings and SMRT Corporation.

In a statement on Tuesday, the CSA said proposals for this call must be submitted before Dec 18 and should be ready for testing and deployment within a year. Cyber-security companies with shortlisted proposals will be invited to discuss their ideas with the participating organisations.

Selected solutions that fulfil the eligibility criteria may also be awarded with proof-of-concept (POC) funding of up to $500,000 under CSA's Co-innovation and Development POC Scheme, the agency added.

Held at the Suntec Singapore Convention and Exhibition Centre, the Singapore International Cyber Week runs till Thursday.