Singapore rolls out high-level cyber security strategy

More funds to be set aside for defending critical systems from attacks; new Bill also in the works

Visitors trying out virtual reality goggles at a booth at the inaugural Singapore International Cyber Week at Suntec Convention and Exhibition Centre yesterday.
Visitors trying out virtual reality goggles at a booth at the inaugural Singapore International Cyber Week at Suntec Convention and Exhibition Centre yesterday. ST PHOTO: ALPHONSUS CHERN

The Government is taking decisive steps to tackle cyber threats - including almost doubling the proportion of its technology budget dedicated to plugging security gaps in critical infrastructure.

The matter, said Prime Minister Lee Hsien Loong yesterday, is one of "national importance" as the country becomes more connected in its mission to become a smart nation.

At the opening of the inaugural Singapore International Cyber Week, he announced a high-level national strategy that includes strengthening international partnerships.

One key prong will be to direct more funds into defence against attacks. These have ranged from malware infection to the defacing of government websites.

About 8 per cent of the infocomm technology (ICT) budget will now be set aside for cyber security spending, up from about 5 per cent before. In fiscal 2014, Singapore spent $408.6 million on cyber security.

The new proportion is similar to what other countries spend; Israel stipulates that 8 per cent of its total government IT budget must go to cyber security, while South Korea channels as much as 10 per cent.

"We are investing more to strengthen government systems and networks, especially those that handle sensitive data, and protect them from cyber attacks," said Mr Lee.

"Singapore aspires to be a smart nation. But to be one, we must also be a safe nation," he told more than 3,000 public servants and technology professionals from 30 countries who were also attending the 25th GovernmentWare Conference.

Singapore's cyber security strategy is developed by the Cyber Security Agency (CSA).

Central to the strategy is the introduction of a new Cybersecurity Act in the middle of next year after public consultations, expected to be held after the draft legislation is tabled in Parliament next year.

There is currently no over-arching cyber security legislation in Singapore. The current system of working with various sector regulators is "patchy", said CSA chief executive David Koh, as the requirement to tighten gaps in critical infrastructure has not been worked into licensing conditions in some sectors.

Mr Lee said that, while ICT creates business opportunities and boosts productivity, it also makes its users vulnerable.

Globally, cyber threats and attacks are becoming more frequent and sophisticated, with more severe consequences, he added.

Last December, a successful attack on the power grid in Ukraine left many Ukrainians without electricity for hours. This year, thieves siphoned US$81 million (S$111.3 million) from the Bangladesh Bank, the central bank of Bangladesh, in a sophisticated cyber heist.

Singapore has not been spared.

"Our government networks are regularly probed and attacked," said Mr Lee, adding that attacks included "phishing" attempts and malware infection.

"From time to time, government systems have been compromised; websites have been defaced. We also suffered concerted DDOS (distributed denial of service) attacks that sought to bring our systems down," he said.

The financial sector, for instance, has suffered DDOS attacks and leaks of data. Individuals, too, have become victims of scams.

Fake websites of the Singapore Police Force, Manpower Ministry, Central Provident Fund Board, and the Immigration and Checkpoints Authority have been set up overseas to "phish" for personal information or trick people into sending money.

Mr Lee said the country must get cyber security right. "Only then can IT deliver innovation, growth and prosperity for our businesses and citizens."

Join ST's Telegram channel and get the latest breaking news delivered to you.

A version of this article appeared in the print edition of The Straits Times on October 11, 2016, with the headline Singapore rolls out high-level cyber security strategy. Subscribe