SINGAPORE — From limiting access to the Internet among Government agencies to personal devices and specific work terminals, to enhancing cybersecurity requirements of firms offering essential services, the Republic’s new Cyber Security Strategy will see the strengthening of security capabilities in all aspects.

This will be driven by the newly set up Cyber Security Agency (CSA) and new laws to be tabled in Parliament by the middle of next year, under the national strategy set out by Prime Minister Lee Hsien Loong at the opening ceremony of the three-day Singapore International Cyber Week on Monday (Oct 10).

More will also be done to train manpower in the area of cybersecurity, as well as working with other governments to block attacks, such as by strengthening partnerships with Asean (Association of South-east Asian Nations) countries.

“While ICT (infocomm technology) brings many new opportunities, it also opens up new vulnerabilities,” Mr Lee said. “Globally, cyber threats and attacks are becoming more frequent and sophisticated, with more severe consequences.”

Government systems have occasionally been compromised, and the financial sector has also suffered attacks leading to data leaks, he noted. Individuals are also not spared from attacks, with fake websites hosted overseas masquerading as Singapore Government agencies, such as the police and the Ministry of Manpower, to phish for, or illegally request, personal data or to cheat victims of money.

Protecting critical infrastructure and government systems is one of the four key pillars of the strategy — more of the national ICT budget will be dedicated to strengthening them, especially those that handle sensitive data. This will come up to 8 per cent of the budget, according to the CSA. 

On the move to have all staff of public agencies separating Internet surfing from their work computers — which prompted an outcry when first reported in June  — Mr Lee said ministers, senior civil servants and half of all public agencies have started on this separation process. The rest are on track to follow suit in the middle of next year.

The second pillar involves working with businesses and individuals. The agency will have powers to give direction to private sector operators and over essential services such as financial payments systems. 

Under the Cybersecurity Act to be enacted, owners and operators in 11 critical infrastructure sectors will have to take responsibility for securing their systems and networks. This will include requiring them to report any cyberattacks, complying with standards, and conducting risk assessments. 

These sectors include utilities, transport and services such as banking. A public consultation exercise will be held before the Act is tabled in Parliament.

At the same time, the CSA will help businesses by issuing regular advisories to businesses on imminent and emerging attacks, and provide technical guides to help companies strengthen their networks.

Thirdly, with cyberattacks crossing borders, Singapore will work with other countries to share intelligence, block attacks and shut down black networks, said Mr Lee.

“With closer Asean integration, we have become much more inter-connected than before, and cybersecurity cooperation will help us protect our supranational information infrastructures,” he said. 

“Asean members should work more closely to promote consensus on cyber norms, to strengthen operational linkages and to build cyber capacity.” An Asean Ministerial Conference on cybersecurity will be held on Tuesday.

Finally, with the ongoing shortage of cybersecurity talent, and demand expected to grow, the Government is working with the industry to train more manpower in this area, said Mr Lee.

This includes the Cyber Security Associates and Technologists (CSAT) Programme under the SkillsFuture initiative, for both fresh and mid-career professionals through on-the-job training programmes.

Singapore aspires to be a Smart Nation, but it must be a “safe cyber nation” to be one, said Mr Lee. 

“The potential of ICT and digital technologies depends on how much we can trust the Internet and cyberspace. We’ve got to get cybersecurity right, to capture the benefits of a more connected world,” he said.