What it takes to improve Singapore’s cybersecurity posture

The government needs to better safeguard public data to enable citizens to continue sharing their data in exchange for services, says Chai Chin Loon, Senior Director of Cyber Security Group, GovTech Singapore.

By Kareyst Lin
Nov. 28, 2016

As Singapore looks become a Smart Nation, security is of utmost importance.

In November 2015, IDC predicted that due to an increase in the number of cyberattacks, annual government spending on cycbersecurity would increase from less than two percent to over five percent of agency budgets.

"Singapore is a small country and the repercussions of any single major event may be felt much more than perhaps a country with huge borders and coastlines," said Chai Chin Loon, Senior Director of Cyber Security Group, GovTech Singapore. "More importantly, as a country with one of the highest internet penetration rate, coupled with the trust that citizens have in the government, one cyber breach is one too many." 

Personal data is valuable to cyber criminals, hacktivists and state actors both in a commercial and in the public sector. Therefore, "it is ever-important that [GovTech] takes cybersecurity seriously, because a single breach may have a ripple effect, affecting a larger part of the population."

The Singapore government has also noted, through conversations with citizens, that "many are amenable to the idea of sharing their personal data and privacy in exchange for services beneficial for the public good."

To continue enjoying this level of trust, the Singapore government has to continue to take a calculated approach in the use of public data and take necessary safeguards to protect the data, Chin told GCIO Asia in an email interview.  

GovTech's approach towards securing a digital government

Chin noted that in a world of big data and the Internet of Things (IoT), as data explosion occurs, more information is being produced, collected and exchanged. More devices are also being connected. "This exponentially increases the surfaces available for attacks by wayward criminals, which means that we have more areas to defend," he said.   

"[GovTech thus need] to strengthen our hardware and work on our software." GovTech will also educate end users through educational and communication campaigns, collaterals, demonstrations and security-related conferences. Besides that, GovTech will constantly monitor and review the cyber threat landscape, and calibrate policies accordingly.

Challenges involved

"The goal of all of us in the Cyber Security Group is to have a cybersecurity posture that is sustainable, pragmatic, and effective," according to Chin. However, there are three main challenges to achieving that goal.

"[Firstly,] we need to find a balance between the user's needs, the organisation's needs, as well as have a view of the macro cybersecurity landscape. As a government, we also need to think beyond the traditional concepts of Confidentiality, Integrity and Availability (CIA). We have to also balance usability against cost with security.  The right pragmatic balance of these 3 parameters is becoming more and more important."   

1  2  Next Page