Singapore tackles skills gap in cyber security sector

The digital super highway that's coming up in Singapore, as part of the Smart Nation initiative, will allow for many services that will be transformational in nature. There will be instant connectivity, access to information and vital services such as health care.

One unfortunate downside of this digital connectivity is that it will act like a beacon for cyber criminals who will try to hack the system for gain. As Singapore builds up its digital infrastructure, cyber security has become a major challenge for companies, institutions and ordinary citizens.

Despite the sophisticated nature of threats, such as APTs (advanced persistent threats), malicious e-mail, compromised or malicious sites, exploits and malware, the biggest constraint in cyber security is not technological in nature. Rather, it's a manpower issue. Given the magnitude of the problem and its growth, there are not enough qualified cyber security personnel. And that is a problem that needs to be addressed.

The Economic Development Board's Gian Yi-Hsen notes that despite the increased number of cyber threats faced, the world continues to face a scarce talent pool of suitably trained cyber security specialists.

"In 2012, just 0.8 per cent of Singapore's 144,300 ICT (infocomm technology) workers were IT security specialists, with a shortage in the middle and senior tiers due to a shortage of training programmes and entry routes for mid-career professionals," Mr Gian, director, safety and security industry programme office (SSIPO), tells The Business Times.

EDB, along with other government agencies, such as IDA (Infocomm Development Authority of Singapore) and tertiary institutions, are working to fill the need for more cyber security specialists with training and other initiatives.

"With leading multinationals such as SAP, Oracle, PayPal, Symantec and FireEye establishing stronger local presence, Singaporeans now have more exciting job opportunities in the cyber security field," Mr Gian says.

Building up a workforce with the right cyber security skill sets takes time. As a result, Singapore has in parallel taken up a strategy to develop itself as a regional hub for cyber security. This is expected to attract international cyber security specialists to the Republic and add to the cyber security knowledge and expertise here.

A regional hub would need to possess the ecosystem of talent, players and infrastructure to provide solutions and services to address cyber threats, while offering thought leadership.

Mr Gian notes that Singapore is in the process of undertaking the following measures:

Build up public sector R&D capabilities via the National Cybersecurity R&D Programme; leverage the country's strong ICT infrastructure such as its excellent connectivity and position as a data centre hub in the region in order to make Singapore an attractive location for provision of cyber security services to the region; engage companies to set up cyber security R&D and innovation activities in Singapore. Last month, the Interpol Global Complex for Innovation (IGCI) was established here as an innovative hub for law enforcement, responding to the changing nature of crime in the 21st century.

The IGCI employs staff with law enforcement, security and other relevant backgrounds, from all over the world. There are 40 nationalities, including Singaporean, at the IGCI now.

Speaking to The Business Times, Madan Oberoi, Interpol director, cyber innovation and outreach, says that the Internet has not been designed to prevent manipulation by criminals, and can be viewed as easy to attack and difficult to secure. "Yet, society and individuals are becoming increasingly reliant on network and information technology."

Dr Oberoi adds that to better foresee the potential risks associated with new and developing technology, Interpol carries out research into emerging threats and trends in co-operation with academia, research institutes and the private sector.

The official adds that preventing and investigating cyber crime often requires information from many different sources. Internet service providers (ISPs) and electronic service providers (ESPs) such as social networking platforms may have crucial information about a suspect or a victim.

"Through the IGCI, Interpol is working cross-sector with stakeholders to better detect, predict and counter international cyber crime. A recent example of this is the Interpol-coordinated takedown of the Simda botnet."

EDB's Mr Gian adds that with IGCI located in Singapore, local companies will able to form partnerships with Interpol. "Already, several private sector partners have pledged strong support for the IGCI, ranging from the offer of significant technical and human resources, to advanced solutions and intelligence, as well as various training programmes."

IGCI will also house a cyberfusion centre, where its main role will be to provide real-time gathering and analysis of information from various sources, and provide member countries with potentially useful information about malicious Internet activities and threats. The centre could also be used to coordinate operations and facilitate cyber crime investigations by member countries, which will further establish Singapore as a hub.

Aviation major Boeing has also set up its Boeing Cyber Analytics Centre (BCAC) in Singapore.

Per Beith, director, information security solutions, electronic & information solutions, Boeing Network and Space Systems, tells BT that BCAC was created to address the growing need for better and deeper understanding of the cyber threat environment and its impact on government, business and academia.

"As a regional resource for information sharing and collaboration, the BCAC provides a venue to partner across the ASEAN region for evaluation of technologies and techniques to address the pervasive cyber threat environment," adds Mr Beith.

Boeing will staff the BCAC with analysts using state-of-the-art cyber analytics technologies to serve the primary mission of analysing current and emerging cyber threats and issuing timely alerts to BCAC partners.

Mr Beith makes an important point. He says: "One of the purposes of the BCAC is to promote information sharing and collaboration between nations in the ASEAN region. This is a very important part of cyber security. Given the extensive use by both governments and corporations of Internet connectivity, no organisation or government should attempt to face the current cyber threats alone."

Among local organisations, Singtel has taken a number of initiatives in shoring up Singapore's cyber security readiness.

William Woo, Singtel MD for enterprise data and managed services, notes that cyber security is no longer a technology issue and it's increasingly becoming a major concern of top management and boards of many enterprises. "Singtel is building its cyber security capabilities organically, as well as through investments and partnerships to be a global managed security services provider."

The initiatives taken by Singtel include its acquisition of Trustwave, a leading managed security services provider in North America. Singtel will be able to leverage the expertise and talent of Trustwave's more than 1,200 cyber security specialists in 26 countries, including an elite team of security specialists in its forensic and threat research security unit, SpiderLabs.

Singtel has also formed a strategic partnership with US-based FireEye to provide services to customers and enhance the cyber security ecosystem in the Asia-Pacific. FireEye recently released a report on a shadowy hacking group, APT30, that has been targeting Singapore, other ASEAN states and India for at least the past 10 years.

The telco has also set up the Singtel Asia Pacific Cyber Security Competency Centre (ACE) in collaboration with EDB. The centre hopes to catalyse innovation and develop competency to enhance the cyber security ecosystem in the region.

Mr Woo adds that Singtel is partnering EDB to attract and collaborate with foreign and local companies to develop Singapore as a regional hub in digital innovation. Under this S$500 million, five-year plan, Singtel will develop capabilities in cyber security, data analytics and smart and safe cities.

As Singapore's various initiatives serve to groom and retain cyber security talent, EDB's Mr Gian notes that the cyber security market is expected to hit S$120 billion in 2017 from S$63.7 billion in 2011. "There will certainly be as many exciting high-value job opportunities for Singaporeans, whether in local or foreign companies."

This article was first published on May 13, 2015.
Get The Business Times for more stories.