Singapore to Introduce Cybersecurity BillMinistry Plans Collaborative Approach to Protect Infrastructure and Build Skills
Singapore's ministry of communications and information outlined its plans of the next five years and announced the introduction of a Cyber Security Bill aimed at helping its newly-formed Cyber Security Agency protect critical infrastructure.
The ministry will increase cybersecurity expenditure to at least 8 percent of its IT budget, according to Singapore's president Tony Tank Keng Yam, addressing the parliament on key initiatives taken in addressing challenges and the road ahead for the new government elected last September.
See Also: 2016 State of Threat Intelligence Study
Says Dr Yaacob Ibrahim, minister for Communications and Information, Government of Singapore, "We will develop a national cybersecurity strategy to strengthen Singapore's information infrastructure. Priority will be given to critical sectors of energy, water, transport, health, government, infocomm, media, security and emergency services, and banking and finance."
Ingredients of the Bill
The ministry finds it imperative to roll out the cybersecurity bill, as Singapore transitions from an analogue to digital economy and focuses on developing as a smart nation.
"While the Smart Nation opens up many opportunities, we must also ensure it's built on a secure, robust, and resilient infrastructure," Ibrahim says.
The minister, however, has not divulged details of the proposed bill, saying it's an initiative to help enterprises become future-ready.
Experts say it's no surprise that the ministry plans to introduce the bill - it's a natural progression after forming the new agency, which is setting out its ethos, plans, research and resources to respond to growing threats.
Singapore-based Anthony Lim, security expert and member of (ISC)2 and Frost & Sullivan of the Singapore Chapter says, "While it's hard to exactly specify what the key ingredients of the bill might be, it could border on some pieces of increased legislation to promote compliance and improve standards in certain non-government sectors of the industry."
The bill should help enterprises have a level playing field in protecting their organizations.
"The key ingredients must ensure protection from phishing attacks, methods to prevent indiscriminate downloading, check unverified free wifi access points, ensuring diligence in end-point device software updates, proper password regime, etc., to build confidence among citizens", he adds.
Security leaders lay emphasis on involvement of private and public entities in devising a framework.
Singapore-based Bill Taylor-Mountford, vice president and GM, Asia Pacific and Japan at LogRhythm says, the new bill should focus on decreasing the mean time to detect and the mean time to respond to an intrusion.
"The bill can certainly look at encouraging companies to share information on cyber threats, similar to the cyber security information sharing Act passed by the US government," says Taylor-Mountford.
John Lim, president of ISACA, Singapore chapter, lists out four ingredients that would help in infrastructure protection:
- Legislation to encourage or require private organizations to work with the authorities in combating and responding to cybercrime;
- Policies that are not prohibitive to business functionality, allowing business to flourish while controlling the risk of cyberattacks;
- Skills-development programs for cybersecurity professionals, given the critical role they play within enterprises;
- Subsidies for developing technologies to help companies provide secured services at an affordable cost.
Ibrahim says the bill incorporates clauses to provide opportunities for Singaporeans to co-create and design solutions and services, and embark on exciting new careers.
"We will partner with businesses and institutions to offer spaces for collaboration and programmes and help Singaporeans develop capabilities," says Ibrahim.
"We will introduce a Cyber Security Bill that will give the Cyber Security Agency of Singapore greater powers to secure our critical information infrastructure," he says.
Building Cybersecurity Skills
Ibrahim believes a secure smart nation can be possible if the country develops a cybersecurity ecosystem and grows cybersecurity talent and manpower.
Anthony Lim says it's hard to hone or build specific skills: there are not many technical people who are indirectly associated with security and need to be developing security skills as part of business continuity. "The government should impart training and include various teams from legal, compliance and other business groups as part of cybersecurity training within the government and outside," he says.
"A special category of cybersecurity officer along the lines of fire safety officer can be created in every organization with specialized skills," says Lim.
ISACA's Lim finds a demand for skills in cybersecurity operations, information security managers and cyber forensics.
Ibrahim acknowledges that we live an increasingly complex environment - the global economy is volatile, our workforce is aging, and technology is rapidly changing the way businesses operate and how we work.
Ibrahim responds, "We will also seek international cooperation on cybersecurity to overcome the transnational nature of cyber threats, and work with the private sector to raise public awareness of the importance of cybersecurity."
Fillip to 'Start-Ups'
Singapore government's key focus has been to grow the infocomm, media, and design sectors, and their adoption by the rest of the economy to create good jobs for Singaporeans. Ibrahim believes an efficient way to protect critical infrastructure is to support start-ups in the region and entrepreneurship in infocomm and design sectors.
"To encourage innovation through experimenting, tinkering and risk-taking, we will set up more prototyping laboratories, provide greater access to networking opportunities and co-locate mutually supporting expertise and services," says Ibrahim.
ISACA's Lim endorses the view and says, "Given the nature of cybersecurity, home-based security companies may actually have the edge in providing specific solutions to certain critical sectors."
Ibrahim affirms, "To encourage innovation through experimenting, tinkering, and risk-taking, we will set up more prototyping laboratories, provide greater access to networking opportunities and co-locate mutually supporting expertise and services."