Working closely with the people, private and public sectors, IDA spearheaded the Infocomm Security Masterplan and National Trust Framework to combat ever-evolving cyber threats such as hacking, virus attacks and cyber terrorism, in order to maintain a secure infocomm environment for the government, businesses and individuals.
The Infocomm Security Masterplan (Masterplan) provides the overarching plan in Singapore’s continued national efforts to enhance cyber security. Launched in February 2005, this three-year (FY 2005 - 2007) strategic roadmap is the result of extensive private and public sector feedback to increase the resilience of national critical infrastructure from cyber attacks and to maintain a secure infocomm environment for government, businesses and individuals. The Masterplan has identified six strategies to secure Singapore’s infocomm environment:
a. Securing the People Sector
b. Securing the Private Sector
c. Securing the Public Sector
d. Developing National Capability
e. Cultivating Technology and R&D
f. Securing National Infrastructure
Complementary to the Masterplan is the National Trust Framework (NTF), which was conceptualised in 2006 as part of IDA’s iN2015 Masterplan. With the pervasive adoption of online services such as banking, healthcare and commerce, a trusted infocomm environment is essential to minimise security risks to valuable and sensitive data. Thus, the objective of the NTF is to develop a national framework that provides greater assurance and trust, so that Singapore can continue to leverage on its infocomm successes. To enhance Singapore’s reputation as a trusted hub, the NTF has identified four key strategic thrusts:
a. Trusted infrastructure development
b. Manpower development
c. Education and adoption
d. Regulation
To achieve the objectives of the Masterplan and the NTF, some of the key initiatives that Singapore has undertaken include:
The National Cyberthreat Monitoring Centre (NCMC) that will provide Singapore with the capability for early detection of potentially devastating cyber attacks and the ability to respond to cyber security incidents in real time. The NCMC will consist of the Cyber Watch Centre (CWC) that provides round-the-clock monitoring of cyber-threats to critical installations, and the Threat Analysis Centre (TAC) that focuses on the analysis of cyber threats.
The National Authentication Framework (NAF) that aims to catalyse e-business through the pervasive deployment of strong authentication infrastructures across key sectors. The objective of the NAF is to enable a consistent second-factor authentication experience for end-users accessing key electronic services, such as banking, telecommunications and government services.
The National Infocomm Security Awareness Programme that aims to educate the end-users in the people, private and public sectors on infocomm security and increase their awareness level. Various initiatives employing the use of online media, print media (such as brochures, advertorials), web portals, road shows, seminars, educational learning resources (such as e-learning course and videos) as well as partnerships with the industry have been put in place to inculcate infocomm security awareness amongst the Internet users.
The Association of Infocomm Security Professionals (AINSEP) that is part of the NTF's thrust to nurture competent infocomm security professionals in Singapore. AINSEP aims to transform infocomm security into a distinguished profession with a recognised professional body, standardised qualifications, established career paths and career development programmes.
The Critical Infocomm Infrastructure Surety Assessment (CII-SA) project that was set up to assess the infocomm security readiness of Singapore’s critical infocomm infrastructure (CII), and to ascertain the adequacy of the infocomm protection measures implemented by infrastructure owners and operators.
The Business Continuity Readiness Assessment Framework and the Infocomm Security Health Scorecard that were put in place to measure the level of security readiness and preparedness of the public sector. The Business Continuity Readiness Assessment Framework aims to establish a common framework to measure the level of readiness of agencies in resuming business operations in the event of service and operation disruptions due to infocomm security incidents. The Infocomm Security Health Scorecard aims to establish a scorecard to assess the level of infocomm security preparedness of public sector agencies.