Chief Executive, Cyber Security Agency of Singapore (CSA)
Member, SCS Honorary Advisory Council
There are many opportunities to learn and grow in various specialisations – from incident response and digital forensics to threat analysis and governance.
It has been three years since CSA was formed. How has the local cybersecurity landscape changed since then?
The landscape has changed quite dramatically. In recent years, cybersecurity threats are getting more sophisticated and disruptive. We have seen how these attacks caused major disruptions, such as the Wannacry ransomware attack in 2017, and the attacks on power grids in Ukraine in 2016 and 2017 that resulted in power outages. Today, cybersecurity has become a topic of concern because many are seeing the massive disruptions that cyber-attacks can cause.
How has this shaped CSA’s work?
A key focus for CSA is to build up cybersecurity defences for our essential services.
One of the ways to do so is by strengthening our cybersecurity governance and legislative framework. We introduced Singapore’s Cybersecurity Act which is an important piece of legislation to empower us to work with Critical Information Infrastructure (CII) owners to put in place pre-emptive measures and to respond expediently to cybersecurity incidents. The Act was passed in February 2018.
In Singapore’s push towards digitalisation and becoming a Smart Nation, what role does cybersecurity play?
As Singapore pursues our Smart Nation aspiration, our use of and reliance on technology will only increase. These will inadvertently expand our attack surface, exposing ourselves to greater cyber risks.
We cannot be a trusted Smart Nation if our systems are open and vulnerable. Hence cybersecurity is a key enabler.
We must consider cybersecurity in our usage as well as in the development of new technologies. CSA actively advocates the practice of security-by-design, which refers to the incorporation of cybersecurity considerations upfront in the design of products or services. We are currently exploring a light-touch evaluation and certification scheme to provide a baseline security hygiene benchmark for such devices.