A few months ago, Singapore unveiled the first draft of a proposed cybersecurity bill which empowers the authorities to take proactive measures to protect local critical information infrastructure (CII). On 18th July, more than 200 participants from all designated Critical Information Infrastructure took part in a cyber-security exercise. Led by Cyber Security Agency of Singapore (CSA), the whole exercise represented the government's effort in testing Singapore's cyber incident management and emergency response plans for the first time. For this reason alone, it is unsurprising that Singapore has been named among the top nations that prioritizes the cybersecurity issue.
Singapore is the Most Committed Nation in Cybersecurity
According to Global Cybersecurity Index (GCI), Singapore took the crown as the most committed player in terms of cybersecurity. Surprisingly, Singapore has beaten United States which came in the second place. The Global Cybersecurity Index examines the defense capabilities in 134 countries by focusing on five factors which are technical, legal, organization, cooperation, and growth potential. While the United States triumphs over Singapore on organization, legal, and growth potential, the island nation scores higher for cooperation. This year, Singapore has moved to pole position from sixth place in the first GCI which was released two years ago.
Interestingly, countries like Georgia, Oman, Estonia and Malaysia are among the top 10 countries that score high in cybersecurity commitment. Although countries such as Oman and Malaysia have massive gap in wealth, they still emerge stronger than France and Canada which are wealthy countries in the top 10. The GCI also makes a fascinating observation that while wealth breeds cybercrime, but it does not automatically generate cybersecurity. In the same index, it showed that only half of UN member states had a coordinated national cybersecurity strategy. It looks like Singapore has been planning for a long time and you are correct, it started its national cybersecurity strategy earlier.
Long History of Cybersecurity Initiative
For more than a decade, Singapore has taken steps to make cybersecurity a priority in all approaches. Singapore launched its first cybersecurity master plan as early as 2005. While Singapore takes pride in its position as one of the world's most digitally connected, it soon realized the importance of fortifying its digital fortress against crippling attacks.
The recent WannaCry and NotPetya ransomware attack were quickly recognized as a stark reminder of Singapore's vulnerability to cyber assaults. At the same time, the growing cyberattacks were getting more sophisticated and damaging. In addition, Singapore noted that attacks worldwide specifically targeted transportation networks, healthcare institutions, utility plants, and other important infrastructures. For Singapore, these cyberattacks are unacceptable because the island republic will be left more vulnerable when compared to other countries that have advantages in terms of resources, time, and space. Proverbially speaking, the hole in the wall must be sealed or it will seal the island's fate.
In 2015, the Cyber Security Agency of Singapore has been created as a dedicated entity to oversee the cybersecurity. Last year, Singapore issued a comprehensive cybersecurity strategy which was quite remarkable because it marked the first of the nation's efforts to tackle the issue directly and indirectly. The government also announced that it was pumping as much as $528 million into cybersecurity planning as well as setting up a new Government Security Operation Centre to detect cyberthreats.
Future of Digital Fortress in Singapore
While earning its well-deserved spot in the ranks of nations that prioritize cybersecurity, Singapore does not want to rest on its laurels. Independent global security expert such as Aloysius Cheang said that a high ranking in the index does not necessarily reflect the cybersecurity readiness. He also added that the results of cybersecurity initiatives are not measured for their effectiveness, but how many of them there are. Despite Singapore is taking the right steps, there is still much work to be done, a sentiment shared by the chief executive of CSA himself.
Singapore seeks to lay a legal framework to monitor and manage the nation's cybersecurity wellbeing as well as empower the authorities to carry out their functions effectively. In its proposed cybersecurity bill, Singapore has named 11 sectors that own the CIIs such as healthcare, water, maritime, media, infocom, energy, aviation, public, and others. At the same time, the CII owners are required to have the necessary mechanism and processes to detect any cybersecurity threat.
The CSA officers will be given specific powers to deal with the cybersecurity issues quickly. Most strikingly, the bill also introduces a licensing model for the regulation of selected cybersecurity service providers and individuals in conducting penetration testing and managing security operations center services. The bill's focus on leveling the playing field and raise the maturity and preparation of all industries in Singapore. Unsurprisingly, the bill has already been lauded by many key industry leaders who describe it as timely and decisive. As Singapore strives to be "Smart City", it prioritizes all areas and leaves nothing behind.
With concerted resources and efforts, Singapore is poised to embrace its standing as a trusted digital hub. While it is ahead of many nations, it cannot afford to let its guard down lest it will be vulnerable. The technology-driven island nation has done the right thing by laying a robust digital foundation that will serve it well for the present and future.