Thursday, October 8, 2009

Singapore Beefs Up Cyber Security

Defense News


Singapore Beefs Up Cyber Security

By Wendell Minnick

TAIPEI - Singapore stood up a new cybersecurity authority Oct. 1 that will be responsible for safeguarding "infocomm technology" (IT).

The Singapore Infocomm Technology Security Authority (SITSA) will be a division within the Internal Security Department of the Ministry of Home Affairs (MHA), an MHA news release said.

"SITSA's mission is to secure Singapore's IT environment, especially vis-à-vis external threats to national security such as cyberterrorism and cyberespionage" and be responsible for "operational IT security development and implementation at the national level."

"I applaud the decision of the government to create SITSA as cybersecurity is paramount in protecting that nation from the economic and national security threat poised by the shadow economy," said Tom Kellermann, vice president, Boston-based Security Awareness, Core Security Technologies.

SITSA will begin by hardening critical infocomm infrastructure (CII) against cyber attacks, and achieve a higher level of national preparedness.

"The latter calls for reviews of operational plans, and regular exercises to identify gaps and enhance capability and responsiveness to major cyber attacks," the news release said.

Regulatory agencies will continue to be responsible for IT security-related implementation for their sectors in coordination with SITSA. In the case of the government and infocomm sectors, this will continue to be the responsibility of the Infocomm Development Authority (IDA) "in its capacity as the Government Chief Information Office (GCIO) and the government agency responsible for the Infocomm sector."

In addition, the National Infocomm Security Committee (NISC) will continue to be the "national platform to formulate IT security policies and set strategic directions at the national level" with IDA continuing to serve as the NISC secretariat.

Singapore is an important financial center of Asia, said Jun Isomura, a cybersecurity specialist at the Washington-based Hudson Institute. Singapore is a "key country of the Asia-Pacific Information Infrastructure" and SITSA will need technological support from Japan and the U.S. to achieve success.


SITSA will focus on six key areas:

* Provide IT security consultancy for strategic government projects that have national security impact.

* Partnership development to build relationships with key entities strategic to enhancing Singapore's IT security.

* CII protection.

* Development of technical competencies.

* Planning and preparedness against any major external cyber attack.

* Hardening critical national IT infrastructure.

Kellermann said SITSA would face some significant challenges. For one, conducting the "initial red-teaming exercise of all critical cyber assets to ascertain the current state of cybersecurity and what the priorities must be."

Other challenges include information sharing between SITSA and major multinational corporations in Singapore.

There will also be difficulties determining "real attribution per cyber attacks due to their ephemeral nature," Kellermann said. The reason is many "domestic attacks are merely domestic botnets whose command and control resides outside of national borders."


SITSA is already preparing to work with the private sector "who are key players in the infocomms and IT security industries, in addition to Government agencies and industry regulators," said the MHA press release.

The MHA has also just concluded a conference dealing with IT security. This year's Governmentware Conference and Exhibition, Sept. 30 to Oct. 2, dealt with enterprise security, critical information infrastructure protection, mobile security, biometrics, identity management and cloud security issues.

This year's theme, "Beyond Uncertainty: Collaborating for Security," dealt with "collaborative efforts to address IT security challenges in today's economy as our ICT [information and communication technology] assets become more and more integral to our work and lives," a Governmentware news release said.

There were two invitation-only seminars during the conference. The first was the "CXO Track" that allowed senior government and business leaders to discuss "real-life business needs with IT security and corporate governance concerns" and looked at "IT subterfuge." The second was the "CISO Track" that discussed "IT security awareness within their organization" and provided a "platform to examine common challenges and problems."

Speakers at the conference included Paul Henry, security and forensic analyst, Lumension; Noboru Nakatani, director, Information Systems and Technology Directoriate, INTERPOL General Secretariat; Roy Teo, deputy director, Technology Risk Supervision Division, Monetary Authority of Singapore; Ngair Teow Hin, CEO, SecureAge Technology; Benjamin Mah, general manager, e-Cop (S) Pte. Ltd.; Kang Meng Chow, member, (ISC)² Asia Advisory Board; and Chris Pickett, principal solution architect, Architect Global Technology Business Unit, Oracle Corporation - Australia.