It is a given that our technology landscape will be different tomorrow. And while there is no one foolproof way to future-proof our ports, I am quietly confident that as long as the industry continues to embrace the same cybersecurity principles, the future will be bright.
Driverless vehicles transporting cargo containers, automated loading and unloading operations, and drones making inspections and deliveries is not a port scene out of a science fiction film, it is how our ports tomorrow would look like. But such a wide scale adoption of the Internet of Things (IoT) brings security loopholes – both physical and technological. How then can we secure our ports for the future?
RECOGNISE LURKING THREATS
As the transformation blueprint of PSA, Container Port 4.0™ (CP4.0™)2 unfolds, IoT is expected to play a prominent role alongside other emerging technologies like blockchain and machine learning. In addition, its promise of being self-configurable, adjustable, self-optimising-and-healing, suggests increasing emphasis and reliance on IoT in the future.
ADOPT A SECURITY-BY-DESIGN APPROACH
These challenges evidence the importance of adopting a Security-byDesign (SbD) approach. For instance, through conducting vulnerability assessments and penetration tests, risky security backdoors can be uncovered and defences can be put in place to mitigate exposure and security risks. This was the methodology PSA adopted when trialling a vendor’s automated guided vehicles (AGVs), which led to the discovery of undeclared security backdoors serious enough to warrant vulnerability disclosures to the United States Computer Emergency Readiness Team (US-CERT).
For SbD to be effective at the corporate level, it has to be supported by three key underlying principles. First, it must be aligned to the risk deemed acceptable by the organisation. A profit-driven company should not only integrate cybersecurity into its strategy to get ahead, but also make an effort to fully appreciate its role as a business enabler. Second, the principle of least privilege should be observed by conferring user privileges based on necessity. This ensures minimum network exposure.
As Singapore continues our drive towards becoming a Smart Nation, digitalisation is expected to permeate every aspect of our business environment and everyday life. In tandem, we need to have a vibrant cybersecurity ecosystem that is made up of professionals with requisite skills to protect our cyberspace.
ESTABLISHING A SKILLS FRAMEWORK FOR CYBERSECURITY
In 2017, CSA, together with SkillsFuture Singapore (SSG), Workforce Singapore (WSG) and the Infocomm Media Development Authority (IMDA), launched the Skills Framework for Infocomm Technology (ICT) to help individuals, employers and training providers promote ICT mastery and lifelong learning. The cybersecurity track of the Skills Framework was co-developed by CSA with IMDA. The cybersecurity track was developed with reference to internationally-recognised standards and represents Singapore’s perspective of the skill sets required for the profession. The Framework will be reviewed and updated periodically to ensure its continued relevance to the evolving industry trends.
ATTRACTING TALENTS INTO THE CYBERSECURITY INDUSTRY
To provide opportunities for fresh and mid- career professionals in adjacent disciplines, such as ICT or STEM (Science, Technology, Engineering and Mathematics), to take on cybersecurity job roles, CSA partnered IMDA to launch the Cyber Security Associates and Technologists (CSAT) programme in 2016. By collaborating with companies which are CSAT Training Partners, the programme trains and upskills professionals for cybersecurity job roles. Trainees will have the opportunity to undergo structured on-the-job training programmes identi ed by CSAT Training Partners. There are currently nine companies on board the CSAT programme.
RAISING PROFESSIONAL STANDARDS
Continuous skills deepening and raising industry standards to align with internationally-recognised benchmarks are key to enhancing the quality of the cybersecurity ecosystem. This is why CSA actively seeks internationally-recognised certi cations as benchmarks for critical cybersecurity competencies.