Infocomm Security Masterplan 2
The Infocomm Security Masterplan 2 (MP2), launched in 2008, is a five-year roadmap which aims to build upon the achievements of the first Masterplan by enhancing the tenacity of our economy against cyber attacks, thereby boosting the confidence of investors in choosing Singapore as a strategic and secure location for their investments.
Developed through a multi-agency effort led by IDA, under the guidance of the National Infocomm Security Committee, the five-year Masterplan has the public, private and people sectors working even more closely together to secure Singapore's cyber space.
The framework for MP2, as shown in the figure below, depicts the vision, coverage, strategic outcome and the supporting strategic thrusts. Four strategic thrusts have been identified to support MP2's aim of attaining high resilience and availability of the nation's infocomm infrastructure and services:
- Harden national infocomm infrastructure and services
- Enhance infocomm security competencies
- Cultivate vibrant infocomm security ecosystem
- Increase international collaboration
Pictorial Representation of the Infocomm Security Masterplan 2
Since its launch, the Government has been working in close collaboration with the private sector to achieve the outcome of MP2.
I. Association of Information Security Professionals (AISP)
The AISP is a Government and Industry collaboration which aims to transform infocomm security into a distinguished profession and build a critical pool of competent infocomm security professionals who subscribe to the highest professional standards. The first such association in Asia, it hopes to elevate the standing, professionalism and trust accorded to security practitioners here.
II. National Infocomm Scholarship for Infocomm Security
The National Infocomm Scholarship (NIS) for Infocomm Security was announced in April 2008. With the growing pervasiveness of infocomm technology use by the Government, businesses and society, there is a need to ensure a continuous pipeline of competent infocomm security professionals. Moreover, in order for infocomm security to flourish in Singapore, there is also a need to ensure that talents are attracted to join this profession.
In partnership with the public and private sector organisations listed in Annex A, scholarships will be offered to top students who wish to specialise in infocomm security. The scholarships will lead to Bachelor and Master degrees in infocomm security.
The scholarship, available to both local and foreign students, is open to those who have completed their junior college or polytechnic studies and are keen to pursue a full time infocomm-security related degree in either a local or foreign university of their choice.
III. Cyber Security Awareness Alliance
Besides focusing on the development of infocomm security professionals, there is also a need to raise the awareness and adoption of essential cyber-security practices among users. In the security value chain, the human factor is often seen as the last line of defence against cyber attacks. To this end, the IDA and like-minded partners from the public and private sectors formed the Cyber Security Awareness Alliance (Alliance) in 2008. See Annex B below for a list of participating organisations in the Alliance.
As a collaborative body, the Alliance will amalgamate efforts from its members by bringing together different strengths and resources. The aims of the Alliance are to:
- Build a positive culture of cyber security in Singapore where infocomm users adopt essential security measures such as firewall and anti-virus software; and
- Promote and enhance awareness and adoption of essential cyber security practices for the people and private sectors.
The Alliance's tagline "GO SAFE ONLINE" serves to provide a consistent call to-action where users are reminded to take personal responsibility in protecting themselves against cyber threats. The essence of the Alliance's message in staying secure online is embodied by 3 Es:
- Engagement of people from all walks of life;
- Education of the respective groups; and
- Empowerment with the resources to stay secure.
Through the Alliance, programmes have been implemented in partnership across the public, private and people sectors.
To raise the awareness and adoption of cyber security practices in Singapore, the Alliance also initiated the inaugural Cyber Security Awareness Day in 2011. The Awareness Day is held annually to reinforce the security awareness messages, and as a reminder of the threats in the cyber world and the need to take personal and workplace responsibility by adopting secure online practices.
The Alliance had also collaborated with IDA and the Association of Information Security Professionals (AISP) in organising the Information Security Seminar in 2011, which targets decision makers and practitioners to provide thought leadership on infocomm security as well as to promote greater understanding of the key infocomm security issues and challenges faced by public and private sector organisations.
To target the students, the Alliance has worked with the National Crime Prevention Council to develop the 'Virtual Cyber Security Park' portal that will enable students to learn various facets of cyber wellness, safety and security via interactive mode such as educational online games.
The Alliance has also jointly developed and conducted a "Business Challenge‟ with the Singapore Management University in February 2011. The Challenge intents to raise cyber security awareness amongst SMEs and tertiary students through a stimulating and in-depth business IT case challenge. It also aims to promote creativity and mental dexterity among students by challenging them to design, research and promote their IT-enabled solution to a real-world business case.
In reaching out to the community-at-large, the Alliance has setup online outreach platforms, including a web portal (https://www.gosafeonline.sg) that contains cyber security resources and articles for various target groups such as home Internet users, students, SMEs, etc, and a Facebook page to engage online users on cyber security related topics. The Alliance also continuously explores opportunities to leverage on various community-based networks (e.g. community clubs/centres, national libraries, CDCs) to share cyber security tips and best practices.
Partnering with trade associations and SiTF, the Alliance engages businesses particularly SMEs on infocomm security topics through numerous government and industry platforms such as seminars, events and trade associations networking sessions.
As cyber threats evolve, plans to promote and enhance awareness and adoption of essential cyber security practices continue to be developed.
IV. Sector-Specific Infocomm Security Programme
As each sector has its unique security requirements, a 'one-size-fits-all' approach, where a single solution is developed to meet the needs of different sectors will be insufficient. Sector-specific infocomm security programmes ensure that the infocomm infrastructure and services in each sector remain secure.
The Government will work with critical infrastructure owners to assess and develop customised solutions that meet each sector's unique security requirements. One of the sector specific programmes is as follows:
Enable a Secure and Resilient Internet Infrastructure:
The Infocomm sector is a key sector in Singapore. Singapore is one of the most wired nations in the world. As Singapore grows in our reliance on the Internet, the risk posed by cyber attacks also grows in sophistication. It is thus crucial to establish sufficient infocomm security measures against prevalent and emergent cyber threats and further enhance the security situational awareness of Singapore's Internet infrastructure.
While Singapore's Internet Service Providers (ISPs) are already paying attention to security issues, IDA is strengthening our engagement with ISPs to further secure our Internet infrastructure to co-create sustainable infocomm security measures that ISPs can implement.
This programme aims to bolster the security of the nation's internet infrastructure against cyber threats through the issuance of early warnings and undertaking of appropriate pre-emptive actions.
- Industry Code of Practice
An Internet Service Provider (ISP) Code of Practice on infocomm security that is aligned with international standards and best practices has been issued by IDA. The Code of Practice has been incorporated into the telecommunications regulatory framework and sets specific security controls and outcomes to ensure that essential security is maintained to deal with current and emerging cyber threats. Periodic audits will be conducted by IDA to ensure that ISPs observe the Code of Practice.
- Information Sharing among ISPs
To further raise the level of infocomm security readiness and response, sharing of infocomm security information among ISPs will be established through the coordination of IDA. This will allow ISPs and IDA to make more informed decisions so that early warning to emerging cyber threats can be developed and appropriate pre-emptive measures can be taken.
V. International Collaboration
In our increasingly connected world, countries need to work closely to facilitate the detection, resolution and prevention of cyber security incidents that transcends geographical boundaries. To this end, the Singapore Government has been exploring collaboration opportunities with other governments to combat cyber threats and foster close working relations. Singapore participates actively in ASEAN-related initiative such as the ASEAN-Japan IT Security Policy Meeting and Government Network Security Workshop. We have inked MOUs with advanced partners such as Japan and South Korea to collaborate in cyber security matters.