Wanted: More cyber security experts

SINGAPORE - The rising sophistication of cyberattacks that can even disrupt the operations of key infocomm infrastructure - such as those in the banking, transport, energy and public sectors - is a potential threat to Singapore.

This is made worse by a global shortage of highly-skilled infocomm-security professionals who can defend against such attacks.

So, Singapore is embarking on a five-year National Cyber Security Masterplan to boost the number of such security experts here and bolster its defences against cyber threats.

Announcing this yesterday, Communications and Information Minister Yaacob Ibrahim said that as of 2011, information-technology-security specialists made up just 1 per cent of Singapore's infocomm-industry manpower.

Dr Yaacob was speaking at the Information Security Seminar held at the Marina Bay Sands Convention Centre.

To address this, the Infocomm Development Authority (IDA) will, under the masterplan, work with tertiary institutes here to incorporate infocomm-security courses and degree programmes into the curriculum.

IDA will also work with industry partners to attract and retain IT-security specialists.

An IDA spokesman said that feedback from the industry and government agencies "indicates a need for more cyber-security professionals across the full spectrum of cyber-security expertise".

This includes policymaking, security standards and advanced technical skills.

All polytechnics offer diploma courses in information security. But there are no degree programmes in cyber security at local universities.

Mr Walter Lee, an information-security expert with over 20 years of experience, said besides training more security experts, those working in the IT and e-commerce industry should undergo a fundamental infocomm-security course. Mr Yow Tau Keon, chief executive of information-security provider e-Cop, said security experts need "deeper knowledge in security policy, and risk and compliance management".

The masterplan will also look into boosting the resilience of critical infocomm infrastructure, by identifying vulnerabilities and gaps. National cyber-security exercises will also, for the first time, be conducted across different sectors with such infrastructure.

The Cyber Watch Centre and Threat Assessment Centre will be upgraded for improved detection and analysis of cyber threats. They were set up in 2005 to mitigate cyber threats in the public sector.

Get My Paper for more stories.

Here is the full statement from the IDA:

The Government yesterday launched a five-year National Cyber Security Masterplan 2018 to further secure Singapore's cyber environment. Developed through a multi-agency effort led by IDA under the guidance of the National Infocomm Security Committee (NISC), the Masterplan provides an overarching strategic direction to help Government and organisations in strengthening resilience against cyber threats.

Announcing the launch at the Information Security Seminar 2013, Minister for Communications and Information Dr Yaacob Ibrahim said, "Adopting a collaborative approach across the public, private and people sectors, the Masterplan will enhance the security of Singapore's critical infocomm infrastructure and address the security of businesses and individuals. This will create a truly robust infocomm ecosystem and improve our quality of lives."

The Masterplan will focus on three key areas to develop Singapore as a trusted and robust infocomm hub by 2018. First, it will enhance security and resilience of critical infocomm infrastructure which includes conducting new cross-sector exercises to improve overall resilience of infrastructure and services. Second, efforts will be increased to promote infocomm security adoption among end-users and businesses by leveraging publicity channels and collaborating with industry and trade associations. The last key area is to grow Singapore's pool of infocomm security experts through working with Institutes of Higher Learning and industry partners in training and developing more students and professionals in infocomm security.

The Masterplan succeeds both Infocomm Security Masterplan and Infocomm Security Masterplan 2 that were implemented from 2005 to 2012. These previous masterplans had put in place capabilities that enhanced situational awareness and risk mitigation through the setup of a Cyber-Watch Centre and Threat Analysis Centre. The rollout of the Secure and Resilient Internet Infrastructure Code of Practice resulted in Singapore being among the first countries for designated ISPs to adopt mandatory cyber security measures. The previous masterplans also established the Cyber Security Awareness Alliance to generate infocomm security awareness, as well as the Association of Information Security Professionals to develop local infocomm professionals.

Mr Lim Chuan Poh, Chairman of NISC said, "The cyber security landscape is rapidly evolving and we must sustain and step up our efforts to meet the challenges posed by the increasingly sophisticated cyber threats. Over the next five years, the National Cyber Security Masterplan will guide our efforts to raise the capability and level of preparedness in the public, private and people sectors to better respond to and manage these cyber threats."

Apart from the Masterplan launch, Singapore's 3rd Annual Cyber Security Awareness Day was also commemorated today. Championed by the Cyber Security Awareness Alliance (Alliance) jointly led by the Infocomm Development Authority of Singapore and the Singapore infocomm Technology Federation, the theme of this year's nationwide call-to-action is "Security at Home and in the Workplace". The Awareness Day continues to raise infocomm security awareness and remind everyone of the need for personal and workplace responsibility by adopting simple practices to secure their online identity, computers, mobile and wireless devices.

As part of the Alliance's efforts to promote public awareness and adoption, a new mobile application will be launched by end 2013. The application will contain features such as password strength checker and alerts pertaining to infocomm security, threats and patches.