Singapore envisions safe cybersecurity hub

The advancement in the last two decades in portable devices such as smartwatches, smartphones, and tablets has tremendously changed the way we interact and communicate. The World Economic Forum Annual Meeting in January 2020 identified the year as a turning point for cybersecurity. Greater and more convenient broadband at higher speeds is going to encourage the development and deployment of connected devices, ubiquitous computing, virtual and augmented reality, and artificial intelligence. With these network developments, more data will be created and collected than ever before. However, as new digital technologies continue to support socio-economic progress, cyberattacks will increase in frequency and impact, affecting government, industry, and individuals.

To harness the potential of the information communication technology (ICT) and driven by an awareness of the country’s constraints such as its limited land and ageing population, Singapore’s Prime Minister Lee Hsien Loong launched in 2014 a “Smart Nation Initiative.” This initiative is based on three pillars: digital governance, digital economy, and digital society. As a result, Singapore became one of the countries in the Asia-Pacific with the most advanced ICT. Unfortunately, it has also made it more vulnerable to cyberattacks. Cyberattacks have been on the rise in Singapore since 2017, following the breaches of SingHealth, Sephora, AXA Insurance, Uber, and Red Cross, alongside the leaking of Singapore HIV data and security scares at the Ministry of Defence and Singapore Armed Forces. Likewise, Singapore witnessed a rise in cyber threats targeted at various local industries such as e-commerce, banking, and finance in 2019. According to a report by the Cyber Security Agency (CSA), the cyber threats included common malicious activities such as website defacements, phishing incidents, and malware infections. The report also noted two trends that are expected to increase the cybersecurity “attack surface”: the transition by organisations into cloud computing, and security risks associated with working from home in the post-pandemic “new normal”.

What is Singapore doing to meet the challenge?

Recognising the challenges, Singapore in 2015 established the Cyber Security Agency (CSA) to oversee and coordinate activities as well as to strengthen Singapore’s cybersecurity and to protect the country from cybercrime. CSA’s core mission is to keep Singapore’s cyberspace safe and secure, to support national security, to power a digital economy, and finally to protect Singapore’s “digital way of life”.

In October 2016, Singapore released its Cybersecurity Strategy, which aims to create a resilient and trusted cyber environment. Four pillars underpin this strategy:

• strengthening the resilience of critical information infrastructures by working closely with the private sector and the cybersecurity community;
• creating safer cyberspace, by countering cyber threats, combating cybercrime, and protecting personal data;
• developing a vibrant cybersecurity ecosystem comprising a skilled workforce, technologically-advanced companies, and strong research collaborations, so that it can support Singapore’s cybersecurity needs and be a source of new economic growth;
• strengthening international partnerships, especially among the ASEAN members, to address transnational cybersecurity issues.

Two of the pillars, the efforts to create a cybersecurity ecosystem and linking it up to Singapore’s regional and global context, are of note here.

A vibrant cybersecurity ecosystem

In line with the Cybersecurity Strategy, Singapore’s medium-to-long-term direction is to develop R&D expertise and capabilities in cybersecurity. Various initiatives to support research, innovation, and enterprise have been implemented under the whole-of-government National Cybersecurity R&D (NCR) Programme. This programme aims to improve the trustworthiness of cyber infrastructures with an emphasis on security, reliability, resiliency, and usability, among government agencies, academia, and industry.

Launched in 2013, the NCR was supported at S$130 million (CHF 89.5 million) over five years. In 2016, an additional S$60 million (CHF 41 million) was allocated to extend the support until 2020. The funding was used to further develop cybersecurity R&D expertise in Singapore and the human-science aspects of cybersecurity. The funding also included grants for local and international research projects and joint technology developments with industry.

Three thematic national satellites of excellence were set up: on trustworthy software systems at the National University of Singapore, on mobile systems security at the Singapore Management University, and on secure critical infrastructure at the Singapore University of Technology and Design.

In 2016, the Singapore Cybersecurity Consortium was launched to foster discussions and partnerships across academia, industry, and government agencies, and to promote research, commercialisation, and manpower training in cybersecurity.

In addition, the National Cybersecurity R&D Laboratory (NCL)  and iTrust Laboratories were set up to support local and international research teams in academia, government bodies, and the industry to collaborate and share data, resources, and knowledge. The NCL and iTrust’s facilities are also used for educational purposes such as providing hands-on training for students and industry experts on system vulnerabilities.

Complementing the effort in this space is Innovation Cybersecurity Ecosystem at Block 71 (ICE71). ICE71 is the region’s first cybersecurity startup hub and provides entrepreneurship, accelerator, upscaling programs for startups, contributing to the ecosystem growth in ASEAN. ICE71 helps Singapore’s growing cybersecurity ecosystem by attracting and developing competencies and deep technologies to mitigate the rapidly increasing cybersecurity risks in the region.

Singapore’s aim to become a regional cybersecurity hub

In February 2020, the Singapore government said it would set aside $1 billion over the next three years to build up its cyber and data security capabilities, to safeguard citizens’ data and critical information infrastructure (CII) systems. This announcement was followed by the launch of the Safer Cyberspace Masterplan in October 2020, which aims to continue raising the general level of cybersecurity for individuals, communities, enterprises, and organisations.

As part of the efforts to improve Internet of Things (IoT) security and better secure Singapore’s cyberspace, the Cybersecurity Labelling Scheme (CLS) was launched in October 2020 for consumer smart devices. A first of its kind in the Asia-Pacific region, the CLS scheme will indicate the cybersecurity levels of home appliances, with plans to have the standards adopted at an international level. This will enable consumers to identify products with better cybersecurity provisions and make informed decisions.

One of Singapore authorities’ strategies to become a regional cybersecurity hub is to leverage the city-state’s comprehensive R&D foundation and its reputation as a trusted global business centre to attract world-renowned cybersecurity companies with advanced capabilities. A Russian cybersecurity firm, Group IB,  moved its headquarters from Moscow to Singapore. Switzerland’s Acronis opened its international headquarters in Singapore and Kaspersky has a regional office in the city-state. The Government is willing to work with such leading companies in order to create jobs for Singaporeans, protect vital sectors and improve Singapore’s cybersecurity expertise.

Moreover, platforms such as the Singapore International Cyber Week (SICW) also serve to bring together industry players and cybersecurity solution providers to discuss, strategize, and form partnerships across nations.

Global partnerships

Singapore is an open economy and a major international centre for trade, finance, and logistics. A cyber-attack on Singapore could potentially impact the wider regional and global economy. It is therefore critical for Singapore to have a network of international partners that the government can work with to address this common cyber threat. To this end, CSA actively pursues bilateral partnerships, participates in multinational discussions to shape the norms of responsible state behaviour in cyberspace, and drives regional cybersecurity capacity building programmes.

In 2015, CSA signed a Memorandum of Understandings (MOUs) with France, the UK, and India to strengthen national cybersecurity capabilities through more regular bilateral exchanges, sharing of best practices, and efforts to develop cybersecurity expertise. Additionally, between 2016 and 2018, CSA signed MOUs with the Netherlands, US, Australia, Germany, Japan, and Canada to cover key areas in cybersecurity cooperation . These MOUs also promote voluntary norms of responsible state behaviour in cyberspace. At the end of 2017, Singapore and Australia organised the first ASEAN cyber-risk reduction workshop.

Covid-19 seems to have accelerated Singapore’s need, to step up its cybersecurity efforts.

The Smart Nation initiative has reached its seventh year, and applications and updates continue to be rolled out, such as the 5G network. The overall top-down approach in Singapore proves to be highly effective and thorough in ensuring an equipped workforce as well as providing competition and attractiveness on a global level.