Safeguarding Sensitive Information when Sharing Classified Threat Intelligence with Critical Sector Organisations
Ministry of Digital Development and InformationSpeakers
Summary
This question concerns Dr Choo Pei Ling’s inquiry on safeguarding shared classified intelligence and strengthening the Singaporean cybersecurity workforce. Minister Mrs Josephine Teo stated that the Cyber Security Agency of Singapore ensures protection through Official Secrets Act compliance and redaction of sensitive information. To bolster the workforce, Minister Mrs Josephine Teo noted that Singapore now has 10,000 professionals following industry-partnered training initiatives for fresh and mid-career professionals. Minister Mrs Josephine Teo emphasized that critical infrastructure owners remain ultimately accountable for their system architecture, daily operations, and regulatory compliance under the Cybersecurity Act. This policy ensures that while the government provides intelligence and support, organizations are responsible for their own cybersecurity outcomes and system defenses.
Transcript
39 Dr Choo Pei Ling asked the Minister for Digital Development and Information in light of the Government's decision to share classified threat intelligence with organisations in critical sectors (a) what measures are in place to ensure that sensitive information will remain safeguarded to minimise vulnerability exposures; and (b) whether the Government can share an update on the progress of measures to strengthen our Singaporean core for cybersecurity in critical sectors.
Mrs Josephine Teo: My response will also cover the matters raised in oral questions filed by Ms Poh Li San1 and Mr Yip Hon Weng2, both scheduled for a subsequent sitting. I invite Members to seek clarifications, if need be. If the questions have been addressed, it may not be necessary for the Members to proceed with their questions in a subsequent sitting.
Globally, malicious cyber activity has been increasing. As a digital hub, Singapore is not immune to these threats. Like other countries, we have been experiencing a rise in attacks by cyber criminals as well as state-linked actors. Our critical information infrastructure (CII) is a strategic target. As these systems support essential services, there can be severe consequences if they are compromised.
To safeguard the cybersecurity of our CII, the Cyber Security Agency of Singapore (CSA) holds CII owners to higher cybersecurity standards and obligations under the Cybersecurity Code of Practice. CSA will continue to update these standards and obligations to keep pace with the evolving threat landscape.
We will also partner CII owners by equipping them with tools and capabilities to help them deal with advanced cyber threats. This includes sharing classified threat intelligence with CII owners, which will help them be on the lookout for specific threats. CSA will put in place safeguards to ensure that the information is properly handled. CII owners will also have to comply with the Official Secrets Act. Sensitive information which may affect national security or foreign relations will be appropriately redacted.
Having a strong cybersecurity workforce that can meet Singapore’s needs is critical. CSA has also partnered with associations, industry and academic partners to facilitate the training of fresh and mid-career professionals for the cybersecurity profession. Today, Singapore is home to about 10,000 cybersecurity professionals. This figure has more than doubled compared to just eight years ago.
While the government will partner and support CII owners in cyber defence, CII owners are ultimately accountable for meeting the regulatory obligations under the Cybersecurity Act, and more importantly, for the cybersecurity outcomes of their organisations and systems. This is because they own the systems and networks and are responsible for all decisions relating to their network, including system architecture and the day-to-day operations.