w.sgtech.org.sgAddressing the Inherent & Intertwined Risks in Enterprise IT Infra-Structures & Industry Control Systems In Partnership withSingapore Cyber Security and Data Protection Ecosystem 2019/2020 4 Cyber Security in the Age of Digital TransformationSingapore Cyber Security and Data Protection Ecosystem 2019/2020 5 • • • • • • • As nations, companies and individuals embrace the digital revolution, we need to be acutely aware that the threat landscape of a connected ecosystem has changed significantly over the years. With more information digitally available it is even more important that systems are kept ‘safe’ and data protected. The focus on Confidentiality, Integrity and Availability (CIA) must be top of mind for all digital solution providers and users. This publication is supported by the Cyber Security Agency (CSA) of Singapore and Personal Data Protection Commission (PDPC). SGTech is Singapore’s premier infocomm industry association, advocating for the Information, Communication and Media (ICM) industry and helping to accelerate the adoption of ICM technologies and innovations. The publication aims to showcase the vibrant and growing cyber security sector in Singapore, which offers a wide range of cyber security products, solutions and services. Through this publication, we believe it will benefit the local & foreign entities to better understand the cybersecurity industry in Singapore. In keeping up with the industry, this year, apart from the advertisements and listings we have included new segments such as cyber security training and certification, IT and OT, etc. In addition, we have also added segments for institutions and business entities to contribute articles to showcase local thought leadership on trends, and challenges of the current cybersecurity industry. SGTech’s Cybersecurity Chapter aims to promote awareness on the need for IT Security, how best to understand and work within, and also to unite the collection of not only vendors, resellers and integrators of IT Security products, solutions and services, but also the new-realm auditors, consultants, practitioners, legal and compliance organisations to represent the cybersecurity ecosystem today. Activities organised yearly include seminars and workshops, whether within industry or to end-user industries (eg Finance, Education, Government) or other trade associations, industry tradeshows (eg GovWare). The Chapter is also active in supporting partner seminars, workshops and tradeshows, networking sessions and supporting SGTech flagship events. I am thankful for the support from the CSA and the PDPC to our Cybersecurity Chapter as well as their support for this publication. I hope that you would find it useful. Yours Sincerely, Saw Ken Wye Mr Saw Ken Wye Chairman SGTech 7 Singapore Cyber Security and Data Protection Ecosystem 2019/2020 The value of data has increased exponentially in the last decade. Many companies now tap on aggregation of countless variety of data from multiple sources to develop innovative features that improve their products and services. User activity and observable data have become the mainstay of business insights and decision-making, often eclipsing user-provided data. These patterns have certainly shaped the Digital Economy in Singapore. The Personal Data Protection Act will evolve to strike a three-way balance between consumer protection, business efficiency and data innovation. Businesses will deploy new technologies to collect and use data as fast and as far as their customers are willing to adopt. Consumers, on the other hand, will only be willing to participate in the Digital Economy if they believe their data is used wisely and well-protected. To this end, we believe in taking the position of promoting responsible data use and sharing to engender a high level of consumer trust. This means shifting organisations’ mind-set from basic compliance to being accountable to their customers. Accountability in data protection means providing assurance that policies and practices are robust; governance and monitoring structures in place; crisis plans ready; and communication lines with customers prepared. On a global scale, the principle of accountability helps Singapore construct bridges with countries of comparable data protection practices. This supports trans-border trade and e-commerce, allowing our companies to reach global markets. Domestic consumers will also gain greater access to a wider variety of goods and services. The security of our digital infrastructure is a cornerstone of the Digital Economy. For cybersecurity measures to remain robust, they have to evolve in response to and often in anticipation of the changes to our digital infrastructure as our Digital Economy develops. To support the fast-changing landscape, the Infocomm Media Development Authority announced early this year the formation of a task force to develop a cybersecurity roadmap to boost the nation’s connectivity infrastructure. The roadmap will identify areas for improvement in Singapore’s telecom cybersecurity capabilities, and recommend strategies, policies and initiatives. We want you on this journey with us and hope this book will help you to do so. Yours Sincerely, Tan Kiat How Mr Tan Kiat How Commissioner Personal Data Protection Commission Singapore Cyber Security and Data Protection Ecosystem 2019/2020 8 Mr David Koh Chief Executive Cyber Security Agency of Singapore(CSA) Cybersecurity is a key enabler for Singapore’s push towards our Smart Nation and Digital Economy objectives. As digital technologies become more ubiquitous, it is also increasingly critical for us to secure our systems and networks against cyber threats, which are set to grow in sophistication and number. This underscores the need for a vibrant cybersecurity ecosystem, both to develop innovative cybersecurity solutions against cyber threats and to grow the cyber talent pipeline entering the industry. In the past year, we have made significant progress in our ecosystem development efforts, through partnerships with industry players, institutes of higher learning, and trade associations. CSA launched the Industry Call for Innovation, to catalyse the development of innovative cybersecurity solutions to meet the needs of end-users, including Ascendas-Singbridge, PacificLight Power, Singapore SLNG Corporation, Singapore Press Holdings and SMRT Corporation. In our first Call for Innovation, we received more than 70 proposals from service providers seeking to address the 10 challenge statements from the end-users. This reflects the growing maturity of the industry. CSA is also committed to continue supporting cyber start-ups and entrepreneurs. We partnered IMDA, NUS and Singtel Innov8 to establish the Innovation Cybersecurity Ecosystem @ Block71 (ICE71) in March 2018. Since its establishment, ICE71 has, through its Inspire, Accelerate and Scale programmes, helped some 46 individuals validate their cybersecurity ideas, and more than 25 start-ups in their go-to-market strategies as well as funding. It is heartening to see that our start-ups also have the global market in mind, with some of them having gone on to pitch at the CyLon Demo Day in London, as well as at RSA 2019. To help strengthen the global competitiveness and facilitate export opportunities for our local cyber companies, we also encourage companies to ensure that their solutions are competitive not only at the national level, but also at the global level. CSA has set up a Common Criteria (CC) Certification Body, to ensure that product evaluation conforms to the strict requirements of the CC standards. Singapore is now one of 18 nations qualified to issue internationally-recognised certificates for cybersecurity products under the Common Criteria Recognition Arrangement (CCRA) acknowledged across 30 nations. Local developers no longer need to send their product overseas for certification and they can enjoy lower costs and shorter time in attaining a globally recognised certification mark. 9 Singapore Cyber Security and Data Protection Ecosystem 2019/2020Next >