Assessing Adequacy of Current Cybersecurity Readiness against Evolving Threats while Ensuring Operational Security

18 Mr Sharael Taha asked the Minister for Digital Development and Information in light of rising geopolitical tensions and the increasing use of cyber operations as part of hybrid conflict (a) whether the Government assesses that Singapore's cyber threat exposure has heightened; and (b) how the Government assesses Singapore's current overall cybersecurity readiness in safeguarding critical information infrastructure, Government systems, businesses and individual residents against evolving threats, including AI-enabled attacks, without compromising operational security.

Mrs Josephine Teo: Singapore's position as a major financial hub and digital economy makes us an attractive target for malicious actors. The Cyber Security Agency of Singapore (CSA) regularly updates the public on cybersecurity threats, such as through SingCERT advisories and the Singapore Cyber Landscape publication.

Over the years, the Government has taken steps to strengthen our cyber defenses.

Critical systems are held to higher cybersecurity standards and obligations under the Cybersecurity Act. We have also invested heavily in capability development. Initiatives like CSA's Cybersecurity Development Programme have helped to strengthen our talent pipeline while national exercises, such as Exercise Cyber Star, help enhance the operational readiness of cyber defenders across both public and private sectors.

As the threat evolves, so must our response. CSA will be reviewing and updating our cybersecurity standards and obligations to strengthen security controls. The Government will also be helping owners of critical systems better detect threats, including those from advanced threat actors and AI-enabled threats. This includes equipping them with proprietary threat detection systems. We will also partner the industry to deepen the capabilities of our cyber defenders so they can better protect Singapore.

For Government systems, GovTech has existing internal guidelines to safeguard systems that hold sensitive data and provide important Government services. Moving forward, GovTech will be introducing more stringent cybersecurity and data protection obligations for Government vendors, such as requiring Government vendors that manage critical systems and sensitive Government data to meet Cyber Trust Mark requirements.

For businesses, CSA has rolled out various initiatives to assist organisations in raising their defenses. For example, CSA's CISO-as-a-Service programme provides small and medium enterprises with access to cybersecurity consultants who can work with them to raise their cyber hygiene.

The Government has also put in place measures to protect our citizens against malicious actors, such as by introducing mandatory cybersecurity requirements for gateway devices (i.e., home routers). Home routers are currently required to meet minimum cybersecurity requirements in the form of the Cyber Labelling Scheme Level 1. This requirement will be raised to a higher standard (i.e., Cyber Labelling Scheme Level 2). We will also explore introducing similar standards for IP cameras. These will make digital products harder to compromise.

In summary, Singapore maintains a robust and adaptive cybersecurity posture. However, even with the best of defenses, we must remain vigilant and alert to evolving threats including AI-enabled cyber threats. The Government will continue to review our policies and initiatives to ensure that Singaporeans remain well protected in cyberspace.