(Delivered on 3 March 2020)
Cybersecurity Agency – Sylvia Lim
In 2016 the government published a document called “Singapore’s Cybersecurity Strategy”. The strategy has four pillars: one, to strengthen the resilience of our Critical Information Infrastructure; two, to mobilise businesses and the community to make cyberspace safer; three, to develop a vibrant cybersecurity ecosystem comprising a skilled workforce, technologically-advanced companies and strong research collaborations; and fourth, to step up efforts to forge strong international partnerships.
Since 2016, much has happened to focus us on our cybersecurity vulnerabilities. What is the government’s current assessment of the implementation of Singapore’s Cybersecurity Strategy, and how far the Cybersecurity Agency has contributed towards grounding the four pillars of the strategy?
Next, CSA’s mandate enables it to direct owners of Critical Information Infrastructures on the essential cybersecurity measures to be adopted, and to provide professional consultancy and direct assistance to them when necessary. How does CSA ensure that its officers have the necessary expertise to devise credible regulations and guidelines? This is particular needed in vendor management, as it is common to data owners for outsource data management to third party providers.
I now move on to a query on the role of CSA vis-à-vis the public sector. Under the Cybersecurity Act regime, owners of Critical Information Infrastructure include the Government, as it is running various essential services. Last year, the government convened the Public Sector Data Security Review Committee which recently issued its report on enhancing public sector data security. Could Minister clarify what role CSA played in this review?