Movers & Shakers
Gain Insights from the industry's Best and Brightest
Ever wonder how the leaders of the Infocomm industry got where they are today? Watch this space and hear from the luminaries themselves what inspired them to join the Infocomm industry and what inspired them to join the Infocomm industry and what continues to drive them to excel.
Chief Executive, Cyber Security Agency of Singapore (CSA)
Member, SCS Honorary Advisory Council
There are many opportunities to learn and grow in various specialisations – from incident response and digital forensics to threat analysis and governance.
It has been three years since CSA was formed. How has the local cybersecurity landscape changed since then?
The landscape has changed quite dramatically. In recent years, cybersecurity threats are getting more sophisticated and disruptive. We have seen how these attacks caused major disruptions, such as the Wannacry ransomware attack in 2017, and the attacks on power grids in Ukraine in 2016 and 2017 that resulted in power outages. Today, cybersecurity has become a topic of concern because many are seeing the massive disruptions that cyber-attacks can cause.
How has this shaped CSA’s work?
A key focus for CSA is to build up cybersecurity defences for our essential services.
One of the ways to do so is by strengthening our cybersecurity governance and legislative framework. We introduced Singapore’s Cybersecurity Act which is an important piece of legislation to empower us to work with Critical Information Infrastructure (CII) owners to put in place pre-emptive measures and to respond expediently to cybersecurity incidents. The Act was passed in February 2018.
In Singapore’s push towards digitalisation and becoming a Smart Nation, what role does cybersecurity play?
IAs Singapore pursues our Smart Nation aspiration, our use of and reliance on technology will only increase. These will inadvertently expand our attack surface, exposing ourselves to greater cyber risks.
Assistant Manager, Cyber Security
Management, Infocomm Media
Development Authority (IMDA)
Recent cybersecurity incidents such as WannaCry ransomware and the cyber-attacks on four Singapore universities in April underscore the importance of a forward looking and strong cybersecurity community in our increasingly digitally connected world.
What are your views about cybersecurity gaining interest among the media and the public recently?
Cybersecurity is not something new. But much has changed in the past 10 years – not so much the specialisation, but the way people perceive it. For example, while we continue to hold strong to the mantra (1) protect, (2) detect, (3) response and (4) recover; governments, organisations and even the man on the streets have come to recognise cybersecurity as a backbone to empower progress today. Particularly, it is encouraging to see greater awareness in cybersecurity among everyday users.
How have these perceptions impacted the growth of the industry?
We see a growing number of aspiring cybersecurity professionals. But, because they join the industry thinking that they will be fighting hackers every day, they are likely to drop out once the initial excitement wears off and realisation sets in that the job can be rather process driven.
Then how did you become so passionate about cybersecurity?
For me, my love for cybersecurity can be traced back to my polytechnic days. I enjoyed many modules in my course and was hungry to learn more. This led me to engage with special interest groups, which provided interaction opportunities with industry professionals. I also gained first-hand experience during my polytechnic and university internships. These exposures cemented my understanding of the industry and seeded my passion to specialise in the field.
Stay Ahead at the Cutting Edge
Wondering what is the next wave of changes or breakthroughs in the ever-dynamic Infocomm industry. Get the first-hand insights and knowledge from leading companies and thought leaders and stay ahead!
It is a given that our technology landscape will be different tomorrow. And while there is no one foolproof way to future-proof our ports, I am quietly confident that as long as the industry continues to embrace the same cybersecurity principles, the future will be bright.
Driverless vehicles transporting cargo containers, automated loading and unloading operations, and drones making inspections and deliveries is not a port scene out of a science fiction film, it is how our ports tomorrow would look like. But such a wide scale adoption of the Internet of Things (IoT) brings security loopholes – both physical and technological. How then can we secure our ports for the future?
RECOGNISE LURKING THREATS
As the transformation blueprint of PSA, Container Port 4.0™ (CP4.0™)2 unfolds, IoT is expected to play a prominent role alongside other emerging technologies like blockchain and machine learning. In addition, its promise of being self-configurable, adjustable, self-optimising-and-healing, suggests increasing emphasis and reliance on IoT in the future.
ADOPT A SECURITY-BY-DESIGN APPROACH
These challenges evidence the importance of adopting a Security-byDesign (SbD) approach. For instance, through conducting vulnerability assessments and penetration tests, risky security backdoors can be uncovered and defences can be put in place to mitigate exposure and security risks. This was the methodology PSA adopted when trialling a vendor’s automated guided vehicles (AGVs), which led to the discovery of undeclared security backdoors serious enough to warrant vulnerability disclosures to the United States Computer Emergency Readiness Team (US-CERT).
For SbD to be effective at the corporate level, it has to be supported by three key underlying principles. First, it must be aligned to the risk deemed acceptable by the organisation. A profit-driven company should not only integrate cybersecurity into its strategy to get ahead, but also make an effort to fully appreciate its role as a business enabler. Second, the principle of least privilege should be observed by conferring user privileges based on necessity. This ensures minimum network exposure.
As Singapore continues our drive towards becoming a Smart Nation, digitalisation is expected to permeate every aspect of our business environment and everyday life. In tandem, we need to have a vibrant cybersecurity ecosystem that is made up of professionals with requisite skills to protect our cyberspace.
ESTABLISHING A SKILLS FRAMEWORK FOR CYBERSECURITY
In 2017, CSA, together with SkillsFuture Singapore (SSG), Workforce Singapore (WSG) and the Infocomm Media Development Authority (IMDA), launched the Skills Framework for Infocomm Technology (ICT) to help individuals, employers and training providers promote ICT mastery and lifelong learning. The cybersecurity track of the Skills Framework was co-developed by CSA with IMDA. The cybersecurity track was developed with reference to internationally-recognised standards and represents Singapore’s perspective of the skill sets required for the profession. The Framework will be reviewed and updated periodically to ensure its continued relevance to the evolving industry trends.
ATTRACTING TALENTS INTO THE CYBERSECURITY INDUSTRY
To provide opportunities for fresh and mid- career professionals in adjacent disciplines, such as ICT or STEM (Science, Technology, Engineering and Mathematics), to take on cybersecurity job roles, CSA partnered IMDA to launch the Cyber Security Associates and Technologists (CSAT) programme in 2016. By collaborating with companies which are CSAT Training Partners, the programme trains and upskills professionals for cybersecurity job roles. Trainees will have the opportunity to undergo structured on-the-job training programmes identi ed by CSAT Training Partners. There are currently nine companies on board the CSAT programme.
RAISING PROFESSIONAL STANDARDS
Continuous skills deepening and raising industry standards to align with internationally-recognised benchmarks are key to enhancing the quality of the cybersecurity ecosystem. This is why CSA actively seeks internationally-recognised certi cations as benchmarks for critical cybersecurity competencies.
Technology Revolution, Empowerment 'N' Development Series
Engage your contemporaries on the newest developments! Listen to industry stalwarts and leading technical experts and get first-hand insights and knowledge of the next trending scene in the ever-dynamic Infocomm industry.
How to Survive (and Do Well) in the CISO Hot Seat
Since the time the Chief Information Security Officer (CISO) role emerged in the late 1990s, the job has become vastly more demanding and complex than ever before.
Expectations for the modern CISO today have long gone beyond traditional aspects of IT governance, and risk and compliance. Oftentimes, CISO are also required to interpret the Board’s business goals and translate them to practicable risk-balanced implementations that empower achievement of strategic and operational excellence outside the purview of IT domains. Question is, against the backdrop of this demanding landscape, how can CISOs stay relevant?
GET THE PRIORITIES RIGHT
To do well in the competitive, resource- tight business environment, the CISO’s ability to balance corporate risks based on specific business needs and prioritising IT security needs is key in ensuring that IT security budgets are targeted, relevant and sustainable.
ADD VALUE TO THE BUSINESS
CISOs often play a pivotal role in bridging the gap between traditional IT departments and the rest of the business. It is therefore important that CISOs have a good understanding of how they can value-add to the business at large while enabling innovation and advancing operational efficiency.
BE THERE FOR YOUR PEOPLE
There is no doubt about it – the cybersecurity landscape will be different one year from now (if not sooner), and every other year as well. Thus, rather than drafting policies behind closed office doors, it is more critical for CISOs to be proactive in leading their staff through changes, and “walking the talk” alongside them to solve challenges.
Survey & Resources
A Plethora of Resources
Access insightful surveys and analytical reports to better understand the local ICT landscape.
Driving the brightest ideas in town
Looking for a marketplace spotlighting the best student IT projects and potential networks to link up with investors? Here could be the next virtual Silicon Valley transforming breakthrough ideas into useful products or services.
Time to get your innovation engine started!
Splash Awards Winners Rise Up to the Drone Challenge
The SCS Splash Awards 2017 is back with its 14th edition. This year, in conjunction with the celebration of the SCS 50th Anniversary finale event, the competition was aptly themed “Drone Challenge”.
All in the spirit of creativity, leveling up tech savviness and honing problem-solving skills, this agship event – one of the longest running student infocomm competitions in Singapore – attracted close to 300 student participants from local and international Institutes of Higher Learning, Institutes of Technical Education, Junior Colleges and Secondary Schools.
In this instalment, the competition provided an opportunity for students to dabble in new technology using codable drones.
IT Professionals at Work and Play
Missed an event? View the highlights of the events here and be sure to join us at the next upcoming event!
Strengthening Resilience with Business Continuity Management
“Leveraging BCM for Preparedness and Industry Transformation”
Cyber threats, data breaches, unplanned outages and security incidents threaten business continuity. To ensure effective mitigation and quick recovery, there is great demand for T-shaped infocomm talent well-versed in the principles of Business Continuity Management (BCM).
Aptly, the 10th annual conference of SCS Business Continuity (BC) Chapter on 10 April 2018 was themed: “Leveraging BCM for Preparedness and Industry Transformation”. The topic reinforced the importance of levelling up the industry’s state of preparedness and boosting corporate resilience in support of industry transformation. Besides featuring eminent speakers from both public and private sectors, the conference also saw the active engagement of over 130 BC practitioners, cloud professionals, risk managers and C-suite executives.