The Singaporean government unveiled a S$38m (£12.3 million) initiative on Tuesday to build a secure ICT environment to better withstand attacks in cyberspace.
Dubbed the Infocomm Security Masterplan, the programme will focus on developing the manpower capabilities to manage the increasing number of online threats and establishing an early-warning system for cyberattacks.
Speaking at the launch, Tony Tan, Singapore's deputy prime minister and coordinating minister for security and defence, noted that ICT security is critical to prevent the country's economy and society from being disrupted in the event a Web-based attack is launched against the country.
The investment will be spread over three years and is the "seed funding" for developing the necessary capabilities and initiatives outlined in the Masterplan, said Peter Ho, chairman of the National Infocomm Security Committee.
To be jointly implemented by the committee and Infocomm Development Authority of Singapore (IDA), the programme is aimed at all user groups, from government sectors to private companies to the general public.
Some initiatives planned include enhancing training and certification programs to elevate the skills of security practitioners, ramping up campaigns to increase public awareness of information security, and setting up a new National Cyber-threat Monitoring Centre.
Scheduled for launch in the second half of 2006, the facility will provide 24 by 7 tracking and analysis of cyber threats including computer worms and viruses, phishing scams and hacking attempts, Ho explained.
While the centre will be manned by its own team of professionals, it will also leverage commercial monitoring services from security software vendors such as McAfee and Symantec, he said.
Alerts will then be pushed out to government agencies and businesses that are linked with the National Cyber-threat Monitoring Centre, he added. The facility will complement the services provided by the Singapore Computer Emergency Response Team, an IDA-operated group that assists the public and companies in handling hacking incidents and virus attacks.
There are also plans to introduce a Common Criteria Certification Scheme so that Singapore will have the capability to certify ICT products against an international benchmark, Ho said.
Assuming accountability
Organisations must also take the lead and assume responsibility for the security of their assets, including the security of their networks, IT systems and data, Ho said.
"You may delegate the authority and you may outsource the work, but ultimately, you must be fully accountable if the security of your data systems and infocomm infrastructure is compromised," he stressed.
Business heads should not assume the consequences of inadequate security in their organisation are confined internally, he added. A security breach in one company could have a ripple effect across other infrastructures and systems across the country, he noted.
But while the Singapore government recognises the need for individual companies to be accountable for securing their IT infrastructure, it will not enforce any form of regulation or penalty to ensure they do so, Ho said.
Instead, he added that it is more important to instil a "mindset change", as companies need to understand the situation and act in a way that is responsible.
Tan said that four out of five businesses in Singapore have adopted some form of ICT technology, and three out of four have access to the Web. An estimated 50 percent of organisations also engage in some form of online trade, while one in every two Singaporeans is an Internet user, he said.
Technology, Tan warned, can be exploited by criminals, terrorists and irresponsible hackers to cause harm and create mischief. He singled out phishing as a common tactic used by hackers to "trick" online users in Singapore to reveal user IDs and passwords.
"Today, many countries have realised the benefits of a connected society," he said. "But none has yet to attain a reputation for being a secured one."
With the Masterplan, Singapore has taken "a major step forward" in the effort to make cyberspace a safer place for the country, Tan said.
