Académique Documents
Professionnel Documents
Culture Documents
FOREWORD
ISBN: 978-981110812-9
INTRODUCTION 6
1 A RESILIENT INFRASTRUCTURE 8
2 A SAFER CYBERSPACE 22
Combat Cybercrime 26
Innovate to Accelerate 40
Forge International and ASEAN Cooperation to Counter Cyber Threats and Cybercrime 44
To secure our digitally-enabled economy and society, Cyber technology can enable and empower business Cybersecurity is both an imperative and an Cybersecurity is a global issue. Cyber threats do not
the Government will work with key stakeholders – and society, but only if it is safe and trustworthy. opportunity. With advanced infrastructure and respect sovereign boundaries; indeed, jurisdictional
private sector operators and the cybersecurity community A safer cyberspace is the collective responsibility of the a highly-skilled IT workforce, Singapore is well- gaps are exploited to the cyber-attacker’s advantage.
– to strengthen the resilience of our CIIs. Government, businesses, individuals and the community. positioned to build a vibrant cybersecurity ecosystem. Cyber-attacks disrupting one country can have
serious spill-over effects on other countries as our
First, we will enhance our CII Protection Programme to First, to effectively deal with the threat of cybercrime, First, the Government will collaborate with industry inter-dependencies have increased through trade
establish robust and systematic cyber risk management the Government will implement the recently launched partners and Institutes of Higher Learning (IHLs) and global financial markets.
processes across all critical sectors. Second, we will National Cybercrime Action Plan. Second, we will to grow the cybersecurity workforce, including
improve our sectors’ response and recovery plans to enhance Singapore’s standing as a trusted hub by encouraging existing cybersecurity professionals to Singapore is committed to strong international
breaches. We will mount multi-sector cybersecurity fostering a trusted data ecosystem. We will work deepen their skills. Second, we will develop strong collaboration in cybersecurity for our collective global
exercises to test cooperation across multiple sectors and with global institutions, other governments, industry companies and nurture local start-ups to ensure that security. Singapore will actively cooperate with the
address inter-dependencies during major cyber-attacks. partners and Internet Service Providers to quickly best-in-class solutions are available locally. There international community, particularly ASEAN, to
We will also expand and beef up national resources such identify and reduce malicious traffic on our Internet are also opportunities for cybersecurity companies address transnational cybersecurity and cybercrime
as the National Cyber Incident Response Team (NCIRT) infrastructure. Finally, communities and business to leverage Singapore’s traditional strengths in areas issues. We will champion cyber capacity building
and the National Cyber Security Centre (NCSC). Next, we associations can play their part by fostering their such as financial and infocomm services to develop initiatives, and facilitate exchanges on cyber norms and
will introduce the Cybersecurity Act to give the Cyber members’ understanding of cybersecurity issues exportable solutions. Third, we will foster closer legislation. Through international consensus, agreement,
Security Agency of Singapore (CSA) greater powers to and promoting the adoption of good practices. partnerships between academia and industry so as and cooperation, we can make cyberspace a safer and
secure our CIIs. Finally, as threats to government networks to harness cybersecurity R&D in a more targeted more secure place for all.
will continue to grow, we will expand efforts to secure manner to deliver effective solutions. With skilled
government systems and networks, so as to protect professionals, technologically-advanced companies
citizens’ and official data. and strong research collaborations, Singapore can be
at the global forefront of cybersecurity innovation and
create economic opportunities for Singaporeans and
the industry.
4 INTRO INTRO 5
OUR CYBERSECURITY
INTRODUCTION JOURNEY SO FAR
“Cybersecurity is important for Singapore given our high dependence
on information technology and the Internet, and cybercrime is also
growing. Cyber-attacks can take many forms and come from many
2005 Infocomm Security Masterplan (ISMP) 2015 Cyber Security Agency of Singapore
sources. They range from defacements of website and data theft, (2005-2007) (CSA)
often by persons who hide behind the anonymity of cyberspace [and] The Info-communications Development CSA was established under the Prime Minister’s
can also include systemic threats” Authority (IDA) launched Singapore’s first Office (PMO) and is managed administratively
Infocomm Security Masterplan to coordinate by the Ministry of Communications and
cybersecurity efforts across the Government. Information (MCI). With its formation, all
Deputy Prime Minister Teo Chee Hean,
A key priority was building basic capabilities agencies and initiatives related to cybersecurity
Committee of Supply, 6 Mar 2013
within the public sector to mitigate and respond – the Singapore Computer Emergency Response
to cyber threats. Team (SingCERT), national cybersecurity
master-planning and development functions
Cyber-attacks are increasingly frequent, sophisticated In 2015, the Cyber Security Agency of Singapore 2008 Infocomm Security Masterplan from IDA, and SITSA – were brought under
and impactful. Globally, we have seen a surge in the (CSA) was formed as the central agency to oversee (2008-2012) a single agency.
number of cyber incidents, such as ransomware, cyber and coordinate all aspects of cybersecurity for the The second Masterplan focused especially on
theft, banking fraud, cyber espionage and disruptions to nation. CSA is empowered to develop and enforce the security of Singapore’s CIIs, with a vision of CSA is dedicated to the development of
Internet services. Attacks on systems that run utility plants, cybersecurity regulations, policies, and practices. making Singapore a ‘Secure and Trusted Hub’. cybersecurity, protection of CIIs and essential
transportation networks, hospitals and other essential services, and coordination of national efforts
services are more frequent. Successful attacks result in While much has been achieved so far, the threats have 2009 Singapore Infocomm Technology against large-scale cyber incidents. CSA
disruptions which could cripple economies, and lead to also become more sophisticated. We are even more Security Authority (SITSA) is also empowered to develop and enforce
loss of life. dependent on digital technology, especially as we SITSA was established under the Ministry of cybersecurity regulations, policies, and practices.
develop a Smart Nation of digitally-enabled businesses Home Affairs (MHA) to safeguard Singapore It will coordinate efforts across government,
The advent of the Internet of Things will further and lives. Cybersecurity, beyond a necessity to defend against cyber-attacks and cyber-espionage. industry, academia, businesses and the people
increase the attack surface. Left unchecked, malicious and protect, is also an enabler for our future economy SITSA’s responsibilities as a national specialist sector, as well as internationally.
entities can find more ways to launch attacks, steal data and society. authority included overseeing the preparation
and make cyberspace dangerous for all. The result is a and securing of CIIs against cyber threats. 2015 Cybercrime Command
cyberspace that is hostile, and where basic interactions This Strategy is a statement of Singapore’s vision The Ministry of Home Affairs (MHA)
and transactions cannot be trusted. and priorities for cybersecurity. It aims to catalyse 2013 National Cyber Security Masterplan established the Cybercrime Command as
participation by all stakeholders - government (NCSM2018) a unit within the Criminal Investigation
Singapore has consistently taken cyber threats seriously agencies, the cyber industry, professionals and The third Masterplan expanded to cover the Department (CID) of the Singapore Police
and developed timely responses. Our cybersecurity students, academia and researchers, and providers wider infocomm ecosystem, which includes Force (SPF). The Command works closely with
journey started a decade ago with the first Infocomm of essential services. Together, we will ensure the businesses and individuals, in addition to other law enforcement agencies and industry
Security Masterplan in 2005. The Masterplan was a resilience of our national infrastructure and a safer the previous focus on CIIs. It sought to make stakeholders, including the INTERPOL Global
coordinated effort to secure Singapore’s digital environment cyberspace, supported by a vibrant ecosystem that Singapore a ‘Trusted and Robust Infocomm Hub’. Complex for Innovation (IGCI) located in
and strengthen public sector cybersecurity capabilities. provides good jobs and economic opportunities for Singapore, to investigate cybercrimes.
Since then, Singapore’s cybersecurity capabilities have Singaporeans. It also signals Singapore’s willingness 2013 National Cybersecurity R&D (NCR)
grown. With the formation of the Singapore Infocomm to forge strong partnerships with the international Programme 2016 National Cybercrime Action
Technology Security Authority (SITSA) in 2009, we community to combat the transnational nature of The National Cybersecurity R&D Programme Plan (NCAP)
developed the capability to coordinate national-level cyber threats. was established in October 2013 to develop The NCAP was launched by the Ministry
responses against large-scale cyber-attacks, particularly R&D expertise and capabilities in cybersecurity of Home Affairs (MHA) in July 2016. The
against our critical information infrastructures. for Singapore. It aims to improve the plan spells out the priorities needed in the
trustworthiness of cyber infrastructure, with fight against cybercrime. These include
emphasis on security, reliability, resilience and a) the need for public education on staying
usability. It is now co-managed by the National safe in cyberspace; b) the development of
Research Foundation and the Cyber Security capabilities to fight cybercrime; c) strengthening
Our Singapore is transforming to become
a Smart Nation, where Singaporeans
Smart Nation is a whole-of-nation
rallying call for citizens, companies,
Agency of Singapore. cybercrime laws; and d) building local and
international partnerships.
Smart are empowered by technology to lead
meaningful and fulfilling lives, where
and government agencies to work hand-
in-hand to seize the many possibilities
2014 National Cyber Security Centre (NCSC)
The NCSC was formed as part of SITSA, to
Nation digital connectivity leads to stronger
community bonds, and where the
of digital technology. We are putting in
place the necessary infrastructure and
maintain cyber situational awareness, correlate
cybersecurity events across sectors, and
Journey power of networks, data and
infocomm technologies is harnessed
policies to build capabilities, and to create
a conducive ecosystem where people and
coordinate with the respective lead agencies to
provide a national-level response to large-scale,
to create economic opportunities. companies co-create innovative solutions
cross-sector cyber incidents.
to enhance the lives of our citizens.
6 INTRO INTRO 7
CHAPTER 1
RESILIENT
INFRASTRUCTURE
The Government will work with key stakeholders - the CII operators
and the cybersecurity community - in four major areas.
We will:
Singapore has to ensure that its CIIs are not just resilient against
physical threats, but also against cyber threats. A cyber-resilient
infrastructure will provide peace of mind to Singaporeans.
A cyber-resilient infrastructure will reinforce confidence in Singapore
as a resilient and trusted global centre of trade and commerce.
SINGAPORE’S The reliable supply of essential services depends on the security of the
computer and network infrastructure in Singapore’s Critical Information
CRITICAL INFORMATION Infrastructure (CII) sectors. Today, we have identified 11 CII sectors,
which cut across utilities, transport, and services.
INFRASTRUCTURE SECTORS
Cyber-attacks on Singapore’s CIIs may have spill-over effects regionally
and globally. As an international financial, shipping and aviation hub,
Singapore also houses critical systems that transcend national borders,
such as global payment systems, port operations systems, and air-traffic
Sources: control systems. Successful attacks on these supra-national CIIs can have
Department of Statistics – "Singapore in Figures 2016" publication
www.changiairport.com – Air Traffic Statistics disproportionate effects on the trade and banking systems beyond
www.mpa.gov.sg – Port Statistics Singapore’s shores.
www.mas.gov.sg – MAS Electronic Payment System (MEPS+) Statistics
The Singapore Government is working with the operators of our CIIs
to ensure they remain resilient in the face of cyber-attacks.
Singapore is a major financial centre that processes massive amounts Power, water and telecommunications Singapore is an international logistics hub. The
of transactions every second. For example, our local inter-bank are the lifeline of modern cities. Singapore Port and Changi Airport are among the
payment systems handle millions of transactions totalling trillions In particular, the failure of power world’s busiest. The Port is a major transhipment hub
of dollars annually. Many of our public services – government and telecommunications services can that handles more than 130,000 vessels and 30 million
transactions, healthcare, emergency services – are increasingly reliant bring other services to a grinding halt. containers each year. The Airport sees more than
on complex underlying computer systems to serve millions of users The Energy Market Authority 340,000 flights, 55 million travellers, and 1.8 million
each year. The Government Technology Agency (GovTech), Ministry (EMA), Public Utilities Board (PUB) tons of cargo annually. Our public transport system
of Home Affairs (MHA), MOH Holdings (the holding company of and Info-communications Media handles 7.5 million passenger trips per day. The Land
Singapore’s public healthcare entities), Info-communications Media Development Authority (IMDA) will Transport Authority (LTA), Maritime and Port Authority
Development Authority (IMDA) and the Monetary Authority of work closely with the private operators (MPA) and Civil Aviation Authority of Singapore
Singapore (MAS) are committed to strengthening the cybersecurity delivering these services to raise (CAAS) have put in place governance frameworks and
of the systems delivering government and emergency services, their cybersecurity posture and ensure are building cybersecurity capability to ensure that our
healthcare, media, and banking and financial services. the reliability of these services. transport and logistics systems are robust.
10 CHAPTER 1 CHAPTER 1 11
PROTECT OUR Implement CII Protection Programme
ESSENTIAL SERVICES The Government will roll out a holistic CII Protection Programme
for government agencies and CII operators. It will build on the
Cybersecurity Readiness Maturity Assessment programme
implemented in 2012, which has enabled agencies and operators
identify areas for improvement.
The CII Protection Programme will, firstly, establish the foundation
to facilitate information exchange among CII operators through clear
policies and guidelines. Second, it will enable targeted and systematic
Operators increasingly rely on computer networks and the Internet improvements through clearer measurements of governance
to maintain essential services and to serve their businesses and maturity and networks’ cybersecurity hygiene. Third, it will require
consumers. For CII operators, the gain in efficiency and productivity operators to foster a culture of cyber-risks literacy across all levels in
is significant – but so are the increased vulnerabilities of essential organisations, proactively address cyber-risks and ensure that their
services to cyber disruption. practices are consistent with policies. With a deep understanding of
cyber risks, sectors take ownership and provide management focus to
implement effective CII protection plans that are tailored to the unique
To ensure the continuous delivery of essential services, CII operators
circumstances of each sector.
need both physical resilience and cyber resilience. Cyber resilience
is the ability of our CIIs to withstand cyber-attacks, allowing them The goal is for all critical sectors to establish robust and systematic
to continue operating under the toughest conditions and recover cyber risk management processes and capabilities that are effective
quickly after a disruption. We must raise the cyber resilience of our against the evolving cyber threats.
essential services, and we can achieve this only with the trust and
participation of all stakeholders – the Government, CII operators,
and the cybersecurity community.
Systematic Cyber Risk Management
Singapore will:
A systematic cyber risk management framework comprises:
Implement across all critical sectors, a CII Protection Programme thorough identification and prioritisation of cyber risks and CIIs through
1
with robust and systematic cyber risk management processes. risk assessments, vulnerability assessments and system reviews;
A key part of the CII Protection Programme is to grow a culture
well-informed and conscious trade-offs in security, cost and functionality,
of cyber risk awareness across all levels of a CII organisation. 2
decided at management levels of appropriate seniority;
From the CEO to the employee, cybersecurity must be seen
as a business concern and not just one for the IT department. sound systems and procedures to mitigate and manage these risks,
3
including disaster recovery and business continuity plans;
Pre-empt cyber vulnerabilities by going upstream and
effective implementation that encompasses awareness building and
promoting Security-by-Design practices. Cybersecurity 4
training across the organisation; and
will no longer be an afterthought, but will be consciously
implemented throughout the lifecycle of technology systems. continuous measurement of performance through process audits and
5
cybersecurity exercises.
The Government has been using the Readiness Maturity Index (RMI) framework
to assess the readiness of CII sectors in terms of their capabilities for risk-based
mitigation, early detection of threats, and robustness of the response measures.
The RMI is the metaphorical health check that directs the CII sectors’ effort to
manage cyber risks, and facilitates the development of action plans to improve
governance and procedures.
12 CHAPTER 1 CHAPTER 1 13
Promote Security-by-Design Why is Security-by-Design
important?
Security-by-Design is an approach in the system development
lifecycle process to ensure that our applications and systems are Security-by-design is a best practice
to ensure that system is developed
“The first priority
built, deployed, maintained, upgraded and disposed of securely. on our journey
with security consideration upfront and
Providing financial support through the Financial Sector Technology & Innovation
3
scheme for projects that uplift the cybersecurity ecosystem in Singapore.
14 CHAPTER 1 CHAPTER 1 15
RESPOND DECISIVELY
TO CYBER THREATS
An effective cyber defence must assume that The national response to a cyber-attack will Singapore will:
there can and will be successful cyber-attacks. be led by an inter-agency Cybersecurity Crisis
When such attacks materialise, the cyber Management Group, or CMG (Cyber). It is led Enhance its national cyber situational
defenders must be able to mount a robust response by the Permanent Secretary of the Ministry awareness by integrating threat discovery,
and implement reliable recovery plans. This can of Communications & Information, supported analysis and incident responses.
only be possible with a comprehensive framework by CSA, and comprises senior policy decision- Conduct regular multi-sector cybersecurity
for preparedness. makers from government agencies overseeing exercises with more complex scenarios Exercise Cyber Star
the different critical sectors. CMG (Cyber) and involving more and more sectors.
Singapore has developed a national cybersecurity serves dual functions: (a) it is responsible for Through these exercises, we aim to Over the past years, the Government has
response plan which allows for timely response the development of cybersecurity policies and identify vulnerabilities due to cross-sector conducted sector level exercises to exercise
individual critical sectors in their readiness
and ground initiative at the local level, standards, and oversees the implementation interdependencies and stress-test coordination and incidence response plans against a cyber-
complemented with effective coordination and of cybersecurity protection measures in the and communication across sectors. attack. This culminated in Exercise Cyber Star,
strategic support at the sectoral and national critical sectors; and (b) in a cyber crisis, it Build up more National Cyber Incident a multi-sector exercise conducted by CSA in
level. The plan envisages three tiers of response – mobilises the necessary resources and directs Response Teams (NCIRT) which can be March 2016. It brought together industry and
Tier 1 for cyber campaigns that threaten national the operational responses to provide mobilised to lend support to a sector or CII Government representatives across the infocomm,
Government, energy, and banking and finance
security, Tier 2 for cyber-attacks on a sector, and a coordinated response to the threat. operator should they face an escalating sectors to exercise the response to a nationwide
Tier 3 for cyber-attacks on a specific operator. cyber incident. attack. The exercise was a milestone in building
The plan requires CSA to work closely with CII Strengthen the Disaster Recovery Plans up cybersecurity readiness and validating the
operators and the cybersecurity community (DRP) and Business Continuity Plans (BCP) effectiveness of cross-sector cooperation.
to ensure an effective response. of essential services, especially against
a cyber-attack.
Integration of Threat Discovery, More Comprehensive Expand the National Cyber Incident Recover, Restore, Remediate
Analysis and Incident Response Cybersecurity Exercises Response Team (NCIRT)
The National Cyber Security Centre (NCSC) Cybersecurity exercises are important ways National Cyber Incident Response Teams Resilience in essential services is especially
monitors and analyses the cyber threat landscape to raise the readiness of sectors, build incident (NCIRT) are currently drawn from the incident applicable to CIIs, as a cyber-breach realistically
to maintain cyber situational awareness and response plans and capabilities, and improve response teams from CSA, Government cannot be prevented all the time. A resilient system
anticipate future threats. In the event of large-scale communication and coordination between the Technology Agency (GovTech), the Ministry of will need to put in place prevention activities that
cyber incidents involving multiple sectors, NCSC CII operators and government agencies. The Home Affairs (MHA) and the Ministry of Defence must be integrated with an expedient incident
coordinates with the sector regulators to provide Government will conduct these cybersecurity (MINDEF). They are part of the Tier 1 and Tier 2 response plan and a comprehensive recovery
a national level response and facilitate quick alerts exercises at both the sector and national levels. response under the national cyber response plan. strategy to mitigate the effects of cyber incidents.
to cross-sector threats. As such, an important aspect following a cyber-
Sector exercises will run with more complex The Government will further enhance the attack is to be able to return affected CIIs to normal
The Government is investing in technologies scenarios and more sophisticated attack methods. capability of the NCIRTs to deal with more operations as soon as possible, or to facilitate their
and systems that will strengthen and integrate This will enhance the capability of the sectoral complex and challenging attack scenarios. continued operations in sub-optimal conditions
the NCSC’s three key functions of threat discovery, cyber response teams and the quality of incident It will also build up more NCIRTs by upgrading through a prolonged attack. The Government will
threat analysis and incident response. This will management by the C-suite decision-makers in certain sectoral CIRTs and also consider raising work with the sectors to ensure that robust Disaster
enable faster threat discovery and operational the CII operators. additional NCIRTs from industry and academia. Recovery Plans (DRP) and Business Continuity
response for cross-sector cyber incidents. This will increase the national capacity to deal Plans (BCP) are built into their CII protection plans.
National-level exercises will encompass more with large scale cyber-attacks.
and more sectors, with an emphasis on the inter-
dependent nature of essential services. This will
facilitate the discovery and mitigation of the
sectors’ inter-dependencies, and stress-test the
coordination and communication capabilities at
the national level.
16 CHAPTER 1 CHAPTER 1 17
STRENGTHEN GOVERNANCE
AND
LEGISLATIVE FRAMEWORK
The Government will introduce a new Cybersecurity Act. This new legislation will equip
CSA with the necessary powers to effectively address increasingly sophisticated threats
to national cybersecurity.
The new Cybersecurity Act will establish a comprehensive framework for the prevention
and management of cyber incidents, and complement the existing Computer Misuse and
Cybersecurity Act (CMCA), which will continue to govern the investigation of cybercrime.
It will:
Require CII owners and operators to take responsibility for securing their systems
and networks. This includes complying with policies and standards, conducting
audits and risk assessments, and reporting cybersecurity incidents. CII owners and
operators will also be required to participate in cybersecurity exercises to ensure
their readiness in managing cyber incidents; and
Facilitate the sharing of cybersecurity information with and by CSA. Recognising that
cybersecurity breaches will happen despite our best efforts, the Act will empower
CSA and sector regulators to work closely with affected parties to expeditiously
resolve cybersecurity incidents and recover from disruptions.
“We will develop a standalone
CSA has been and will continue to work closely with sector regulators, CII stakeholders
Cybersecurity Act that and industry players in formulating detailed proposals for the new Act. A key principle is
provides for stronger and to adopt a risk-based approach to cybersecurity, and to build in sufficient flexibility to take
more proactive powers.” into account the unique circumstances and regulations in each sector.
Minister-in-charge of Cybersecurity,
Dr Yaacob Ibrahim, 2015
The need for stronger cybersecurity laws
18 CHAPTER 1 CHAPTER 1 19
SECURE
GOVERNMENT NETWORKS
Government systems are among the prime targets The Government’s plans as a CII sector
for cyber-attackers. Government systems contain lead incorporate many of the elements of
sensitive data, including those about their citizens; the larger national plan. They involve:
they may be linked to essential services supplied
by CII operators; they are used to support a gamut Reducing the attack surface presented by
of public services including the maintenance of Government systems and erecting multiple
national security and sustaining the economy. layers of security controls and network
segmentation according to vulnerability
Hence, the Government will spare no effort in and need;
safeguarding its systems and networks. The
Government has undertaken, in this current term, Expanding our capacity to detect, correlate
to work towards a goal of setting aside 8 per cent and analyse threats, using automation
of its ICT expenditure on cybersecurity. and other technologies; and
The Government sector is already identified Sharpening the skills of our incident
as one of the eleven CII sectors in the national responders and stress-testing our
cyber response plan. systems through more complex and
realistic attack scenarios.
Cybersecurity professionals on duty at Cyber-Watch Centre (CWC)
20 CHAPTER 1 CHAPTER 1 21
CHAPTER 2
CYBERSPACE
(NCAP). The National Cybercrime Action Plan (NCAP) was launched
in July 2016 to establish a coordinated national effort to deal with
cybercrime. First, we will educate and empower the public to stay
safe in cyberspace, as it is more effective to prevent a cybercrime
from happening in the first place. Second, we will enhance the
Government’s capacity and capability to combat cybercrime,
in view of cybercrime’s transnational nature, speed and scale. Next,
we will strengthen legislation and the criminal justice framework.
This will support the investigation of cybercrimes and prosecution
of cybercriminals. Finally, we will step up partnerships and
international engagement to manage the rapidly evolving nature
of cybercrime and tackle cross-border issues.
Enhance Singapore’s standing as a trusted hub.
We will build a trusted data ecosystem by fostering trust between
organisations and users for data usage. Next, we will develop Data
Protection Officers as a professional career track to support the
effective implementation of data protection measures. We will also
strengthen Singapore’s position as a data hub by facilitating cross-
border data flows and introducing Data Protection TrustMarks. Finally,
we will work with partners – global institutions, other governments,
industry partners and Internet Service Providers – to achieve a
cleaner internet by regularly measuring the health of the Internet,
identifying cyber threats quickly and reducing malicious traffic.
Promote collective responsibility for cybersecurity.
The actions of each business and individual can impact our
collective safety in cyberspace. Businesses and individuals need to
Digital connectivity has both empowered and endangered stay informed and take preventive measures to secure their computer
businesses and individuals. It opens new social and commercial systems and digital devices, particularly to prevent malicious actors
opportunities, yet also exposes citizens to criminal syndicates across from hijacking their systems and devices to cause harm to others.
the world. By commandeering computing devices, these malicious Communities and business associations can take the lead to make
actors can steal data, extort money, and attack networks, causing cybersecurity a priority, and tap on government cybersecurity
harm to others. Cyberspace needs to be kept safe and trustworthy expertise to improve their members’ understanding of cybersecurity
for businesses and individuals to benefit from it. issues and encourage adoption of good practices. With the right
knowledge, expertise and attitude, we can all reap the full benefits
Keeping cyberspace safe requires a spectrum of actions from the and possibilities of technology.
international to individual levels. Countries have to cooperate to
take down criminals operating across borders, while businesses
and individuals can take preventive measures to keep their systems
and devices safe. Cybersecurity is the collective responsibility of
everyone - the Government, businesses, individuals and the community.
CYBERCRIME: The growth of the Internet has created numerous business and social opportunities. However,
THE NEW CRIMINAL FRONTIER where there are opportunities, there are also risks. Locally and internationally, the Internet has been
exploited for cybercrimes like scams, hacks and thefts.
For businesses, malicious cyber activities may cause service disruptions and loss of data pertaining
to customers, employees, and commercial entities. These can result in substantial revenue losses,
erosion of customer goodwill, and loss of reputation. Inextricably, personal lives may also be affected.
For individuals, poor personal cybersecurity habits can open doors to cybercrime and malicious
Ransomware activities. Extortion, fraud, and adverse credit ratings are some of the detrimental consequences that
individuals and their families may face, when their computers and mobile devices are compromised
In May 2016, ransomware and personal data stolen.
encrypted University of
Calgary’s computer systems
on the eve of a conference.
The conference organisers
had to re-create processes
and conference data by hand
for the event to continue.
To prevent the malware from
spreading to the rest of the
systems, the University had
to shut down other IT services,
causing a week-long, campus- Distributed Denial of Service (DDoS) Smartphone hack
wide disruption that was more
far-reaching than the impact In January 2016, online banking In 2015, 50 Singapore users
of the malware. services for millions of HSBC UK had their smartphones infected
customers were taken offline by a by a malware that disguised
The malicious actors behind DDoS attack. The disruption happened itself as a banking application
this incident demanded the on an important day for personal to steal credit card details and
equivalent of Canadian $20,000 finances; it was the first pay-day of the other user credentials.
in Bitcoins to decrypt the data. year, and two days before the deadline
The University eventually for personal tax returns. Many HSBC Today’s smartphones are
gave in and paid the ransom customers took to social media to vent essentially computers that
to retrieve the research data. their anger. execute highly personal tasks
while being always connected
DDoS attacks work by overwhelming to the Internet, making them
websites with Internet traffic. Globally, attractive targets for cybercrime.
such attacks have become more
frequent against even small businesses.
Supply chain malware attack The motives are varied. Attacks can be
used to protest against a company, take
In 2013, more than 40 million credit down a competitor temporarily, or be
card numbers were stolen through part of extortion threats.
malware that was injected into the Online scams
US retailer Target’s Point-of-Sales
system. Although Target had Traditional crime is increasingly
multiple cybersecurity solutions in migrating to where Singaporeans
place, the malware slipped in through spend a good part of their
Malware enabled heist
one of Target’s vendors. Further time – online. The number of
investigations were hindered as e-commerce and online scam
In February 2016, US$81 million was
the stolen data was sent offshore. cases in Singapore doubled from
stolen from Bangladeshi Bank in a carefully
coordinated hack. After using stolen credentials 1,929 in 2014 to 3,759 in 2015,
Target incurred US$252 million resulting in a loss of S$16.7
to initiate fraudulent bank transfers, the
of breach-related expenses and million.
hackers used malware to hide the traces of
faced several lawsuits. Target’s CEO
the transactions, hindering remediation actions.
held himself personally accountable
and resigned.
24 CHAPTER 2 CHAPTER 2 25
COMBAT CYBERCRIME Enhancing the (i) Establishing the SPF cybercrime. To achieve this, a Cyber
B
Government’s capacity Cybercrime Command Security Lab (CSL) has been set up
and capability to in the CCSS as a modern hands-on
The SPF Cybercrime Command facility for familiarising trainees on
combat cybercrime
National Cybercrime Action Plan (NCAP) was established in December 2015
to increase the agility and
approaches to mitigate cyber threats
and investigate cyber incidents.
The transnational nature
effectiveness of the SPF to respond CCSS will expand its curriculum
of cybercrimes, coupled
The Internet has afforded criminal elements the and coordinated national effort to effectively to cybercrimes by integrating SPF’s to offer a variety of skills-based
with the speed and scale
opportunity to commit cybercrimes quickly, easily cyber-related investigation, forensics, courses, ranging from cybersecurity
deal with the cybercrime, the Ministry of Home at which such crimes are
intelligence and crime prevention fundamentals and cyber defence,
and on a large scale. Criminals have also exploited Affairs (MHA) launched the National Cybercrime perpetrated, presents
capabilities within a single command. to incident response, digital forensics
the anonymity provided by the Internet and the Action Plan (NCAP) in July 2016. formidable challenges
and malware analysis. These courses
transnational nature of cybercrime to escape for traditional law
(ii) Boosting cybercrime are tailored to the needs of officers,
detection and prosecution. These characteristics The NCAP sets out the Government’s key enforcement approaches.
investigation capabilities depending on their professional roles
of cybercrime pose significant challenges for law In order to effectively
principles and priorities in combating cybercrime. and competency requirements.
combat cybercrime,
enforcement agencies around the world. The Plan also details the Government’s ongoing SPF has also embarked on several
the Government will
efforts and future plans to tackle cybercrime. technology initiatives to improve (iv) Strengthening coordination
(i) establish the SPF
As the use of the Internet becomes more prevalent The vision of the NCAP is to ensure a safe and its cybercrime investigation between SPF and government
Cybercrime Command,
in Singapore, the number of cybercrime cases has secure online environment for Singapore. capabilities. These efforts will enable agencies
(ii) boost cybercrime
risen sharply. Recognising the need for a concerted SPF to effectively investigate the
investigation capabilities,
rising number of cybercrime cases SPF also works closely with
(iii) equip public officers
and quickly process large volumes its partner agencies to ensure
with the relevant skills
of digital information in order to a coordinated response to
to combat cybercrime, and
sieve out necessary evidence for cybercrimes. In recent years,
The NCAP has four priority areas: (iv) enhance coordination
between SPF and
a successful prosecution. AGC and SPF have worked closely
together on sensitive and high-
government agencies.
Educating and (i) Conducting outreach to the (ii) Engagement of vulnerable One such initiative is the DIGital profile cybercrime cases, coming
A
empowering the general public groups in society Evidence Search Tool (DIGEST) that together right from the start of the
public to stay safe will automate the forensic processing investigations. AGC’s expertise has
In order to educate and empower SPF has also tailored its of voluminous data. This will in turn helped SPF to ensure that crucial
in cyberspace
the public to stay safe in cyberspace, cybercrime prevention outreach lighten the workload of investigation evidence is secured at an early
the Singapore Police Force (SPF) programmes to match the profile officers and allow them to focus stage and that police investigations
Prevention is the best way
regularly shares cybercrime of different vulnerable groups their efforts on more specialised are watertight.
to combat cybercrime; the
prevention messages with the in society, thereby ensuring investigation functions. The tool
majority of cybercrimes can
public via various media platforms, that the message of cybercrime will also reduce the processing time Given the closely-related nature
be prevented if businesses
such as television, newspapers, prevention is effectively for digital evidence, ensuring that of cybersecurity and cybercrime,
and individuals are educated
social media, text messages and communicated to all segments of investigation officers can follow up SPF and CSA will work together
on the risks of cybercrime
posters at public transport nodes society. Through its Collaborative on leads expeditiously and solve to ensure an effective response
and adopt simple cybercrime
and lifts in public housing blocks. Social Programme (CoSP), SPF cases in a shorter time. to cyber-related incidents and
prevention measures to
At the local community level, SPF’s will work with schools and Non- conduct exercises to stress-test
protect themselves online.
Neighbourhood Police Centres Governmental Organisations (iii) Equipping public officers existing workflows, coordination
frequently engage the residents (NGOs) to raise cybercrime handling sensitive data with the arrangements and procedures.
through Community Safety & prevention awareness among relevant skills to combat cybercrime
Security Programmes and roadshows. vulnerable groups.
Through its Public Cyber-Outreach & In recognition of growing
Resilience Programme (PCORP), SPF (iii) Providing a one-stop self- cybersecurity and cybercrime threats,
uses behavioural insights to nudge help portal against scams the Centre for Cyber Security Studies
the general public to adopt good (CCSS) was established in 2014
cyber hygiene practices. SPF has worked with the National within the Home Team Academy
Crime Prevention Council (NCPC) (HTA). The CCSS facilitates the
to transform the Scam Alert capability and capacity development
website (www.scamalert.sg) into of Home Team Departments and
a one-stop self-help portal against key stakeholders responsible for
scams. The portal will provide the protection and operations of
information to the public on the infocomm systems across the public
different types of scams, and sector. One of CCSS’ core functions
empower the public to take steps is to equip Home Team officers with
to guard against them. the necessary skills to deal with
26 CHAPTER 2 CHAPTER 2 27
C Strengthening (i) Amending the Computer Misuse (iii) Strengthening regulatory
legislation and and Cybersecurity Act frameworks
the criminal justice
framework MHA intends to amend the Computer Aside from public education Prevention is key in countering
Misuse and Cybersecurity Act
(CMCA), to ensure that the Act
and outreach, a key method
of cybercrime prevention is
the threat of cybercrime
The investigation of
continues to be effective in dealing to increase the difficulty of
cybercrimes and prosecution The scale and complexity of and empowering the public to be
with the transnational nature of committing such offences by
of cybercriminals must be cybercrime will continue to grow, safe in cyberspace. Through the
cybercrimes, as well as the evolving plugging potential loopholes
supported by a robust criminal with its transnational nature posing various initiatives in the NCAP,
tactics of cybercriminals. in digital platforms and
justice framework. Laws need
processes. MHA will regularly legal and operational difficulties for the Government will build strong
to be updated to deal with new
(ii) Reviewing other laws review regulatory frameworks, law enforcement agencies. Prevention partnerships with industry, IHLs
cyber-offences and traditional
to ensure that cybercriminals are is therefore still the key strategy to and the public, and forge a sense
crimes committed online.
In addition to amending the CMCA, not able to exploit vulnerabilities counter the threat of cybercrime. of shared responsibility in the fight
Regulatory frameworks have to
MHA will review other related laws in technology. The NCAP will prioritise educating against cybercrime.
be constantly strengthened to
such as the Criminal Procedure
prevent criminals from taking
Code to ensure that these laws
advantage of loopholes.
remain relevant in dealing with
traditional crimes that are committed
in cyberspace.
D Stepping up (i) Increasing cybercrime awareness (ii) Developing capabilities International engagement (i) Fostering regional (ii) Building capacities and capabilities
partnerships and in the private sector to combat cybercrime and global cooperation through collaboration at the regional
international Strong international and global levels
MHA has partnered industry The Government has also partnerships enable Singapore is at the forefront of
engagement
and IHLs to increase awareness collaborated with the private countries to deal with working with foreign countries to Singapore has rolled out several
of cybercrimes in the private sector. sector to jointly develop cybercrime more effectively. enhance our operational cooperation programmes with partner countries and
Industry and
SPF regularly engages key private capabilities to respond to the Singapore will actively against cybercrime. At the regional INTERPOL. This includes the two-year
Academic Partnerships
sector stakeholders, such as those latest cyber threats. For instance, foster regional and global level, Singapore is the Association (2016 – 2018) ASEAN Cyber Capacity
from the Infocomm Technology SPF has partnered local research cooperation, partner of Southeast Asian Nations (ASEAN) Development Project funded by Japan
Deep expertise to deal with
and banking industries to enhance institutes to develop new INTERPOL and other Voluntary Lead Shepherd on and implemented by INTERPOL, the
cybercrimes need not just
cybercrime prevention efforts, raise cybercrime investigations and countries in capacity Cybercrime. This provides a platform Singapore-United States Third Country
reside with the Government
awareness of cybercrimes and forensics capabilities. MHA has building initiatives, and for the ASEAN Member States (AMS) Training Programme, and the ASEAN Plus
and can be found within the
encourage the adoption of good also worked with IHLs to create bring global experts and to coordinate the regional approach Three Cybercrime Workshop, involving
private sector and academia.
cyber hygiene practices. conducive environments for the thought leaders together to cybercrime, and work together the People’s Republic of China, Japan and
Given the rapidly evolving
development of cyber-related to discuss the latest threats, on capacity building, training and the Republic of Korea. The involvement of
nature of cybercrime, the
innovations. One example is trends and solutions in the the sharing of information. At the key Asian partners, AMS and INTERPOL
Government will work closely
MHA and Temasek Polytechnic’s cyber domain, and share international level, Singapore hosts facilitates a conducive environment for
with industry players and
joint establishment of the best practices and solutions. the INTERPOL Global Complex for collaboration on cybercrime issues and
Institute of Higher Learning
Temasek Advanced LEarning, Innovation (IGCI), INTERPOL’s global sharing of best practices, and forging
(IHLs) so that the necessary
Nurturing and Testing (TALENT) hub on cybercrime. Singapore has of effective operational links between
information and expertise
Lab, which serves as a platform led the IGCI Working Group and countries and across the regions.
to deal with the latest threat
for IHL students to design and INTERPOL Operational Expert Group
posed by cybercrime can
validate innovations, to see if on Cybercrime, working with other (iii) Bringing global experts
be shared seamlessly.
they are effective in dealing INTERPOL member countries to define and thought leaders together
with cyber-threats. INTERPOL’s cybercrime programme.
Singapore will leverage INTERPOL’s Since 2013, Singapore has been
resources to strengthen our global supporting thought leadership platforms
operational networks and build new that bring together public sector and
capabilities to tackle cybercrime. industry partners on cybercrime. One
such example is the RSA Conference
Asia Pacific and Japan (RSAC APJ). Held
annually in Singapore, the RSAC APJ
is Asia Pacific’s leading conference on
information security.
28 CHAPTER 2 CHAPTER 2 29
ENHANCE SINGAPORE'S
STANDING AS A TRUSTED HUB
30 CHAPTER 2 CHAPTER 2 31
PROMOTE COLLECTIVE
RESPONSIBILITY
"Having strong
The prevalence of ICT and the Internet has transformed the way security technology
we work, play, live, learn and connect with one another. Just as is not enough […]
we lock our doors and keep our keys safe in the physical world, training employees
we have a similar responsibility to stay safe in the cyber world.
Individuals now keep more of their friends’ and families’ personal
in cybersecurity
data than ever before on personal devices. The stakes are higher
is critical. "
for businesses as they are custodians of computerised data that
are vital to operations and impact customers’ lives. Cybersecurity
is a collective responsibility and a way of putting Total Defence Mr Teo Siong Seng,
Singapore Business Federation
into action to keep Singapore safe. Everyone, whether individuals
Chairman, 2015 National Security Conference 2015, In Conversation - How ready are Singapore Companies?
or businesses, has a role in creating a safer cyberspace.
¹ The Singapore Government introduced Total Defence in 1984 as a concept to involve every Singaporean
in playing a part, individually and collectively, to build a strong, secure and cohesive nation. It involves all
Singaporeans in the following five aspects: military defence, civil defence, economic defence, psychological
defence and social defence.
² Infocomm Development Authority (IDA) Infocomm Usage by Households and Individuals Survey 2014
³ Ministry of Education (MOE) Press Release on 7th Call for Proposals on Cyber Wellness Projects
32 CHAPTER 2 CHAPTER 2 33
CHAPTER 3
VIBRANT
CYBERSECURITY The Government will work with industry partners, professional
associations, IHLs and research institutes in three main areas.
We will:
ECOSYSTEM
Establish a professional workforce. We will encourage existing
cybersecurity professionals to develop their careers in the industry
by defining clearer career pathways, promoting internationally-
recognised certifications, and building strong communities of
practice. To grow the workforce, we will attract promising students
through scholarship and sponsorship programmes. We will also
support new entrants to the profession through industry-oriented
curriculum for students as well as up-skilling and re-skilling
opportunities for mid-career professionals.
Defined Career Trajectory determine the types of skills and bring cybersecurity discussions their awareness of what Internationally-recognised Strong Communities of Practice
competencies required for different into the boardroom. Larger cybersecurity professionals Certifications
The growth of a capable, adept and cybersecurity jobs, and to establish companies could also define do, and how they can contribute.
competent workforce is sustained relevant training programmes and apex cybersecurity positions Cybersecurity professionals should To build a common identity and
by attractive career prospects and clearer career pathways accordingly. at the C-suite level. The Government will take deepen their skills and keep abreast foster trust within the profession,
a respected professional status. the lead in introducing a of evolving technologies and best the Government will work with
The Government will work with Companies are also encouraged to To further improve the standing cybersecurity scheme of practices. One way to do so is to industry associations such as the
the industry to define a competency work with the Government to help of cybersecurity professionals, service for the public sector, adopt internationally-recognised Association of Information Security
framework for cybersecurity cybersecurity professionals develop the Cyber Security Agency of with competitive remuneration certifications in areas such as digital Professionals (AISP) to introduce
professionals and it will be complementary skills such as risk Singapore (CSA) will work with and progression prospects. forensics, malware analysis and and build strong Communities
incorporated into the upcoming management and communication. industry partners to reach out It will also train and develop incident response. CREST Singapore of Practice for cybersecurity
SkillsFuture Framework⁴ to be These will facilitate professionals in to more companies, especially cybersecurity specialists across (Council of Registered Ethical professionals in Singapore.
launched in 2017. This will allow translating cybersecurity issues into Small and Medium-sized the public sector. Security Testers), for example, offers
professionals and employers to enterprise risk considerations, and Enterprises (SMEs), to increase certification for practising penetration
testers in Singapore.
⁴ The Skills Framework is part of SkillsFuture, a national movement initiated by the Singapore Government
in 2015 to help Singaporeans in skills development and skills mastery for the future.
36 CHAPTER 3 CHAPTER 3 37
EXTEND SINGAPORE’S
CYBERSECURITY
ADVANTAGE
within ASEAN and its population of 625 million to support the growing demand Com
201
for cybersecurity products and services.
inject know-how and dynamism into the local cybersecurity community; Cybersecurity Services
Support start-ups to boost the development of niche and advanced solutions; (e.g. IT outsourcing, consulting)
Partner with local companies that possess strategic cybersecurity Cybersecurity Products
capabilities to develop advanced solutions for Singapore; and (e.g. Identity access management,
network security equipment)
Develop opportunities for made-in-Singapore solutions in the
global market and facilitate access to new market segments.
Source: PwC analysis, Gartner, PwC interviews, desk research.
Attract and Anchor Support Start-ups Grow Local Cybersecurity Champions Develop Market Opportunities
Advanced Capabilities
The Government will leverage Singapore’s Singapore’s cybersecurity ecosystem will The Government will grow local We will facilitate access to new market
economic hub status and attract world class benefit from more start-ups that diversify cybersecurity champions who can segments for our cybersecurity companies
cybersecurity companies to base advanced the industry and boost the development develop globally competitive capabilities and promote Made-In-Singapore solutions.
operations, engineering and R&D activities of niche and advanced solutions. The in strategic areas of interest and sustain Government and industry will collaborate
in Singapore. This will increase our access Government and industry will work the long-term growth of a competent, to set up a cybersecurity resource centre
to cutting-edge cybersecurity capabilities together to support a strong network professional workforce. The “Partnership for users to explore and adopt innovative
and create good jobs for Singaporeans. of venture capitalists, accelerators and for the Advancement of the Cybersecurity solutions. Together, we aim to bring
The Government will also work with these entrepreneurs to help Singapore-based Ecosystem” (PACE) programme, initiated by Singapore’s cybersecurity capabilities
top companies and local champions to cybersecurity start-ups to grow and scale. CSA in 2016, is an example of a meaningful to the global market.
strengthen the cybersecurity of our critical This will assist in bringing ideas to the public-private partnership that co-develops
sectors and facilitate knowledge exchange market easily and quickly. customised solutions with industry partners
to build up local expertise. for raising our cybersecurity posture while
supporting workforce skills development.
38 CHAPTER 3 CHAPTER 3 39
INNOVATE TO ACCELERATE New R&D Facilities
Our universities play a central role in In 2016, we also saw the launch of several
R&D. Each university will become a public-private initiatives, such as the ST
For Singapore to be at the cutting-edge of cybersecurity, strong cybersecurity centre of excellence, and Electronics-SUTD Cyber Security Laboratory
R&D capabilities, institutions and partnerships are necessary. we see each already developing its own developed under the Corporate Laboratory
area of specialisation. For example, the @ University scheme administered by the
These contribute to the building of resilient infrastructure and the
Singapore University of Technology National Research Foundation (NRF). This
generating of new economic activities. and Design (SUTD) has a strong focus laboratory brings together industry and
on cyber-physical systems, and the academia under one roof to perform cutting-
New cybersecurity solutions must be tested in the real world as part Singapore Management University edge cybersecurity research.
of their development process. Singapore is an ideal test-bed, as a (SMU) specialises in mobile security.
small and agile city state with strong rule of law. Pilot solutions can
be quickly implemented and scaled in Singapore. Companies and
research labs can leverage Singapore’s global position in sectors
such as finance and logistics to develop solutions with international
significance. As these developed sectors will seek to innovate,
they could also serve as ready markets to test new cybersecurity
products and solutions.
Singapore will:
Support research into both technological and human-science
aspects of cybersecurity through the S$190 million National
Cybersecurity R&D (NCR) Programme;
Establish world-class facilities in specialised research areas and
develop local talent to sustain the community; and
Collaborate more closely with academia and industry under
the NCR Programme to develop innovative ideas and enhance
translational capabilities. A stronger public-private partnership
will ensure that R&D can address real-world problems in a more The Secure Water Treatment (SWaT) at SUTD is funded by the Ministry of Defence and NRF.
targeted manner, and move research products more quickly from It will serve as a key asset for researchers in Singapore and abroad who are studying the design
of secure cyber-physical systems.
the lab to the market.
National Cybersecurity World-Class R&D Facilities and R&D Collaborations between Government,
R&D Programme Focused Talent Development Academia and Industry
Singapore’s cybersecurity R&D journey has already Singapore will continue to establish world-class Public and private sector agencies can embark knowledge, and policy know-how to address the
started, with the aim of translating R&D capability R&D facilities in specialised research areas on new R&D projects to examine and address data and standards gaps required for an efficient
in Singapore into operational strengths. The S$130 to attract top researchers and international complex problems impeding the cybersecurity cyber risk insurance market place.
million NCR was launched in 2013 by the National collaborators, and will promote the shared use industry’s growth. One example is the Cyber
Research Foundation (NRF). This was further topped of such facilities. The Government is funding Risk Management (CyRiM) project on cyber The Government will initiate a Cybersecurity
up in 2016 by an additional S$60 million as part S$8 million towards the National Cybersecurity risk insurance, which was launched in 2016 by Consortium, with S$1.5 million in funding over
of the Research, Innovation and Enterprise 2020 R&D Laboratory at the National University of the Nanyang Technological University (NTU) three years from 2016. This Consortium will bring
Plan (RIE 2020). The NCR Programme has already Singapore (NUS) that will be a shared resource with sponsorship support from the Monetary together Government, industry and academia to
awarded 13 projects covering research areas such for cybersecurity researchers from academia, Authority of Singapore (MAS) and a consortium collaborate on research and seek out viable and
as cyber-physical systems security and forensics. industry and the Government. We will also of insurance industry players. The project practical solutions with commercialisation potential.
set up programmes to groom local talent for brings together academic expertise, industry
a sustainable and vibrant R&D community.
40 CHAPTER 3 CHAPTER 3 41
CHAPTER 4
STRONG
INTERNATIONAL
PARTNERSHIPS Through consensus, agreement, and cooperation, cyberspace can
be a safer and more secure place for all.
The ASEAN Regional Forum (ARF) was established in 1994 to foster constructive
dialogue and consultation on political and security issues of common interest and
concern, and to make significant contributions towards confidence building and
preventive diplomacy in the Asia-Pacific region.
⁵ Further details on Singapore’s international engagement efforts in dealing with cybercrime are found
in the National Cybercrime Action Plan (NCAP), launched by the Ministry of Home Affairs in July 2016.
The NCAP is available at www.mha.gov.sg.
44 CHAPTER 4 CHAPTER 4 45
FACILITATE INTERNATIONAL
CHAMPION INTERNATIONAL AND REGIONAL EXCHANGES
AND ASEAN CYBER CAPACITY ON CYBER NORMS
BUILDING INITIATIVES AND LEGISLATION
Cyber threats are borderless and (AMS) to organise workshops,
no country can deal with the rapidly seminars and conferences that
evolving threat landscape alone. advance international and regional
Singapore stays committed to build cooperation in these aspects. We will
cybersecurity capacity within also support the active role played
ASEAN in operational, technical, by the ASEAN Regional Forum
legislative, cyber policy and (ARF) countries in fostering cyber
diplomatic areas. Singapore will confidence building and capacity
focus on building understanding building measures.
and raising awareness in these areas,
as well as conducting training and Singapore will establish an ASEAN
exercises to raise capacity. Cyber Capacity Programme from 2017
to complement the various existing
To do so, Singapore will partner the ASEAN initiatives.
international community, Dialogue GovernmentWare 2015 Conference
Partners and ASEAN Member States
Consensus and agreement for high-level discussions among key cybersecurity issues facing
among nations are key to industry leaders and senior policymakers. As part of the
ensuring the success of government officials from SICW, the ASEAN Cybercrime
cybersecurity cooperation. ASEAN and Dialogue Partner Prosecutors’ Roundtable Meeting
Singapore aims to be an countries as well as relevant will bring together specialised
active participant in this area international organisations. cybercrime prosecutors from
and will facilitate global and Singapore will host an annual across ASEAN for the first
regional dialogues on cyber Singapore International Cyber time. The meeting provides
norms building and codes Week (SICW) to catalyse, an opportunity for cybercrime
of conduct, cyber policy and stimulate and promote exchanges prosecutors and law enforcement
legislation, cyber deterrence on current and emerging issues agencies to take stock of the
and cybercrime cooperation. pertinent to the cyber community. legal capacities of ASEAN. It will
also address gaps to raise the
For example, the annual RSA The first SICW, to be held in overall capabilities in the region.
15th ASEAN Telecommunications and Information Technology Ministers Meeting and Related Meetings Conference Asia Pacific and October 2016, will launch the Finally, the SICW incorporates
Japan includes public sector inaugural ASEAN Ministerial the GovernmentWare conference,
events such as the ASEAN Conference on Cybersecurity which has brought together
Senior Officials Roundtable on and the International Cyber thought leaders and practitioners
Cybercrime (SORC). The SORC Leaders’ Symposium as premier to discuss practical cybersecurity
provides a unique platform regional platforms to discuss issues over the last 25 years.
46 CHAPTER 4 CHAPTER 4 47
This Strategy is an initiative of the Cyber Security Agency of Singapore
(CSA). CSA was established under the Prime Minister’s Office (PMO) and
is managed by the Ministry of Communications and Information (MCI).