Academy in the works to train cyber-security professionals in government, critical sectors

The Cyber Security Agency will create its first academy to boost the skills of cyber-security professionals in government and Singapore's 11 critical sectors.
The Cyber Security Agency will create its first academy to boost the skills of cyber-security professionals in government and Singapore's 11 critical sectors.ST PHOTO: NG SOR LUAN

SINGAPORE - The Cyber Security Agency (CSA) will create its first academy to boost the skills of cyber-security professionals in government and Singapore's 11 critical sectors, including energy, banking, government, healthcare and transport.

Deputy Prime Minister and Coordinating Minister for National Security Teo Chee Hean said the academy was essential, given that Singapore was highly connected.

"Singapore is more exposed than many other countries to cyber attack. We are already highly connected, and aim to become more so," he said at the opening of the second annual Singapore International Cyber Week on Tuesday (Sept 19) at Suntec Convention and Exhibition Centre. He added that training was one of the key pillars of a more secure and resilient digital community.

Details of the investment and the academy's launch date and cohort size are still being worked out. However, the agency will be roping in United States-based cyber-security firm FireEye as its first partner to provide training in incident response and malware analysis.

The training courses are expected to begin later this year.

FireEye chief executive officer Kevin Mandia said: "FireEye has trained incident responders and malware analysts at some of the most prestigious government agencies and businesses around the world, and we are proud to build the capabilities of Singapore's cyber-security professionals who serve on the front lines and help protect Singapore and its critical information infrastructure from attackers." 

Cyber Security Agency chief executive David Koh said that the CSA Academy was mooted to "plug gaps" in the skills of cyber-security professionals who manage IT industrial control systems, such as those that control the distribution and production of energy and water. 

"Cyber attacks have become increasingly sophisticated; some of them can be highly complex and targeted," Mr Koh noted. 

The announcement follows a ransomware attack that hit several of the 11 critical sectors here and a state-sponsored attack on an unnamed government agency last year.

The Cyber Security Agency highlighted the attacks in its 26-page Singapore Cyber Landscape report, released last week, but did not elaborate on them.

Ransomware is malware that infects unprotected computers and locks them down with a note demanding ransom.

 
 

Touching on the need to build trust in the digital world, Mr Teo noted: "Cyber criminals are devising ever more innovative ways to attack and disrupt our increasingly interconnected world. For instance, the WannaCry and Petya ransomware did not just attack individuals, they attacked critical systems, shutting down hospital emergency services in the United Kingdom."

The global spread of malware WannaCry occurred in May and that of NotPetya took place in June, but Singapore escaped largely unscathed.

"Cryptocurrencies worth millions of dollars were also stolen in cyber attacks in July," said Mr Teo.

Singapore will be tabling a Cyber Security Bill in Parliament next year.

Among other things, the Bill requires private and public organisations to report breaches that involve critical infrastructure to the Cyber Security Agency. It also empowers the agency's chief, as commissioner of cyber security, to investigate threats and incidents to ensure essential services are not disrupted in a cyber attack.

"This Bill will enable us to take pre-emptive action to protect against cyberthreats, and improve our capability to respond to incidents," said Mr Teo.