Written by Eugene EG Tan.

In June 2016, the Singapore government announced its intention to remove internet access from the computers of civil servants, while providing separate terminals to those who require internet access for work by mid-2017. This announcement caused uproar from the civil service and much curiosity from the international media.

The potential threat of information warfare against Singapore and the importance of Total Defence as a concept in Singapore’s overall security structure was also discussed in the budget debates. Although this may seem to stem from the recent international controversy about fake news, this view of information warfare as a threat to Singapore’s security was recognised as far back as 2013…

This move has understandably created unease that the internet service to civil servants is being cut; but that is not the case, as civil servants can still surf the web using their own devices or via an internet-enabled device should they require it for work. Government officials have explained that the rationale for this separation is to prevent malware from being installed on government computers, which is logical, given that spear-phishing is a common way to gain access to sensitive data.

It is in this kind of action that an observer can identify how seriously the Singapore government regards security in cyberspace. There are three ways that Singapore’s cyber landscape has evolved: first, regulation and legislation has been strengthened; second, the increasing importance of security in cyberspace to Singapore’s survival; and third, the accelerated pace to become a Smart Nation.

Strengthening regulation and legislation

Over the last two years, Singapore has made tremendous adjustments in its cybersecurity outlook through the setting up of government agencies and tightening legislation over activities in cyberspace. Cross-cutting government agencies like the Cyber Security Agency (CSA) and GovTech have also been set up to look at Singapore’s cyberspace strategy, and manage the rollout of ICT solutions within the public sector and develop new capabilities respectively.

In October 2016, Singapore’s Cybersecurity Strategy was launched with much fanfare by Prime Minister Lee Hsien Loong. The four pillars of its strategy are: (1) Building a Resilient Infrastructure; (2) Creating a Safer Cyberspace; (3) Developing a Vibrant Cybersecurity Ecosystem; and (4) Strengthening International Partnerships.

As part of its vision to create a safer cyberspace, Singapore is keen to combat cybercrime both locally and internationally. Singapore released a new National Cybercrime Action Plan in July 2016 to chart what it perceives as increasing cybercrime and the need to tackle cybercrime worldwide. As part of its international efforts at combatting cybercrime, Singapore also hosts the INTERPOL Global Complex for Innovation (IGCI). IGCI opened in April 2015 with the aim of improving digital security and cybercrime detection techniques.

Currently, the key piece of legislation that governs cybersecurity in Singapore is the Computer Misuse and Cybersecurity Act (CMCA), which was first passed in 1993 with revisions in 1998, 2007, and 2013. More recently, a new round of amendments has been proposed by the Ministry of Home Affairs (MHA), tabled in parliament for first reading.  The amendments to the CMCA include dealing with data breaches, the trade of hacking tools, and – recognising the international nature of cyberattacks – allow CMCA to be applied extraterritorially.

The Singapore government has also announced its intention to pass a stand-alone Cybersecurity Act in 2017 to provide a comprehensive legal framework for national cybersecurity. The Act seeks to ensure that proactive steps are taken to secure critical information infrastructure (CII) and ensure incidents are reported. Through the act, the CSA will also be empowered to manage cyber incidents and raise the standards of cybersecurity providers in Singapore.

Security in Cyberspace: a matter of survival

These moves show the resolve of the Singaporean government to secure cyberspace; the 2017 budget debates confirmed the fact that the threats in cyberspace have become an existential problem for the Singapore government. In the budget debates, two key announcements betray this reality: first, it was revealed that the Ministry of Defence (MINDEF) was to set up a new Defence Cyber Organisation (DCO); and second, that the Broadcasting Act was to be amended this year to reflect the growing challenge of controlling the spread of information that emanate from cyberspace.

In his speech to parliament, the Minster for Defence, Dr Ng Eng Hen, noted the evolving changes to the threats to Singapore, and the continuing vulnerability that plagues a small state like Singapore. The decision to set up the DCO reflects the need to combat these new threats and continual attempts to attack systems containing sensitive data. Much like other states with cyber defence capabilities, the DCO will take on the responsibility of defending military networks and conducting cyber defence training. Enlistees for compulsory military service may choose to serve their obligations in the newly developed DCO.

The potential threat of information warfare against Singapore and the importance of Total Defence as a concept in Singapore’s overall security structure was also discussed in the budget debates. Although this may seem to stem from the recent international controversy about fake news, this view of information warfare as a threat to Singapore’s security was recognised as far back as 2013, when Minister Ng spoke about the dangers of DRUMS (Distortions, Rumours, Untruths, Misinformation and Smears) and how it could cause confusion and chaos.

The rapid proliferation of media among Singaporeans has also led the government to review the Broadcasting Act. Members of Parliament (MP) have flagged concerns over the spread of fake news, noting how fake news may exploit racial or religious tensions, while recognising the difficulty of defining the fine line that exists between fake news and objectionable content. MPs pointed out that there should not, however, be a draconian approach to the control of the media, lest Singapore’s reputation as an open, business-friendly society be tarnished.

Becoming a Smart Nation

Part of the growing concern over cybersecurity is due to how Singapore envisions itself as the first Smart Nation. The Smart Nation Programme is envisioned to enhance the lives of Singaporeans, where integrated technology and the use of data is seen to support better living, build stronger communities, and create more opportunities for Singaporeans.

To this end, the government provides data to allow businesses and citizens to develop products to serve the needs of the people in areas like transportation and daily finance. Indeed, one of the main drivers of economic growth identified by the Singapore government in its Committee for the Future Economy (CFE) report is to build strong digital capabilities.

The pace of technology adoption has however been criticised for not being fast enough. Leading these critics is the Prime Minister, Mr Lee Hsien Loong. He commented that the current SingPass authentication system is only used to access services provided by government and government-linked agencies, and private service providers like hospitals are not on the system. Proper identification and ways to securely access services in cyberspace remain problems that the Singapore government is seeking to solve.

There is thus much political will invested in Singapore becoming a Smart Nation, with the Prime Minister taking a personal interest in the project. To facilitate and accelerate the implementation of this vision, in May 2016, the Singapore government announced reforms to the agency currently responsible for the programme, the Smart Nation Programme Office, together with the Ministry of Finance’s Digital Government Directorate and the Ministry of Communications and Information’s Technology Policy Office as the Smart Nation and Digital Governance Office (SNDGO). The SNDGO will be under the purview of the Prime Minister’s Office.

The rollout of these programmes will be overseen by GovTech, and these two agencies will comprise the Smart Nation and Digital Government Group (SNDGG). This group will be overseen by a ministerial committee, chaired by the Deputy Prime Minister, Mr Teo Chee Hean.

Challenges Ahead

However, the increased adoption of technology by people in their daily lives also means that there is more data being generated and in need of protection – and more devices that could potentially be used in a cyberattack. An example of this can be seen from the Distributed Denial of Service (DDoS) attacks on the Singapore Internet Service Provider (ISP) StarHub in October 2016. Much like the Dyn attacks in the same month, unsecured devices like webcams and routers that were connected to the ISP’s network were used to spam the ISP’s servers with requests, resulting in the disruption to internet service through the lack of bandwidth to support the number of requests.

Incidents like these sap confidence from potential technology adopters, and may turn them off from consuming new high-tech products. Thus, how Singapore moves forward in this minefield that is cyberspace depends much on the level of security and confidence that it can build in its systems.

Cyberspace is a complex problem that requires a whole-of-society, whole-of-government approach, and cannot be seen through only one lens. But having set up so many agencies under different ministries, the challenge for the Singapore government is one of having too much bureaucracy.

There is a need to act in one voice toward a shared purpose, rather than each agency trying to solve an incident in a way it sees fit. There is also potential for anyone to say that “this is not my problem” because there appear to be other agencies looking at these issues. If Singapore can do this and everyone owns the cybersecurity problem, then it can truly become a secure Smart Nation.

Eugene EG Tan is an Associate Research Fellow at the Centre of Excellence for National Security (CENS), a constituent unit of the S. Rajaratnam School of International Studies (RSIS), Nanyang Technological University, Singapore. Image Credit: CC by cegoh/Pixabay.