ZDNetAsia : Printer Friendly - S'pore bulks up cyber defense

To print: Select File and then Print from your browser's menu

--------------------------------------------------------------
This story was printed from ZDNet Asia.
--------------------------------------------------------------

S'pore bulks up cyber defense

By Eileen Yu
Tuesday, February 22 2005 05:44 PM
URL: http://www.zdnetasia.com/news/security/0,39044215,39218719,00.htm

update SINGAPORE--The Singapore government today unveiled a S$38 million (US$23.2 million) initiative to build a secure infocomm environment to better withstand attacks in cyberspace.

Dubbed the Infocomm Security Masterplan, the program will focus on developing the manpower capabilities to manage the increasing number of online threats and establishing an early-warning system for cyber attacks.

Speaking at the launch, Tony Tan, Singapore's deputy prime minister and coordinating minister for security and defense, noted that infocomm security is critical to prevent the country's economy and society from being disrupted in the event a Web-based attack is launched against the country.

The investment will be spread over three years and is the "seed funding" for developing the necessary capabilities and initiatives outlined in the Masterplan, said Peter Ho, chairman of the National Infocomm Security Committee.

To be jointly implemented by the committee and Infocomm Development Authority of Singapore (IDA), the program is aimed at all user groups, from government sectors to private companies to the general public.

Some initiatives planned include enhancing training and certification programs to elevate the skills of security practitioners, ramping up campaigns to increase public awareness of information security, and setting up a new National Cyber-threat Monitoring Center.

Scheduled for launch in the second half of 2006, the facility will provide 24 by 7 tracking and analysis of cyber threats including computer worms and viruses, phishing scams and hacking attempts, Ho explained.

While the center will be manned by its own team of professionals, it will also leverage commercial monitoring services from security software vendors such as McAfee and Symantec, he said.

Alerts will then be pushed out to government agencies and businesses that are linked with the National Cyber-threat Monitoring Center, he added. The facility will complement the services provided by the Singapore Computer Emergency Response Team, an IDA-operated group that assists the public and companies in handling hacking incidents and virus attacks.

There are also plans to introduce a Common Criteria Certification Scheme so that Singapore will have the capability to certify infocomm products against an international benchmark, Ho said.

Assuming accountability
Organizations must also take the lead and assume responsibility for the security of their assets, including the security of their networks, IT systems and data, Ho said.

"You may delegate the authority and you may outsource the work, but ultimately, you must be fully-accountable if the security of your data systems and infocomm infrastructure is compromised," he stressed.

Business heads should not assume the consequences of inadequate security in their organization are confined internally, he added. A security breach in one company could have a ripple effect across other infrastructures and systems across the country, he noted.

But while the Singapore government recognizes the need for individual companies to be accountable for securing their IT infrastructure, it will not enforce any form of regulation or penalty to ensure they do so, Ho said.

Instead, he added that it is more important to instill a "mindset change", as companies need to understand the situation and act in a way that is responsible.

Tan said that four out of five businesses in Singapore have adopted some form of infocomm technology, and three out of four have access to the Web. An estimated 50 percent of organizations also engage in some form of online trade, while one in every two Singaporeans is an Internet user, he said.

Technology, Tan warned, can be exploited by criminals, terrorists and irresponsible hackers to cause harm and create mischief. He singled out phishing as a common tactic used by hackers to "trick" online users in Singapore to reveal user IDs and passwords.

"Today, many countries have realized the benefits of a connected society," he said. "But none has yet to attain a reputation for being a secured one."

With the Masterplan, Singapore has taken "a major step forward" in the effort to make cyberspace a safer place for the country, Tan said.