SINGAPORE - With cyber security being a "wicked" problem that cannot be solved for good, Singapore decided to shift its position from preventing threats to assuming information technology systems have already been breached.
Minister for Communications and Information Josephine Teo told world leaders at a meeting in Estonia on Tuesday (Sept 7) that this stance means there is a need for constant vigilance and monitoring.
She is on a week-long work visit to the country's capital, Tallinn, that ends on Friday. Her trip saw Singapore agreeing to team up with Estonia to work on digital areas such as cyber security and help companies to go digital.
Mrs Teo told reporters on Wednesday over Zoom that the Republic began thinking about shifting its cyber-security posture following the 2018 SingHealth data breach. The incident was the country's worst data breach case and involved 1.5 million SingHealth patients' data.
A committee of inquiry later recommended that organisations adopt an "assume breach" mindset.
"We could no longer just depend on preventive measures," said Mrs Teo on Wednesday. "We were also looking at international developments to adopt a 'zero-trust' approach."
A zero-trust policy refers to one in which no activity in a system is trusted without verifying it first, since files that seem legitimate at first glance could end up becoming malware. The policy also entails monitoring for activities that deviate from the norm.
Mrs Teo said organisations have to strengthen their ability to recover from an incident and identify inadequacies.
During the Tallinn Digital Summit, an annual meeting for leaders in digital developments, some country leaders said cyber threats are transnational and can seriously threaten critical infrastructure and affect government services.
Mrs Teo said at the meeting that it is crucial for governments to have measures in place to respond to the threats. Clear and timely communication to maintain public trust is essential, she added.
On Monday, she signed a memorandum of understanding (MOU) with Estonia's Minister of Entrepreneurship and Information Technology Andres Sutt.
Estonia broke away from the Soviet Union and regained independence in 1991. It jumped into digital transformation after that. Now, 99 per cent of its government services are online and 99 per cent of its residents have electronic identities.
In Singapore, the equivalent for the latter is Singpass and about 70 per cent of the population are on it.
Under Monday's agreement, the two countries will share expertise in cyber-security policies and protection of critical information infrastructure. In Singapore, sectors with such technology infrastructure include energy and land transport.
Singapore and Estonia will also participate in operations related to cyber threats.
They will support the digitalisation of their small and medium-sized enterprises, as well as mid-capitalisation companies.
Other key areas of cooperation covered by the MOU include greater market access for companies from both nations, and facilitating more collaboration between start-ups.
Mrs Teo said Estonia is interested in Asia and sees Singapore as a gateway for its businesses.
She added that global cooperation on digital developments, such as those covered during the Estonia meeting, are significant.
For instance, Singapore discusses with other countries the requirements for future technology, such as 6G mobile networks, so it can plan for its own infrastructure needs.
Other discussions include how regulations on activities, such as data transfers between countries, can be aligned.
Singapore, like other smaller states, also wants its voice heard regarding international "rules of the road" in cyberspace, according to Mrs Teo.
The Republic was appointed earlier this year as chair of the United Nations Open-Ended Working Group on security of, and in the use of, information and communications technologies. The appointment is for five years until 2026.