DPM Teo Chee Hean at the Opening of the 3rd Singapore International Cyber Week

Building a Resilient and Innovative Cybersecurity Ecosystem

Bapak Wiranto, Coordinating Minister for Political, Legal and Security Affairs of the Republic of Indonesia, Ms Izumi Nakamitsu, Under-Secretary-General of Disarmament Affairs of the United Nations, Excellencies, Distinguished delegates, ladies and gentlemen.

A very warm welcome to the 3rd Singapore International Cyber Week, or “SICW”! I am pleased to be back here with all of you, especially our friends who have travelled from all over the world to join us, and to share your experiences and knowledge.

A “Resilient and Innovative” ASEAN

This year’s SICW coincides with Singapore’s chairmanship of the Association of Southeast Asian Nations, or ASEAN. Southeast Asia is one of the fastest growing regions in the world, driven by a young and dynamic population of 630 million. As a comparison, this is slightly fewer than Europe’s, but more than 10 years younger on average. Our growing economies are uplifting millions into the middle class each year, and driving rapid urbanisation. By 2025, almost half of ASEAN’s population will live in urban areas. Such an exciting and fast-growing region offers many opportunities for innovation.

At the same time, Southeast Asia is also at the crosswinds of emerging global challenges. Trade frictions will affect all of us. Terrorism remains a threat to peace and stability in our region. It is imperative that ASEAN remains resilient to such global challenges.

This is why we chose the theme “Resilience and Innovation” for our ASEAN chairmanship. ASEAN needs to be resilient and innovative to address present needs, as well as drive our future development.

Opportunities of Digital Economy

Digital technologies and Industry 4.0 are examples of where resilience and innovation come together. The rapid growth of digital technologies, such as the Internet of Things, cloud computing and Artificial Intelligence, has broken down walls and opened up new opportunities for everyone.

Innovation is key in an increasingly digital future; but so too is resilience provided by robust cybersecurity. Cybersecurity is the key enabler for us to confidently seize the new opportunities from the digital revolution, and foster trust in a digital future. Conversely, weak cybersecurity leaves us exposed to new and disruptive cyber threats.

To build a resilient and innovative digital community together, we need to invest in three elements: Cyber Defence, Cyber Innovation and Cyber Partnerships.

Cyber Defence

First, we need to continue to invest in Cyber Defence to secure our networks and systems against cyber threats.

Cyber-attacks are no longer a question of if, but when and how far or how deep they can get in our systems. They are becoming more common all over the world as we digitalise our societies and economies. Cyber-attacks are also causing more serious harm, by disrupting essential services, blocking access to critical information and even shutting down government agencies.

The threat faced by all countries is real and Singapore has not been spared. In July this year, a sophisticated Advanced Persistent Threat group attacked one of Singapore’s public healthcare institutions, accessing medical prescriptions information. We have convened a Committee of Inquiry to investigate the attack, discover our weaknesses and where we can improve, and recommend measures to strengthen our cyber defences.  

A good defence system against cyber-attacks is not just about safeguarding our systems when an attack is taking place, or strengthening our cyber defences after an attack. It should take place much earlier. Many countries around the world, including Singapore, adopt a five-step cybersecurity framework, to identify potential risks; protect our systems to limit the impact of an attack; detect anomalies and intrusions early; respond quickly; and finally, recover capabilities or services so that we can return to normalcy as soon as possible. The ability to recover quickly, in particular, speaks to our cyber resilience.

At the national level, Singapore is continuing to strengthen our cybersecurity capabilities. Since the last time we met at SICW, we have passed a new Cybersecurity Law, which establishes a legal framework for the oversight and maintenance of national cybersecurity in Singapore.¹ We have also accelerated efforts to build up our Cyber Security Agency of Singapore, and have worked closely with our Critical Information Infrastructure owners and supervisors to strengthen their cyber defences.

We also need to build a stronger pipeline of cybersecurity specialists. We have expanded the course offerings in our tertiary institutes for new entrants as well as those already in the IT industry.

Earlier this year, we have leveraged on our National Service conscription system and our Singapore Ministry of Defence launched the Cyber National Servicemen scheme, with an inaugural cohort of 60 servicemen. The servicemen will be trained with relevant skills to defend the Singapore Armed Forces’ networks and information systems. We hope that after they complete their service, many of these servicemen will continue to develop their professional knowledge in the digital and cyber domains, to support our Smart Nation efforts, and also answer the call to help protect our systems when the need arises.

Cyber Innovation

Second, we need Cyber Innovation.

Cyber-attackers are extremely innovative, and so too must our defenders. There is growing demand for services from companies that provide cybersecurity. This is a dynamic field with growing business potential. By embracing cyber innovation, we can grow the cybersecurity industry and at the same time better protect our systems and users.

All around the world, cybersecurity startups are mushrooming, and vying to be the next major market player. Many governments are investing in their domestic cybersecurity ecosystem. Israel, for example, has done very well – the export value of its cybersecurity products was comparable to that of its traditional defence equipment in 2016, at about US$6.5 billion.

In Southeast Asia, each of our member state has a thriving startup ecosystem, be it Singapore’s Block 71, Jakarta’s Conclave, Manila’s QBO Innovation Hub or Yangon’s Phandeeyar incubation lab. We can connect our networks, so that our startups and companies can harness one another’s capabilities, and access new markets together.

Singapore launched the region’s first cybersecurity startup hub, named Innovation Cybersecurity Ecosystem @ Block71, or ICE71, in March this year. ICE71 is a partnership between the London-based cybersecurity accelerator CyLon, Singtel Innov8, and NUS Enterprise. It offers cyber-entrepreneurs in the region a platform to develop their entrepreneurial solutions.

One such programme is the ICE71 Inspire – a week-long boot-camp for individuals to develop and validate their ideas, and learn about entrepreneurship. There is also the ICE71 Accelerate – a more advanced, three-month-long incubator programme to help startups bring their products to market. 17 aspiring entrepreneurs and six promising startup teams participated in the inaugural Inspire and Accelerate programmes respectively. These initiatives will allow more aspiring entrepreneurs to test their ideas, network with like-minded peers and industry players, scale their innovations and contribute to the wider regional cybersecurity ecosystem.

The Singapore Government will also launch a Government Bug Bounty Programme at the end of this year. The Programme will invite both international and local white-hat hackers to test selected, Internet-facing Government systems and identify vulnerabilities. This will help build an innovative cyber ecosystem, draw in a wide range of expertise to help identify the Government’s cyber blind spots and benchmark our defences against skilled global hackers.

We also hope that through this process, we can bring together a community of cyber defenders, who share the common goal of making cyberspace safer and more resilient by securing our systems against malicious attacks. This builds a shared sense of collective ownership over the cybersecurity of our systems, which is vital to achieve our Smart Nation goals.

This week, the CSA will also be putting out an Industry Call for Innovation in collaboration with Ascendas-Singbridge, PacificLight Power, Singapore LNG Corporation, Singapore Press Holdings and SMRT Corporation. The Call for Innovation consolidates the cyber needs of these organisations into challenge statements, that will be match-made with suitable industry solution providers. We hope that this will catalyse the industry’s development of cutting-edge, innovative cybersecurity solutions, and their adoption by end-users.

Cyber Partnerships

Third, we need to enhance Cyber Partnerships and strengthen our international networks.

Cyber threats are global threats. No country can tackle these emerging cyber threats on its own. We need to work together to strengthen our collective resilience against such threats. We are particularly delighted to have with us today the UN Under- Secretary-General of Disarmament Affairs, Ms Izumi Nakamitsu. She has joined us today, on a very tight schedule because of the UN General Assembly is about to sit, so we particular welcome your presence here today, Ms Izumi.

Globally, the UN Group of Governmental Experts had developed a useful set of cyber norms in 2015. But these have to be further discussed, accepted and enforced to have effect. In the meantime, there is also an important role for complementary and mutually reinforcing regional efforts to shore up cyber resilience.

As a region, Southeast Asia has rallied together. Two years ago, Singapore seeded the ASEAN Cyber Capacity Programme (“ACCP”) with a contribution of $10 million, to deepen the region’s cyber capabilities and to enhance our ability to respond to emerging cyber threats. The ACCP was a collaborative effort, involving not only governments, but also industry and academic partners such as Microsoft and the Lee Kuan Yew School of Public Policy. More than 140 officials from all ASEAN member states have already benefitted from the ACCP.  But we can do more collectively to build the region’s cybersecurity capacity.

I am pleased to announce that we will expand the ACCP by setting up the ASEAN-Singapore Cybersecurity Centre of Excellence, or “ASCCE” for short. The ASCCE has three broad objectives. First, it will strengthen ASEAN members’ cyber strategy development, legislation and research capabilities. Second, it will train national Computer Emergency Response Teams, or CERTs in the region, increasing their technical expertise and cyber incident response skills. And third, the ASCCE will promote CERT-to-CERT open-source information sharing.

The ASEAN-Singapore Cybersecurity Centre of Excellence will be open and inclusive. It will complement and strengthen existing cybersecurity cooperation initiatives, including the ASEAN-Japan Cybersecurity Capacity Building Centre in Thailand. Through the ASCCE, ASEAN members can engage more closely with our international partners, in particular our ASEAN Dialogue Partners. Minister for Communications and Information and Minister-in-charge of Cybersecurity, Mr S Iswaran, will outline the plans for the ASCCE at the ASEAN Ministerial Conference on Cybersecurity tomorrow.

Conclusion

Distinguished Guests, Excellencies,ladies and gentlemen.

Infocomm and digital technologies have transformed our economies, societies and daily life.

ASEAN has just launched our network of 26 pilot ASEAN Smart Cities to collectively harness the opportunities from digital technologies. But the more digital and connected our societies and economies become, the more important it is to secure our systems.

The fight to secure our cyberspace is particularly challenging as it is asymmetric. It is easy for malicious actors to hide their identity, carry out their attacks across borders, and cause severe disruptions in essential services that disproportionately impact millions.

This is why it is important for us to work together - countries, governments, businesses and citizens - to pool our resources and strengthen our collective defences against this common threat. This is where we hope that international conferences, such as the Singapore International Cyber Week, can play a useful role.

I am heartened that with your strong support, the SICW has continued to grow over the last three years.

I wish everyone a fruitful SICW, and I hope that we can continue to build more partnerships toward a resilient and innovative cybersecurity ecosystem!

[1] The Cybersecurity Law has four objectives, namely to: (i) strengthen the protection of Critical Information Infrastructure against cyber-attacks; (ii) authorise the CSA to prevent and respond to cybersecurity threats and incidents, (iii) establish a framework for sharing cybersecurity information, and (iv) establish a light-touch licensing framework for cybersecurity service providers.