Cybersecurity an 'economic opportunity' for Singapore: Janil Puthucheary

CYBERSECURITY took centre stage in Parliament on Monday, roughly a fortnight after "digital defence" was added as the sixth pillar of Singapore's Total Defence ideology.

Calling cybersecurity "an area of economic opportunity that complements Singapore's existing strengths" such as connectivity and a skilled workforce, Senior Minister of State for Communications and Information Janil Puthucheary said: "A strong cybersecurity ecosystem will provide expertise and solutions that contribute to a more resilient digital infrastructure."

In the wake of major breaches such as the massive attack on SingHealth's patient database uncovered in 2018, MPs such as Non-Constituency Member of Parliament Daniel Goh, Low Thia Khiang (Aljunied GRC) and Teo Ho Pin (Bukit Panjang) had called for more information on measures that the Republic is taking to develop its digital infrastructure and cybersecurity professionals' skills.

Dr Puthucheary, who is also Senior Minister of State for Transport, replied: "Our agencies are working closely with each other, and the cybersecurity ecosystem, to strengthen the pipeline of cybersecurity professionals, deepen their skills and technical expertise, and improve the career progression and recognition for the profession."

An industry call for innovative solutions that was originally launched by the Cyber Security Agency of Singapore (CSA) in September 2018 will be expanded in 2019, he said.

Meanwhile, the government is also launching a new track, called "SecureTech", under the Accreditation@SG Digital scheme, which was set up in 2014 to recognise and certify products from Singapore-based information communications media technology companies.

Under the new track, which will be rolled out from the first quarter, firms must get their security products Common Criteria-certified, with a seal of approval from the CSA and the IMDA.

Accreditation@SG Digital had already recognised four companies' cybersecurity products as at Feb 1, in data security, mobile security, security analytics, and user and entity behaviour analytics, according to the Info-communications Media Development Authority (IMDA) website.

The new SecureTech track is to encourage smaller businesses to build more secure products and to adopt Common Criteria certification, said Dr Puthucheary.

He noted that Singapore became, in January 2019, one of 18 countries that are able to issue internationally recognised certificates for cybersecurity products under the Common Criteria Recognition Arrangement technical standard.

Becoming a certificate-authorising country will now allow local companies to develop globally recognised products within Singapore and to save time and money, since they no longer have to send products overseas for certification or bring in experts from abroad, said Dr Puthucheary.

Calling the achievement "a step towards becoming a regional hub for product evaluation and certification", he added: "We are attracting global evaluation laboratories to anchor their operations in Singapore.

"This will facilitate Singapore's exports of world-class cybersecurity products, and create good jobs for Singaporeans."

Dr Puthucheary added that the government will work with these SecureTech-accredited companies to build their track record and help them to scale up. Their products may also be considered by government agencies during cybersecurity procurement exercises, he said.

And, besides a government-supported Cyber Security Associates and Technologists Programme for the private sector to train practitioners on the job, the CSA also works closely with other agencies to build up cybersecurity specialists who can be deployed across the public sector, said Dr Puthucheary.

Separately, Minister for Communications and Information S Iswaran said, in reply to a question from Dr Ho, that Singapore's 11 critical information infrastructure sectors - which include transport, energy and water supply - have in place regular tests and response plans to identify vulnerabilities and to prepare for any disruption of essential services from cyber attacks.

Digital opportunities for businesses "can only be meaningfully realised within a safe and secure cyberspace", Mr Iswaran noted.

He added: "To paraphrase the old saying, we are only as strong as the weakest cyber link."