1. Good afternoon. Thank you for inviting me here today.
2. This digital revolution that we talk about, this rapid deployment, propagation and adoption of technologies, is transforming our economy, society, lives, and the way we work and play. The processes began many years ago. Industries are digitalising to the point where today, the traditional way of disrupting industries is associated with technology and digitalisation. This brings with it the threatening way of disrupting industries and companies through cybersecurity, penetration and risks exploitation.
3. People are very familiar with the way Uber, Airbnb and many other industries have come in and totally changed the way business is done in some domains. It brings about benefits to the individual, consumer and end user, by lowering of prices, increasing the number of opportunities around products that are available and opportunities for businesses. It has become increasingly clear that in order to play in this space and to remain competitive, you have to have robust strategies around digitalisation and securing the cybersecurity of that digitalisation.
4. As we become more dependent on technologies, our threat surface increases. Thus, disruptions to our digital platforms or digital services through cybersecurity risks are floated up to the top of the agenda in terms of risk mitigation and risk assessment. This is only going to increase as we come to rely on Artificial Intelligence (AI), machine-learning, cloud-based, telecommunication-based and IT-based solutions. The risks are only going to increase, and businesses cannot afford to not be engaged and must know how they can mitigate the risks that are created as a result of this growing digital dependence.
5. Cybersecurity has long passed the point where it has become purely a technical issue. It has become a business continuity issue, a business strategy issue. It has floated up to the top of the agenda of the Board. Business leaders need to become engaged in the space, to take it upon themselves to drive their organisation’s cybersecurity stretch. At the business leadership level, we need to consider a balance between security and costs of usability that has traditionally been the domain of the cybersecurity technical specialists. This has now become a part of business and organisational leadership considerations. Part of the consideration, then, has to be whether an organisation or business can leverage commercially-available off-the-shelf solution or if it needs a bespoke, innovative solution for its circumstance.
6. The Cybersecurity Industry Call for Innovation is part of that process of finding solutions, hoping to address the need for innovative, bespoke solutions, and encouraging leaders to look at longer-term needs. We are working with solution providers in order to manage those unique approaches. Last year, the Cyber Security Agency of Singapore (CSA) worked with key users, such as Ascendas-Singbridge Group, PacificLight Power and SMRT Corporation to articulate forward-looking cybersecurity challenges that were important to them, that they felt were ready for innovation.
7. The industry was then invited to propose ideas for innovative and novel ways to address these challenges. More than 70 proposals from 58 companies were received, and eight proposals have been awarded with funding today. In addition to receiving the funding from the Government, these shortlisted proposals were provided with support from the participating users and opportunities to testbed their solutions on their users’ facilities.
8. So today, I am happy to launch the 2019 Cybersecurity Call for Innovation, featuring more users and more challenges, bringing in sectors such as energy, healthcare and maritime, in addition to our CSA. Subsequent speakers will share more details on the Call itself and the various challenge statements. CSA will also enhance the Co-Innovation and Development Proof of Concept (POC) Funding Scheme to support more complex needs and larger challenges. CSA will speak on this later.
9. Earlier, I spoke about the security and usability trade-off needs to be part of the decision making matrix at the leadership level. Do you need an innovative and bespoke solution or can you use something that is off-the- shelf? As part of our work around innovation and development of the ecosystem, we have to also pay attention to manpower. The development of our manpower pipeline - upscaling and training of cybersecurity workforce of professionals - is going to be vital to this space. We have a variety of training programs such as the TechSkills Accelerator (TeSA) programme. The Critical Information Technology Resource Programme Plus (CITREP+) is helping professionals keep up with technology shifts and remain relevant. We also have the “Cyber Security Associates and Technologist Programme” (CSAT) which works with companies to upskill fresh ICT graduates and mid-career technologists. CSA has also launched the Singapore Cyber Youth Programme to attract students from as early as in secondary schools to consider cybersecurity careers.
10. This approach means that some of our attempts to drive the training of the manpower pipeline is focused on the educational institutions, and some of it is focused on the companies, so that we can address the manpower needs for the younger students, early working adults, all the way to the mid-career technologists who are looking for a change in career. We need that comprehensive approach in order to ensure that this space grows so that there can be more innovative solutions and more highly-skilled professionals to think about the challenge statements, to deploy the solutions and execute these activities.
11. Getting back to the idea of businesses whose needs can be met by readily-available solutions. This is especially salient for smaller businesses that face cybersecurity threats, just as large businesses do - they also face resource constraints in terms of what their ability to bring to bear cyber security solutions. So perhaps for them, off-the-shelf commercially available solutions are a way to go. These small and medium enterprises (SME) are being helped by the Government in the two ways:
12. First, for those who are just getting going - newly incorporated SMEs, or who have been around in a traditional brick-and-mortar type of business for a while and want to digitalise - we have foundational cybersecurity solutions. We have worked together with banks and telco providers. These are called the Start Digital Packs and the costs for signing up are waived for at least six months of the contract. Government is working with together with telcos and the banks as an enabler and provider of those fundamental IT solutions, making sure that the cybersecurity solutions are baked into those products and curating them for the SMEs.
13. Secondly, SMEs will now have the option of adopting more comprehensive and/or more advanced pre-approved cybersecurity solutions, with up to 70% support by the Productivity Solutions Grant. These are cybersecurity solutions that have been curated by Infocomm and Media Development Authority (IMDA) and CSA and then made available through Enterprise Singapore’s Tech Depot website and the Business Grant Portal.
14. These are a lot of different pieces. There is some work done by CSA in terms of the security fundamentals, work done by IMDA with respect to the business needs of companies in the tech space, and then there is a perspective on this as a whole of economy business development process. Getting cybersecurity right is a business development process. None of which you need to know if you are an SME looking to get on the bandwagon. There is a single website, a single portal. It is a good example of at least three if not more agencies coming together to provide a single solution in a curated way through a single portal for small businesses to use cyber security solutions in order to accelerate their business development. This is something that SMEs as well as the cybersecurity industry have been asking for, and I would encourage you to investigate this through our Business Portal.
15. For other things that we are doing, we have a guide for businesses on how to be safe online and there are standards and guidelines in there. Our solutions that we curate will match up to those guidelines on how to be safe online. Over time, the Government will continue to expand the list of pre-approved cybersecurity solutions in order to meet business needs.
16. The complexity of this space also means that businesses need help over and above one single portal as well as these guidelines. SMEs can also approach our SME Centres for advice on these pre-approved digital solutions. If they need further specialised advice, these businesses may be referred to the SME Digital Tech Hub for one-to-one consultations on improving their cybersecurity.
17. So all of these efforts, multi-agency efforts, number of government officials and policy people involved from CSA and IMDA, coming together to help our economic agencies deliver what is seen as a key driver of economic growth for SMEs here in Singapore.
18. These rapid advancements in digital technologies have created numerous opportunities. Business leaders need to be alert to the accompanying cyber risks and take pro-active steps at the leadership level, making decisions about your strategies, investments, manpower development and allocation of resources to make sure that you mitigate those risks for your businesses.
19. At the same time, I commend those user companies who have been willing to put out their challenge statements to make it very clear that these are the challenges they are facing in this space. That is how we have been able to match those challenges with these calls for innovation, creating the opportunity for the solution providers to step into this space. This type of collaboration across the industry and across the economy is going to be vital for us to be able to drive our agenda forward for further digitalisation and to guard the cyber security risks that are associated with that.
20. I wish you all an exciting session and the rest of the Singapore International Cyber Week ahead. Thank you for your interest in the Cybersecurity Call for Innovation and thank you to all our participants today.