A Smart Nation must also be a secure one

• Cybersecurity is a top priority in a Smart Nation, where technology pervades the daily lives of every citizen
• While the Singapore government is taking steps to train cybersecurity professionals, the success of these efforts also depends on good uptake from enterprises and the public
• A healthy cybersecurity ecosystem requires collaboration between various players, as well as corporate cultures that inculcate cyber-awareness in every employee
• Ultimately, the onus is on users to be proactive about cybersecurity

Since the 2014 launch of Singapore’s Smart Nation initiative, technology has become increasingly integrated into our daily lives — for example, we now use smartphone apps to do everything from monitoring our health and diets to booking public transport options and keeping track of our appointments. With technology and digital information more pervasive than ever, cybersecurity is now a top priority for the country.

Building a secure Smart Nation takes careful planning and effort from many stakeholders, agreed six industry experts speaking on 14 December 2017 at an SGInnovate-organised panel titled ‘Cybersecurity Resilience: How Industry and Technology Partnerships Can Support National Infrastructure’.

Ms Lim Bee Kwan, Senior Director of the Government Infrastructure Group at the Government Technology Agency of Singapore (GovTech), said: “The Smart Nation is not a lone effort; it must improve alongside the public. The entire ecosystem has to be ready to face a cybersecurity threat, through partnerships and careful risk analysis.”

In addition to Ms Lim, also speaking on the panel were Dr Paul Lothian, Director of Cybersecurity at KPMG; Mr Chirayu Wadke, partner at SeedPlus and Jungle Ventures; Mr Ganesh Narayanan, Senior Manager of Cybersecurity at Accenture; Mr Anthony Bargar, Managing Director of the Cyber Security Consulting Group; and Ms Kara Sadybakasova, co-founder and CEO of cybersecurity software company IOTsploit.

A pipeline of professionals

If Singapore is to beef up its cybersecurity, it needs its own pool of expertise to draw from. Training individuals at different stages of their careers is thus of paramount importance. Ms Lim said that the Cyber Security Agency of Singapore has partnered with the Info-communications Media Development Authority (IMDA) to launch the Cyber Security Associates and Technologists Programme (CSAT).

“The intent [of this programme] is to upskill cybersecurity professionals,” said Ms Lim. “This will allow them to work with private sector companies, so that there is a pipeline of talented professionals who are ready to address cybersecurity shortages.”

In addition, IMDA has partnered with Singapore’s institutes of higher learning to include modules on cybersecurity in the information and communications technology curriculum. Meanwhile, the Ministry of Defence has developed new vocations in the Singapore Armed Forces where national servicemen are trained in cybersecurity.

While the government has put in place various partnerships and measures to train more talent, Ms Lim emphasised that the success of these efforts also requires a good uptake from both enterprises and the general public. As of now, response to CSAT has been encouraging, and about 500 professionals will be trained through the programme over the next three years, she said.

Building a cybersecurity ecosystem

In addition to talent, innovation in cybersecurity requires a thriving ecosystem, one in which the various players, large and small, can come together to create new solutions. As an example of this type of collaboration, KPMG’s Dr Lothian described how startups can work with larger companies or banks requiring cybersecurity systems to produce proof-of-concept solutions. In the long run, these solutions could be developed into complete systems of defence and even commercial products.

Moreover, cybersecurity extends beyond infrastructure—it should also pervade corporate and digital culture, and awareness of its importance should be cultivated in every user of cyberspace, said the panel.

Mr Bargar of the Cyber Security Consulting Group describes cybersecurity as a mission. “Companies need to enable their workforce with tools that allow them to perform their job optimally and securely,” he said. “This in turn creates a corporate culture that is a central factor in ensuring cybersecurity.”

Accenture’s Mr Narayanan agreed. “Companies must invest in ensuring basic awareness of cybersecurity across different tiers of employees—janitors and CEOs alike—to best protect themselves, regardless of scale,” he emphasised.

Taking a proactive approach

The panellists agreed that cybersecurity threats hit closest to home in the daily decisions we make online and in the applications we choose to use. Ms Lim urged organisations and individuals alike to “go in with [their] eyes open”—for example, employers should educate employees on issues such as the classification of information, email correspondence encryption and the context for the use of different tools, she said.

Ms Sadybakasova, whose company works on securing blind spots in networks of devices, supplemented this idea by emphasising the need to promptly update the firmware of such devices so as to minimise the risk of cybersecurity threats.

In the battle against cyberattacks, data is a valuable resource; fortunately, we now know more about these threats than ever before. “We live in a time where many research institutions and companies have spent time doing research [on cyberthreats] and publishing that information to make it accessible online,” said Ms Lim. The onus of being responsible and informed is thus transferred to users, who need to consume this information and use it to think for themselves.

“The cybersecurity journey never ends—users and enterprises alike have to constantly patch and stay ahead of the hackers, and work on keeping systems continually protected,” concluded Ms Lim.