Transcription
PR I ME MI N I ST E R’ S FO R E WO R Ddivisions. Cyberattacks can also do physicalAcknowledgementsdamage to business operations and essentialinfrastructure, and pose real-world threats toWe would like to thank the following individuals, groups, and agencieslives and livelihoods.for their valuable input and support over the course of developing theSingapore Cybersecurity Strategy 2021:Digitalisation and cybersecurity are thustwo sides of the same coin. As we push for Dr Benjamin Ang, Centre of Excellence for National Security,digitalisation, we must also raise our cybersecurityS. Rajaratnam School of International Studieslevels to protect ourselves from new technological Mr Bruce W. McConnell, EastWest Institute Prof Ciaran Martin, Blavatnik School of Government, University of Oxfordexploits and malicious actors. Mr Christopher C. Krebs, Krebs Stamos GroupFive years ago, we launched the first Singapore Mr Christopher Painter, Global Commission on the Stability of CyberspaceCybersecurity Strategy. The world is nowThis updated Cybersecurity Strategy charts the Mr James Andrew Lewis, Center for Strategic & International Studiesa different place. Digital technology hasnext stage in Singapore’s journey to becoming Dr Shashi Jayakumar, Centre of Excellence for National Security,transformed how we live, work, and play. Smarta more cyber-resilient nation. We will activelyhomes and devices are becoming mainstream;defend our cyberspace, simplify cybersecurityretail stalls are pitching their wares overfor end-users, and promote the development The Infocomm Media Development Authoritylivestreaming apps; we PayNow each otherof international cyber norms and standards. The Ministry of Communications and Informationinstead of using cash. The COVID-19 pandemicAs the cyber environment is evolving rapidly, The Ministry of Defencehas accelerated these trends further.implementing this strategy will demand much ofS. Rajaratnam School of International Studies The Singapore Cyber Security Inter Association The Cyber Security Awareness Alliance The Ministry of Home Affairs The Personal Data Protection Commission The Singapore Police Force The Smart Nation and Digital Government GroupDigital technology is central to our COVID-19response. Technology enables us to tracecontacts effectively and efficiently, monitorpatients’ health remotely, and ensurecompliance with stay-at-home notices. Manyby Cyber Security Agency of SingaporeAll rights reserved.ISBN: 978-981-18-2258-2to upskill practising professionals and to supportindividuals keen on pursuing a cybersecuritycareer. If we can do all this well, we canconfidently unleash our full digital potential.solutions were developed locally to help usAs the world rides the digitalisation wave, let usemerge stronger from the pandemic.work together towards a trusted and resilientThe Singapore Cybersecurity Strategy 2021Copyright 2021our people. That is why we are investing heavilySingapore must continue to exploit digitaltechnology fully to grow and develop. Atcyberspace so that everyone can benefit fromthe opportunities in a digitally connected world.the same time, we must be vigilant aboutthe risks. The more we digitalise, the moreexposed we become to the growing threatsCyber Security Agency of Singaporewww.csa.gov.sgDesigned by:APT811 Design & Innovation Agencywww.apt811.comin cyberspace. The same technologies thatimprove our lives can be misused to disruptLee Hsien Loongour lives, sow mistrust, and deepen socialOctober 2021
ContentsOverview of the Singapore Cybersecurity Strategy 20211Introduction: Singapore’s Cyber Operating Landscape5Chapter 1: Build Resilient Infrastructure13Enable a coordinated approach to national cybersecurity with Critical InformationInfrastructures (CIIs) at its core16Ensure government systems are secure and resilient18Safeguard important entities and systems beyond CIIs20Chapter 2: Enable a Safer Cyberspace21Secure digital infrastructure, devices, and applications that power our digital economy24Safeguard our cyberspace activities25Empower our cyber-savvy population for a healthy digital way of life27Chapter 3: Enhance International Cyber Cooperation31Advance the development and implementation of voluntary, non-binding norms, which sitalongside international law35Strengthen the global cybersecurity posture through capacity-building initiatives andthe development of technical and interoperable cybersecurity standards37Contribute to international efforts to combat cross-border cyber threats39Chapter 4: Develop a Vibrant Cybersecurity Ecosystem41Develop advanced capabilities for economic growth and national security44Innovate to build world-class products and services45Grow our cybersecurity market47Chapter 5: Grow a Robust Cyber Talent Pipeline49Support youths, women, and mid-career professionals to pursue a cybersecurity career53Create an upskilling culture for a globally competitive workforce55Foster a dynamic sector with strong professional communities56Conclusion57Glossary59
Overview of theSINGAPORECYBERSECURITYSTRATEGY 2021A secure cyberspace underpins our nationalsecurity, powers a digital economy, andprotects our digital way of life.Singapore launched our first Singapore Cybersecurity Strategyin 2016 (‘Strategy 2016’), which helped lay the foundations of ourcybersecurity efforts today. As our strategic and technologicalenvironment has changed significantly over the past five years,we have reviewed and refreshed our cybersecurity strategy toaddress new and emerging cyber-threats.With a robust cybersecurity workforce and a vibrant cybersecurityecosystem as key enablers, the Singapore Cybersecurity Strategy2021 (‘Strategy 2021’) lays out our plans to strengthen the securityand resilience of our digital infrastructure and enable a safercyberspace to support our digital way of life. It also articulateshow Singapore could play an outsized role in the digital domaindespite being a small country, to support an open, secure, stable,accessible, peaceful, and interoperable cyberspace.1The Singapore Cybersecurity Strategy 20212
OVERVIEWBuild Resilient Infrastructure Enable a coordinated approach to national Ensure government systems are secure Safeguard important entities and systemscybersecurity with CIIs at its coreA TRUSTED AND RESILIENT CYBERSPACESTRATEGICPILLARSand resilientbeyond CIIsFOUNDATIONALENABLERSEnable a Safer Cyberspace Secure digital infrastructure, devices,and applications that power our digitaleconomy Safeguard our cyberspace activitiesDevelop a VibrantCybersecurity EcosystemEmpower our cyber-savvy populationGrow a RobustCyber Talent Pipelinefor a healthy digital way of lifeEnhance International Cyber Cooperation Advance the development andimplementation of voluntary, non-bindingnorms, which sit alongside international law Strengthen the global cybersecurityposture through capacity-buildinginitiatives and the development of technicaland interoperable cybersecurity standards 3The Singapore Cybersecurity Strategy 2021 Contribute to international efforts tocombat cross-border cyber threatsDevelop advanced capabilitiesfor economic growth and national security Innovate to build world-class Grow our cybersecurity marketproducts and servicesSupport youths, women, and midcareer professionals to pursue acybersecurity career Create an upskilling culture for a Foster a dynamic sector with strongglobally competitive workforceprofessional communities4
IN TROD UCTIO NSINGAPORE’SCYBER OPERATINGLANDSCAPEAs Singapore harnesses digitaltechnology to improve lives andlivelihoods for all, cybersecurityhas become a necessity and a keyenabler for our digital economyand digital way of life.Singapore takes cyber threats seriously. Our cybersecurity journeystarted with the first Infocomm Security Masterplan in 2005 andthe formation of the Singapore Infocomm Technology SecurityAuthority (SITSA) in 2009. In 2015, the Cyber Security Agency ofSingapore (CSA) was set up as the central agency to oversee andcoordinate all aspects of cybersecurity for the nation.CSA published the first Singapore Cybersecurity Strategy in 2016,which had sought to:(i)Build a resilient infrastructure;(ii)Create a safer cyberspace;(iii) Develop a vibrant cybersecurity ecosystem; and(iv) Strengthen international partnerships.Scan here to learn more about Singapore’scybersecurity journey since 2016!5The Singapore Cybersecurity Strategy 20216
INTRODUCTIONSingapore’s Cyber Operating LandscapeKey Shifts in ourCyber Operating EnvironmentThe digital domain is one that is rapidly evolving. In the past five years,Singapore has observed four key shifts in our cyber operating environment:Disruptive TechnologiesGrowing Cyber-Physical RisksUbiquitous Digital ConnectivityIncreased GeopoliticalTensions in CyberspaceLooking ahead, there are several emergingWe are entering an age where the digital andThe COVID-19 pandemic has acceleratedDigital technologies are increasinglytechnologies that may disrupt currentphysical realms converge. Cyber disruptionsdigitalisation; businesses and individualsperceived as a key determinant in theapproaches towards cybersecurity.can spill over to the physical domain withare increasingly dependent on the smoothdistribution of power in the internationalreal-world consequences. In 2021 alone, werunning of digital infrastructure and services.system. The digital domain has thus becomeFor example, edge computing, enabled byhave seen the disruption of hospitals, oilThis has vastly expanded the attack surfacea new arena for geopolitical contestation.5G, cloud computing, and ubiquitous accesspipelines, and manufacturing facilities infor Singapore and Singaporeans, exposingStates are in a race to develop first-moverto digital devices, will fundamentally changevarious countries because of cyberattacks.more vulnerabilities to be exploited.advantages over key digital technologies.a mindset shift, as we move away fromGrowing cyber-physical risks are not limitedCyber threat actors take advantage of this toperimeter defence towards a zero-trustto the industry; these risks are also creepinglaunch cyberattacks. Cyberattacks are notcybersecurity model. Quantum technologiesinto our everyday lives with the proliferationonly growing in volume; they are also growingSingapore must remain steadfast in ourwill also disrupt the cryptographic methodsof smart devices and internet-enabledin sophistication.commitment to an open, secure, stable,underpinning cybersecurity today.products in our homes.We will work with businesses and individualscyberspace and actively work towardsOn the flip side, technologies such asWe must therefore ensure our CIIs andso that they are equipped to mitigate andthis vision, in order to navigate theseartificial intelligence and quantumother important systems are well protectedmanage cybersecurity risks, so that they cangeopolitical tensions.computing also present us with new waysand resilient. Existing policy and legislativedigitalise safely and securely.to secure our digital assets.frameworks must also be fit-for-purpose toour network environment. This requiresTechnical standards-setting bodies areincreasingly receiving political attention.accessible, peaceful, and interoperableaddress these risks.7The Singapore Cybersecurity Strategy 20218
INTRODUCTIONSingapore’s Cyber Operating LandscapeCompared to Strategy 2016,Strategy 2021 takes a moreproactive stance to addressthreats, broadens our scope ofprotection, and seeks to developdeeper partnerships withindustry and other organisationsto adapt to the changes in ourcyber operating environment.Strategy 2021 also places greateremphasis on workforce andecosystem development as keyenablers of our cybersecurity.Build ResillientInfrastructureStrengthen the security and resilienceof our digital infrastructureThe Singapore Cybersecurity Strategy 2021Enhance InternationalCyber CooperationCreate a cleaner and healthierdigital environmentFoster an open, secure, stable, accessible,peaceful, and interoperable cyberspaceRegulation will continue to be a key lever.The Government will take the leadSingapore will advance the developmentIn Strategy 2021, we will explore expandingto secure the digital infrastructureand implementation of voluntary, non-the Government’s regulatory remit underthat powers our digital economy, andbinding norms, which sit alongsidethe Cybersecurity Act to include entitiessupport the development of a healthyinternational law. We will also advocate theand systems beyond CIIs.digital environment. Recognising thatdevelopment and adoption of technical andcybersecurity can seem daunting to many,interoperable standards. Eventually, thisHowever, a purely regulatory approachthe Government will also seek to make itwill allow us to work towards a rules-basedcould engender a compliance mindset,easier for everyone to secure their devicesmultilateral order with agreed principles forwhich is not desirable in a fast-and use secure applications.responsible State behaviour in cyberspace.organisations should instead adopt aEnterprises, organisations, and individualsWe will also step up operational cooperationrisk management mindset. Strategymust play their part too. Enterprises andwith our international partners to combat2021 will therefore also seek to nudgeorganisations should include cybersecuritycross-border cyber threats. Singapore willenterprises and organisations to invest inas part of their risk managementalso support capacity-building programmescybersecurity to thrive in a digital world.framework and strengthen theirto help raise the global and regional levelscybersecurity posture. Individuals shouldof cybersecurity.evolving environment. Enterprises andvigilant against cyber threats.SINGAPORE’S APPROACHOBJECTIVESDevelop a VibrantCybersecurity EcosystemTo develop a vibrant cybersecurity ecosystem, the Government will galvanise the cybersecurity industryand academia to develop advanced capabilities, build world-class products and services, and grow ourcybersecurity market. The Government will invest in cybersecurity research and innovation. We willBuild a cybersecurity ecosystemunderpinned by research and innovationfor our security and economic needsGrow a RobustCyber Talent Pipelinealso establish entrepreneurship programmes, which stakeholders can leverage to develop Made-inSingapore solutions.The Government will work closely with our schools to educate students in cybersecurity and nurturebudding cybersecurity enthusiasts. The Government will also partner the industry and Institutes ofHigher Learning (IHLs) to develop skills and competency frameworks toward structured career pathsfor cybersecurity professionals.Develop and sustain a strongcybersecurity workforce to meetour security and economic needs9Enable a SaferCyberspacepractise good cyber hygiene and stayFOUNDATIONAL ENABLERSHow are weadapting to achanging cyberlandscape?SINGAPORE’S APPROACHOBJECTIVESSTRATEGIC PILLARSIn line with the national SkillsFuture movement, the Government will also encourage individuals interestedin cybersecurity to further their skills through programmes offered by industry and training institutes.10
INTRODUCTIONSingapore’s Cyber Operating LandscapeCybersecurity is a team sport, and everyone has a part to play. The Government will take thelead in rolling out initiatives to keep Singapore’s cyberspace safe. However, this Strategy is notjust a government blueprint; it is a call to action for all stakeholders to leverage resources andWhat is my role?opportunities outlined in this Strategy to play their part and contribute to the nation’s cybersecurity.The Government will play the role of team captain, guiding and empowering enterprises,organisations, and individuals to collectively work towards a safe and secure cyberspace.I am.A CII ownerA software orhardware vendorA leader of anenterprise ororganisationA cybersecurityprofessional orresearcherA studentAn individual who usesdigital technology forwork or playStrengthen thesecurity of CIIs by:Contribute to ahealthier digitalenvironment by:Strengthenmy organisation’scybersecurity posture by:Contribute toour cybersecurityecosystem by:Learn more aboutcybersecurity by:Take responsibility for myown cybersecurity by:I can. Adopting a risk-based approach Incorporating cybersecuritytowards cybersecurityLeveraging the CII Supply ChainProgramme to manage vendorcybersecurity risks Equipping my employeeswith cybersecurity skills and knowledge to build secureby-design software andin my enterprise’s riskmanagement framework hardware products the Cybersecurity Labelling Technology (OT) CybersecurityCompetency Framework as a Incorporating cybersecurityin my organisation’s riskmanagement framework SchemeUsing the Operationalapproach towardscybersecurityApplying to get myproducts certified underAdopting a risk-based Applying for the SG CyberUsing the resources andtoolkits developed bytool to establish processes,CSA to raise cybersecuritystructures, or jobs to manageawareness throughoutOT cybersecurity within mymy organisationCybersecurity R&D Participating in SG CyberYouth programmes,Programme to developsuch as the Youth Cyberadvanced cybersecurityExploration Programme orcapabilitiesthe Cybersecurity CareerLeveraging initiatives suchas the Cybersecurity Callfor Innovation to create newSafe Trustmark for myorganisation Leveraging the NationalMentoring Programme Participating in cyber Practising good cyber hygieneAdopting the tips in theSG Cyber Safe campaignsUsing the appropriatecybersecurity solutions toprotect my devicessparring and training underinnovative cybersecuritythe SG Cyber OlympianssolutionsprogrammeWorking with local industryassociations on communityinitiativesorganisation11The Singapore Cybersecurity Strategy 202112
CH APTER 1BUILD RESILIENTINFRASTRUCTUREGOALStrengthen the securityand resilience of our digitalinfrastructureWe rely on Critical Information Infrastructures(CIIs) for the provision of essential services,such as telecommunications, energy, healthcare,and banking.With increasing digitalisation, CIIs that were previously isolatedfrom the Internet are now increasingly linked to other digitalsystems, exposing them to cyber vulnerabilities and threats. Atthe same time, threat actors are becoming more sophisticatedand are honing their craft to exploit any vulnerability they can findto disrupt our digital way of life.The Government is committed to the security and resilience ofour CIIs, even as we push for more digitalisation. Beyond CIIs,the Government will also seek to raise the cybersecurity postureof other digital systems and infrastructure that could impactSingaporeans’ lives and livelihoods.13The Singapore Cybersecurity Strategy 202114
CHAPTER 1Build Resilient InfrastructureWHAT’S NEW?framework to safeguard our CIIs.Enable a coordinated approachto national cybersecurity withCIIs at its coreWhile we continue to strengthen these areas, Strategy 2021 also seeks to:To ensure our essential services are well-protectedIn Strategy 2016, the Government focused on strengthening the cyber resilienceof our CIIs. The Cybersecurity Act was passed in 2018 and serves as the legislativefrom cybersecurity threats, we will evolve ourpolicy approach to defend against sophisticatedLeverage synergies across the nationThis includes strengthening our technical capabilities andenhancing coordination across the Government in order toact with greater effectiveness, speed, and agility.threat actors. We must also continue to strengthencapabilities to protect, detect, respond, and recoverfrom malicious cyber activities. We will also ensurethat cyber-physical risks are well managed.Broaden our scope of protection beyond CIIsWe want to strengthen the cybersecurity posture of otherkey entities whose compromise or disruption have significantknock-on effects to the wider economy and society.Address growing cyber-physical risksAs the physical and digital worlds continue to converge, wewant to ensure our policy and legislative frameworks remainfit-for-purpose to manage cyber-physical risks.Evolve our policy approach todefend against sophisticatedthreat actorsStrengthen capabilities to protect,detect, respond, and recover frommalicious cyber activitiesThe Government will implement a layeredCybersecurity is enabled by strongand coordinated approach to national cybercapabilities. The Government will strengthendefence. CII owners will be encouraged toour technical capabilities to detect andadopt a zero-trust cybersecurity postureanalyse malicious cyber activities to betterfor critical systems. For other services anddefend against such threats. This includesinfrastructure whose disruption could havethe development of a Cyber Fusion Platformsignificant knock-on effects on the nation,that will allow the Government to conducta risk-based approach will be adoptedinvestigation with enhanced speed andThe Government will work closely with CII owners, the cybersecurity industryto strengthen the cybersecurity of theseefficiency. To strengthen our response andand key digital infrastructure owners to enable a coordinated approach tosystems. For example, CSA is developingrecovery, the Government will also implementa CII Supply Chain Programme to provideinitiatives such as the new National Cyberrecommendations for all stakeholders toSecurity Command Centre. We will also workmanage cybersecurity risks in the supplywith CII owners and other organisations tochain. In addition, we also seek to changeaddress the various people, process, andmindsets, such that cybersecurity will betechnology challenges in cybersecurity.national cybersecurity. We will also ensure that government systems providingkey services for our citizens are secure and resilient. The Government will alsolook beyond CIIs and work towards safeguarding other entities and systems thatprovide important services that support our digital economy and way of life.viewed as an enterprise risk managementissue, as opposed to a compliance issue.15The Singapore Cybersecurity Strategy 202116
CHAPTER 1Build Resilient InfrastructureEnsure policy andlegislative frameworksremain fit-for-purposeto address growingcyber-physical risksThe effects of cyberattacks areno longer contained in the digitaldomain. They are spilling intothe physical realm, as evidencedby ransomware attacks on theColonial Pipeline Company inthe US and healthcare servicesin Ireland and New Zealand.Our policy and legislativeframeworks must evolve andadapt to mitigate cyber-physicalrisks. This includes reviewingthe Cybersecurity Act, as wellEnsure government systemsare secure and resilientTo enable public service digitalisation, the Government will ensure that allgovernment systems — including both CIIs and non-CII systems — are resilient,Critical InformationInfrastructures in Singaporeprotected, and trusted by its users. Today, all government systems comply withtailored cybersecurity policies that are reviewed periodically. We will also modernisethe cybersecurity architecture of government systems to stay ahead of technologicalCIIs are digital systems that support the delivery of essentialdevelopments. Cybersecurity is not only about technology, but also about peopleservices. Today, CIIs have been identified from 11 criticaland organisational processes. We will therefore also raise the level of cybersecuritysectors — Aviation, Banking & Finance, Energy, Government,Healthcare, Infocomm, Land Transport, Maritime, Media,Security & Emergency Services, and Water.competency across Government. We hope that the Government’s risk-basedapproach towards cybersecurity can serve as a guide for other organisations andenterprises looking to strengthen their cybersecurity posture.To ensure that our essential services are not disrupted bycyber threats, the Government has put in place a three-tierframework to strengthen the cyber resilience of CIIs. as introducing policy initiativesReview cyber policies andenforce a tiered set ofrequirements in GovernmentModernise thecybersecurity architecturein GovernmentInstructional Manual 8 (IM8) is the managementThe Government is implementing theand build up their capabilities.tool used in Government to safeguardGovernment Trust-based Architecturegovernment ICT & Smart Systems (ICT&SS)(GTbA) that translates zero-trustEach CII sector has a sector lead, who works closelyassets. The IM8 Policy on Security establishesprinciples to the Government context,tailored security hygiene practices forthereby strengthening the security ofgovernment systems, based on a system’sapplications and systems.CSA, as the independent national authority oncybersecurity, monitors and regulates the CII sectors.At the same time, CSA actively supports sector leadssuch as the OT Cybersecurityand CII owners to improve their situational awarenessMasterplan and OT CybersecurityCompetency Framework. with CSA. They are the natural regulators of theCII owners and have a good grasp of the uniqueoperating and business environment — and risks —and Digital Government Group (SNDGG)To complement the GTbA, the Governmentsupports the implementation of IM8 securitywill operationalise the Governmentcybersecurity, usability, and cost.controls by providing consultancy services andCybersecurity Operations Centre (GCSOC)deploying Chief Information Security Officersthat can provide real-time monitoring,At the organisational level, CII owners are responsible(CISOs) across Government. The Governmentincrease Government’s situationalalso conducts regular penetration testing onawareness, and allow a more rapid andgovernment systems as part of the IM8 audit,accurate incident response.of their respective sectors. They are best placed toprovide guidance on the appropriate balance point of classification and criticality. The Smart Nationfor managing their cybersecurity risks and are the firstline defenders and responders.identifying vulnerabilities to be addressedbefore potential exploitation.17The Singapore Cybersecurity Strategy 202118
CHAPTER 1Build Resilient InfrastructureRaise the levelof cybersecuritycompetency acrossGovernmentThe Government Bug BountyProgramme and VulnerabilityDisclosure ProgrammeAs we become more reliant onSafeguard importantentities and systemsbeyond CIIsdigital systems, the GovernmentThe Government Bug Bounty Programme (GBBP) ismust ensure that public officersa programme that invites established cybersecurityare well equipped with theresearchers to conduct targeted assessments onskills and knowledge to keepcritical government systems with a bounty rewardthemselves cyber safe. Thefor critical vulnerabilities discovered. On the otherGovernment will also develophand, the Vulnerability Disclosure Programme (VDP)disruption will have significant knock-on effects to the rest of Singapore. We willa Cybersecurity Functionalis a crowdsourcing platform for the public to identifyCompetency Framework toand report vulnerabilities in government internet-also address the risks of new digital operating models, so that Singaporeans canprovide clear developmentfacing mobile and web-based applications. Throughmilestones for governmentthis platform, SNDGG encourages responsiblecybersecurity specialists.reporting of any suspected vulnerability whileIn addition, SNDGG hasstrengthening the sense of collective ownership overlaunched the GovTech Digitalthe cybersecurity of government systems.Academy that will providecustomised cybersecurityBuilding on the success of the GBBP and VDP, SNDGGtraining programmes for ICT&SSlaunched the new Vulnerability Rewards Programprofessionals in Government.(VRP) in 2021. Together, the three crowdsourcedvulnerability discovery programmes supplementGovtech’s suite of initiatives to safeguardGovernment systems.Vulnerability RewardsProgramme (VRP)Vulnerability DisclosureProgramme (VDP)With increasing reliance on digital infrastructure and services, the Government mustlook beyond CIIs to support the cybersecurity of other entities, especially if theirconfidently unlock the benefits of new technologies with peace of mind.Raise cybersecurity postureof important systems andentities beyond CIIsAddress cybersecurityrisks arising from newdigital operating modelsWhile cyber regulations around the world areDigital technologies will always evolve,largely focused on preventing the disruptionand we must be ready to adapt to theof essential services, there are somenew operating models that emerge assystems and entities that do not delivera result. For example, cloud servicesessential services but can neverthelessare increasingly important for thehave a significant impact on Singapore ifprovision of digital services supportingdisrupted or compromised. In this regard,key business functions and operations.we must likewise raise their cybersecurityThe Government will study the publicposture to protect that our digital economypolicy implications of emerging digitaland way of life. The Government will studyoperating models and seek to addressthe wider digital landscape and ensure thatthe risks as appropriate.these significant systems and entities areadequately protected against maliciouscyber threats.19The Singapore Cybersecurity Strategy 202120
CH APTE R 2GOALENABLE ASAFER CYBERSPACECreate a cleaner and healthierdigital environmentDigitalisation has changed the way welive, work, and play. Cybersecurity is akey enabler for Singaporeans to digitaliseconfidently and safely.Our goal is to create a healthy digital environment. Just as how goodphysical hygiene goes a long way to keep us healthy, a cleaner digitalenvironment and good cyber hygiene practices will help keep ussafe in the digital world. In 2020, the Government launched the SaferCyberspace Masterplan, which articulated our approach to creatinga clean and healthy digital environment. The Masterplan remainsrelevant to Strategy 2021.Scan to read theSafer Cyberspace Masterplan21The Singapore Cybersecurity Strategy 202122
CHAPTER 2Enable a Safer Cyber
Singapore takes cyber threats seriously. Our cybersecurity journey started with the first Infocomm Security Masterplan in 2005 and the formation of the Singapore Infocomm Technology Security Authority (SITSA) in 2009. In 2015, the Cyber Security Agency of Singapore (CSA) was set up as the central agency to oversee and
