Parliament Sitting on 1 April 2019

QUESTION FOR WRITTEN ANSWER


*2707. Ms Joan Pereira: To ask the Minister for Communications and Information (a) whether the Ministry will make it mandatory for all employees in the Government and private sectors to attend courses relating to cyber security; and (b) beyond Internet separation policies, what else is being done to equip employees with the correct mindset towards cybersecurity. 

Answer:

Mr Speaker, the Government is committed to build a strong cybersecurity culture in Singapore, both in the public service and the private sector. Training our people to be aware of cyber threats, and effectively detect and respond to malicious cyber activities, is key. 

2 Within the public sector, the Government had introduced an IT security awareness programme in July 2018. It is mandatory for all public officers to complete the course by end of the year to educate all public officers of emerging cyber threats and the cybersecurity measures to take. There is also an annual Cyber Safe Cyber Ready Conference to enhance cyber awareness within the public service, and regular cyber exercises to sharpen the IT security incident response of our public sector agencies. These measures build up our public officers’ understanding of cybersecurity.

3 Within the private sector, the Cyber Security Agency of Singapore (CSA) enhances cybersecurity awareness and practices through a variety of channels, such as talks, conferences and CSA’s GoSafeOnline portal. CSA has also developed resources such as the Be Safe Online Handbook, launched in 2018, which explains what organisations should do to enhance their cyber defence capabilities such as using only authorised software, and updating systems regularly. CSA’s “Cyber Tips 4 You” programme also educates the public on four essential cyber hygiene practices to adopt – to use a strong password and two-factor authentication, use anti-virus software, update software as soon as possible and to watch out for signs of phishing.

4 Additional requirements are placed on enterprises that own Critical Information Infrastructure (CII), which are computers or computer systems supporting the provision of our essential services. All CII owners must fulfil their legal obligations under the Cybersecurity Act, including establishing cybersecurity awareness programmes for their employees, contractors and vendors, and participating in cybersecurity exercises to validate their responses to cyber incidents.

5 Mr Speaker, our cyber defences are only as strong as our weakest link. Every individual plays a critical role in safeguarding our cyberspace. The Government will continue to work with the private sector, individuals and the community to instil a strong cybersecurity culture, and strengthen Singapore’s Digital Defence. 

 


Speech by Dr Janil Puthucheary, Senior Minister of State, Ministry of Communications and Information & Ministry of Transport, at the opening of One-North Festival 2019 Public Programme on 13 September 2019 Speeches Infocomm Media 13 Sep 19
Strengthening relations between Singapore and the Netherlands Press Releases Libraries 13 Sep 19
MCI's response on PQ on declassification of Government documents Parliament QAs Libraries 04 Sep 19
MCI's response to PQ on spam messages from illegal entities Parliament QAs Infocomm Media 03 Sep 19
Brief Remarks by Mr S Iswaran, Minister for Communications and Information, at the Launch of Central Singapore CDC's ‘My Digital Bootcamp’ Speeches Digital Readiness 03 Sep 19
Speech by Mr S Iswaran, Minister for Communications and Information, at LASALLE College of The Arts 33rd Convocation 2019 Speeches Infocomm Media 30 Aug 19