New national agency to tackle cyber threats

SINGAPORE — Against the threat of cyber attacks that could cripple multiple sectors at one go, the Government has set up an agency that will develop a national strategy to tackle cyber threats, create a national-level response and coordinate various agencies in managing threats.

Called the Cyber Security Agency (CSA), it will be operational from April. It will bring together existing agencies under the Ministry of Home Affairs (MHA) and the Infocomm Development Authority (IDA) to lead the cyber security master plan, the building and design of relevant systems, and to monitor and respond to cyber threats.

The move follows a string of high-profile cyber attacks locally and internationally. Last November, an attack on Sony Pictures led to the leakage of emails and files of unreleased Sony films. A month before that, it was revealed that hackers breached the accounts of 76 million JPMorgan Chase banking customers.

In Singapore, about 1,560 SingPass accounts were illegally accessed in June last year and, in September, details of more than 300,000 customers of karaoke chain KBox were leaked by hackers. In 2013, a string of hacking incidents on Singapore government websites, including that of the Prime Minister’s Office (PMO).

Minister for Communications and Information Yaacob Ibrahim will be appointed the Minister-in-charge of Cyber Security, and Mr David Koh, Deputy Secretary (Technology) at the Ministry of Defence (MINDEF), will assume his duties as Chief Executive of the CSA from April. His two posts will be concurrent.

Sharing details of the CSA with reporters yesterday, Deputy Prime Minister Teo Chee Hean, also Coordinating Minister for National Security and Minister for Home Affairs said various government agencies — in the IDA and MHA — have been honing defences against cyber threats over the years.

“Many sectors are now very heavily cyber dependent, like the power sector for example, the transportation sector ... banking sector. Power sector will have power supply grids, power generation, substations … infocomm systems. So each of the different sectors has its own cyber security concerns,” he said. He added that it was important to protect every sector and cover all the vulnerabilities.

The Singapore Infocomm Technology Security Authority (SITSA), set up in 2009 under the MHA, has been monitoring 10 sectors: Government, infocomms energy (power), land transport, maritime, civil aviation, water, security and emergency, health, banking and finance. SITSA is among the agencies that will now be subsumed into the CSA, together with the Singapore Computer Emergency Response Team, which deals with cyber security bodies outside Singapore.

The CSA, which reports to the PMO, will also work with the newly-set-up Monitoring and Operations Command Centre to respond to threats. Other agencies brought under its umbrella are the Cyber-Watch Centre and the Threat Analysis Centre. For a start, the CSA will have 60 staff, with 40 to be transferred from SITSA and the IDA.

Dr Yaacob, who was also at the briefing, said the immediate tasks are to build up the current functions to better prevent the attacks, as well as to work with the private sector to scale up capabilities. “At the end of the day, (we have) to ensure that the data we collect, because we are transiting into a smart nation, is protected and safeguarded,” he said.

Mr Gerald Wang, research manager of IDC Government Insights in Asia, said that the set-up of the CSA is unique among countries in the Asia Pacific, where government agencies operate mostly in silos in countering threats. Having the PMO lead the way here will ensure coordination, he said.

He also pointed out one weak link in the Government’s ITC planning — it currently builds infrastructure through bulk tenders, which creates a similar IT environment for most agencies, except the strategic ones like MINDEF. “It also means that if hackers can attack one system, they can attack all,” he said.