Cyber and Data Security

Going digital is now an imperative for businesses across all sectors. While it has generated growth opportunities, it has also introduced more entry points for attackers and thereby more vulnerabilities.

Cybersecurity threats to businesses have been occurring at an increasing frequency and scale, with ransomware being one of the most significant threats.

A refreshed Singapore Cybersecurity Strategy was launched in 2021, outlining Singapore’s updated goals and approach to adapting to a rapidly evolving strategic and technological environment, and increased geopolitical tensions in cyberspace.

Read more: Singapore Cyber Landscape 2021

Read more: External and Homeland Security

Businesses rely on Critical Information Infrastructure (CII) to provide essential services such as telecommunications, energy, healthcare, and banking. The Government has been working with CII owners to strengthen their cybersecurity posture and improve their resilience so that they can respond effectively to and recover quickly from cyber incidents. New initiatives were launched to uplift cybersecurity capabilities across our CII sectors.

• The inaugural Operational Technology Cybersecurity Expert Panel Forum was conducted in September 2021, drawing over 800 attendees. The panel provides cybersecurity stakeholders from the public and private sectors, including relevant CII owners, direct access to internationally renowned experts, discussing issues including key technologies and emerging cyber threats, and recommending best practices to address cybersecurity challenges and gaps.
• The Operational Technology Cybersecurity Competency Framework was launched in October 2021 to enhance the skillsets and competencies of Ops-Tech professionals.
• The Guidelines for CII Owners to Enhance Cyber Security for 5G Use Cases was published in April 2022 to provide recommendations to CII owners on connecting their systems to 5G services securely.
• The Cybersecurity Code of Practice for Critical Information Infrastructure – Second Edition was launched in July 2022 to help CII owners better address emerging risks, combat sophisticated cyber attacks, and build coordinated defences between the public and private sectors.

The Government works with the community to identify vulnerabilities in our systems through the crowdsourced Vulnerability Disclosure Programme. Since 2018, over 1,000 white-hat hackers have tested government systems and helped uncover 700 valid vulnerabilities which have been patched. Such efforts ensure that government systems are secure and resilient for businesses and citizens to use.

Read more: Government and Regulations | Infrastructure and Logistics

In partnership with the infocomm technology (ICT) and cybersecurity industries, the Government has been making the adoption of cyber and data security solutions easy and convenient for businesses.

• The Cybersecurity Labelling Scheme is the first of its kind in Asia-Pacific. Since its inception in October 2020, more than 200 smart devices, including Wi-Fi routers and smart home hubs, have been rated according to their levels of cybersecurity provisions. This enables businesses and consumers to identify products with better cybersecurity provisions and make informed decisions.

• Under the SG Cyber Safe Programme, tailored cybersecurity toolkits have been developed to simplify cybersecurity for businesses to encourage adoption. The programme also seeks to drive adoption of good cybersecurity practices by recognising organisations’ efforts through the launch of the Cybersecurity Certification Scheme in March 2022. The Cyber Trust and Essential Marks highlight businesses that have put in place measures to protect their operations and customers against cyber attacks. Within the first six months of launch, 47 organisations were certified and recognised for their efforts.

To strike a balance between harnessing data for innovation and growth and having proper safeguards and accountability, the Personal Data Protection Act was amended in 2020.

• Businesses can now collect, use, or disclose personal data for legitimate interests and business improvement purposes. Examples include fraud detection and security monitoring, enhancing their products and services, improving operational efficiencies, and better understanding customer preferences in order to offer more personalised services. Businesses can also rely on the expansion of deemed consent – by contractual necessity and by notification. This helps to reduce compliance costs.
• Consumers’ interests are safeguarded. Use of data for business improvement is limited to use of data already in the company’s possession and limited for use within the company or its group. To rely on the legitimate interests exception, an assessment must be conducted to reduce the risks associated with the proposed data processing. Businesses must disclose when they rely on this exception.

The Personal Data Protection (PDP) Week is held annually. It is a marquee event that data protection practitioners, regulators, and policymakers attend for thought leadership and continuing education on data innovation and protection. In July 2022, over 1,100 local and international attendees participated in the PDP Seminar and partners’ workshops and thought leadership sessions.

Read more: Economic Opportunities | Business Environment

There are no borders in cyberspace. As a small country, Singapore must engage and collaborate with international partners to foster an open, secure, stable, accessible, peaceful, and interoperable cyberspace, which would in turn enable our businesses to thrive online.

To this end, Singapore seeks to advance the development of cyber rules, norms, principles, and standards through international platforms and discussions. Building on our earlier contributions at the United Nations (UN) Group of Government Experts, Singapore now chairs the UN Open-Ended Working Group on Security of and in the Use of ICTs (2021 – 2025). We also continue to facilitate multi-stakeholder dialogues on cybersecurity by hosting the annual Singapore International Cyber Week and ASEAN Ministerial Conference on Cybersecurity.

We contribute to strengthening the global cybersecurity posture through capacity building and supporting international efforts to combat cross-border cyber threats.

• Established in 2019, the ASEAN-Singapore Cybersecurity Centre of Excellence has trained close to 1,500 senior officials from ASEAN and beyond as at October 2022 in areas such as cybersecurity policy and legislation issues, international law, and computer emergency response team related technical training. This supports a coordinated build-up of cyber capacities across ASEAN.

• In July 2021, Singapore organised the fourth ASEAN Plus Three Cybercrime Conference attended virtually by representatives from ASEAN member states plus the People’s Republic of China, Japan, and the Republic of Korea. The conference is a platform aimed at strengthening existing multilateral ties, encouraging learning from one another, and enhancing ASEAN’s overall cybercrime response.
• In May 2022, the Ministry of Defence and the Estonian Ministry of Defence signed a Memorandum of Understanding to strengthen defence cooperation in areas of mutual interest, with cybersecurity included amongst other areas such as exchanges in defence policy, personnel training, and citizen engagement.

Read more: Legal and Diplomacy

Singapore’s success in the digital economy hinges on our ability to create and maintain a secure cyberspace for all to transact in. Businesses, individuals, the community, and the Government need to work together to build a trusted and resilient cyberspace.