Opening Speech by Minister S Iswaran at the Cybersecurity Awards 2020 Ceremony

Working Together to Safeguard Our Cyberspace

Mr David Koh, Chief Executive, CSA
Mr Johnny Kho, President, Association of Information Security Professionals (AiSP), 
Ladies and Gentlemen

Introduction

1. Good Evening. Thank you for inviting me to join you in honouring the stellar achievements and contributions of our cybersecurity community. Cybersecurity is a team sport, and I am heartened to see everyone gather to celebrate on this happy occasion.

2. Let me first congratulate AiSP for successfully organising the Awards with the support of CSA and nine other professional and industry associations.  That you have done so amidst the unusual circumstances of the pandemic is an achievement in itself.  

3. COVID-19, as we all know, has not only disrupted our lives but also significantly increased our digital footprint and exposure to cyber threats. As more transactions, interactions and functions go online, so too does the cyber threat attack surface grow.  For us to seize the opportunities afforded by digitalisation, we must pay equal heed to protecting ourselves against these threats and strengthening our cyber defences. 

4. To this end, the award nominees and industry partners amongst us have played their part, and helped to grow a vibrant and robust cybersecurity ecosystem.  I would like to highlight three particular focus areas that have been elevated and enriched by the contributions of these individuals and companies. Namely, raising the national cybersecurity posture, strengthening innovation in cybersecurity, and building a strong pipeline of cyber talent. 

Efforts to raise the national cybersecurity posture

1. First, raising the national cybersecurity posture. Many passionate individuals and organisations have stepped forward to help enterprises lacking in cybersecurity know-how to digitalise safely and securely. 

2. One such individual is Dr Steven Wong, who is actively involved in raising cybersecurity awareness in Singapore. As the former President of AiSP, Dr Wong was instrumental in launching the Cybersecurity Awareness and Advisory Programme, comprising a suite of cybersecurity programmes and resources for SMEs.  Dr Wong also held leadership positions in several other cybersecurity-related organisations, including the Cloud Security Alliance APAC Education Council and the CREST Singapore Chapter. I want to thank Dr Wong for his service and am certain that he will continue to contribute as an esteemed member of the cybersecurity family. 

3. The Government regards the cybersecurity community as a key partner in raising the overall level of cyber hygiene in Singapore. The Safer Cyberspace Masterplan launched by CSA last year was developed in close consultation with members of the cybersecurity industry, many of whom shared valuable suggestions and feedback. Industry partners had also organised events to better contextualise the Masterplan for businesses. For example, AiSP convened the SME Cybersecurity Conference last year, going into depth as to how SMEs could leverage specific initiatives in the Masterplan to improve their cybersecurity. 

4. We will continue to work with industry partners to implement the initiatives in the Masterplan. This year, we will be rolling out the SG Cyber Safe Trustmark - a voluntary programme to profile enterprises with good cybersecurity practices. CSA will be reaching out to seek feedback from enterprises and industry partners from April 2021. Critically, our aim is to develop a Trustmark that helps companies recognise the value of cybersecurity as a key competitive advantage, rather than a mere business cost. 

5. Apart from raising the baseline level of cybersecurity in Singapore, there is also an urgent need for us to work together to enhance protection against highly sophisticated threats. 

6. You would all be familiar with the recent SolarWinds cyberattack, where even large software and security companies with deep cybersecurity capabilities were not spared.  Indeed, as digitalisation accelerates, the cyber threats we face will grow in scale and sophistication. 

7. We must therefore make deliberate, targeted and consistent efforts to strengthen our cyber defences against sophisticated threats like the SolarWinds breach.  Safeguarding ourselves from these threats will entail a fundamental shift in mindset - from perimeter defence towards a “zero-trust” cybersecurity model.  

8. In practice, this means observing two key principles – first, do not trust any activity in our networks without first verifying it; and second, ensure constant monitoring and vigilance of our networks. Tactics could include compartmentalising and restricting access to different segments of the network, and validating transactions across segments. It could also encompass reconciling any escalation of user privileges, and actively and regularly hunting for threats. Though the specific measures adopted would vary depending on a system’s assessed risk level, we strongly encourage all stakeholders and partners, especially those in critical sectors, to adopt these “zero-trust” principles. 

9. The nature of the digital domain is such that we will not be able to prevent every cyber-attack. But if we can detect breaches quickly, deal with them decisively, and design our systems for resilience, we will be much better placed to mitigate the risks while leveraging the opportunities of digitalisation.

Innovations to solve cybersecurity challenges 

1. Our industry partners have also raised our overall cybersecurity posture by pursuing innovation in the field. Indeed, many companies are inventing new solutions to stay ahead of the rapidly evolving cyber threat landscape. 

2. One such company is memory device manufacturer Flexxon. Leveraging on CSA’s Cybersecurity Call for Innovation, Flexxon developed the world’s first Solid-State Drive (or SSD) containing embedded Artificial Intelligence for anomaly detection at the firmware level. Flexxon’s SSD is effective against cybersecurity threats that bypass software controls, and has received strong interest from several multinational tech companies. 

3. I am glad that our local cybersecurity industry is breaking new ground with their solutions and products. Apart from existing initiatives such as the Call for Innovation, the Government will continue to support industry-led innovation in cybersecurity, by sustaining research investments in core technology areas. 

4. As part of the S$25 billion Research, Innovation and Enterprise 2025 Plan (RIE2025) announced last year, the Government will be investing in research that drives the development of strategic and emerging technologies. Key focus areas include cybersecurity, and emerging technologies like AI, quantum, and trust technologies. Frontier research in these technologies will present new ways of thinking about cybersecurity. I encourage all of you to explore the novel ideas and technologies generated from RIE2025. With the support of the industry and research community, we hope to strengthen the translation of research into products and services. This will allow us to bring innovations to market more quickly, and stay ahead of evolving cyber threats. 

Partnerships to build a strong pipeline of cyber talent

1. Third, we are glad to have worked with industry partners to build a strong pipeline of cyber talent. A strong cybersecurity workforce is foundational to strengthen our cyber defences and bring the industry to greater heights. Our enterprise partners have played a crucial role in this regard, opening their doors for graduates and professionals to gain training and experience in cybersecurity. This is precisely the spirit that we hoped to promote with the Singapore Together movement launched last year, for Singaporeans to partner the government and each other to shape and act on our shared future together. 

2. One such example is DBS Bank, a nominee for the MNC (End-User) award this year. DBS has been actively nurturing young cybersecurity professionals under the TechSkills Accelerator (or TeSA) initiative since 2017. More recently, DBS started providing structured training and on-the-job exposure for mid-career individuals under the Technology in Finance Immersion Programme (TFIP). Cumulatively, DBS has trained over 150 professionals to prepare them for careers in cybersecurity. 

3. The Government will continue to invest heavily in cybersecurity talent initiatives. We welcome more enterprise partners to join us, such as by participating in the Cyber Security Associates and Technologists (CSAT) programme, which provides on-the-job-training, and training programmes under the Tech Immersion and Placement Programme (TIPP). 

4. To further develop the cyber talent pipeline, CSA introduced the ‘SG Cyber Talent’ initiative last year. Under this umbrella, and in recognition that it takes a village to groom a leader, the SG Cyber Leaders programme will create a community for current and future cyber leaders to learn from one another. I would like to welcome cyber leaders amongst you to join this community to nurture the next generation of cyber leaders in Singapore.

Conclusion

1. I am preaching to the converted when I say that cybersecurity is a key enabler of digitalisation, without which we would not be able to fully reap its benefits.  Once again, I would like to thank each and every one of you for your valuable contributions in creating a safer cyberspace, and my heartiest congratulations to the award winners who will be unveiled later. I look forward to working closely with all of you to ensuring Singapore remains cyber secure and resilient, so that our people and businesses can thrive in a digital future. 

2. Thank you.