We could all learn a thing or two about developing an effective cyber security strategy from the government of Singapore. I was recently in Singapore to do a keynote for Singapore GovWare on the Changing State of the Endpoint and, while I was out there, I witnessed something interesting the Singapore government was doing to strengthen its security posture. The Ministry of Home Affairs for this Asian island city-state launched a new organization last week, Singapore Infocomm Technology Security Authority (SITSA), to safeguard Singapore against IT security threats.
As far as I know, what Singapore is doing with the creation of SITSA is unique, and can serve as a model for creating a truly national effort — with both public and private sector involvement — to protect against security threats.
SITSA will serve as the “national specialist authority” to oversee operational IT security. Its mission is to secure Singapore’s IT environment, especially from external threats to national security such as cyber-terrorism and cyber-espionage.
Regulatory agencies will continue to be responsible for IT security-related implementation for their sectors in coordination with SITSA. But the new entity will be responsible for operational IT security development and implementation at the national level.
SITSA’s areas of focus will include acting as an IT security consultancy for strategic government projects that have national security impact; partnering to build relationships with key entities that are strategic to enhancing Singapore’s IT security; working to systematically harden Singapore’s critical information and communications infrastructure; developing technology as well as providing insights on developments in IT security and threats; and overseeing Singapore’s planning, preparedness and response to any major external cyber attack.
This sort of effort is seemingly unprecedented, in that a government body will work with critical industries such as finance, communications and transportation to ensure that critical elements of society and business are protected against cyber attacks.
Unlike the disjointed fragmented non-nationalized efforts we’ve attempted here in the U.S., SITSA is a very focused approach to creating a national cyber security strategy. It involves the government reaching out to businesses that play a significant role in Singapore’s infrastructure.
While there’s no question about what Singapore is doing with regard to security, we and other countries continue to flail about with efforts that are by no means national in scope. Part of the problem is that our business leaders in finance, transportation and other industries don’t seem to fully understand the threat or grasp the fact that future wars will be fought in cyberspace (and their rolls in protecting that space). Another part is that our cyber security efforts are often mired in politics—with the result that nothing cohesive ever gets done and we continue to be at risk.
No doubt SITSA will face some significant challenges. But it’s a move in the right direction. We need a clear offensive strategy that includes public and private-sector participation, a comprehensive and well-documented approach to dealing with cyber security on a national level. SITSA provides an excellent model. This means cutting through the political in-fighting and put a stake in the ground by committing to this effort and making it a priority. Lastly, another important critical aspect is to elevate this move and make it a national effort by working with leaders from both sectors – public and private – to get behind this cause so that we can be well prepared for the next cyber attack.
* Pat Clawson is CEO and Chairman of Lumension, a vulnerability management company.