Jurisdiction: | Government of Singapore |
Headquarters: | 5 Maxwell Road, #03-00, Tower Block, MND Complex, Singapore 069110 |
Minister1 Name: | Josephine Teo |
Minister1 Pfo: | (Minister In Charge for Cyber Security) Minister of Digital Development and Information and Second Minister for Home Affairs |
Chief1 Name: | David Koh |
Chief1 Position: | Commissioner of Cybersecurity and Chief Executive |
Parent Agency: | Prime Minister's Office (de jure) Ministry of Digital Development and Information (de facto) |
Agency Id: | T15GA0002C |
Agency Name: | Cyber Security Agency of Singapore |
The Cyber Security Agency (CSA) is a government agency under the Prime Minister's Office, but is managed by the Ministry of Digital Development and Information of the Government of Singapore. It provides centralised oversight of national cyber security functions and works with sector leads to protect Singapore's Critical Information Infrastructure (CII), such as the energy and banking sectors.[1] [2] Formed on 1 April 2015, the agency also engages with various industries and stakeholders to heighten cyber security awareness as well as to ensure the development of Singapore's cyber security. It is headed by the Commissioner of Cybersecurity, David Koh.[3] [4] [5] [6] [7]
The Cyber Security Agency took over the functions previously carried out by the Singapore Infocomm Technology Security Authority (SITSA), under the Ministry of Home Affairs. SITSA was set up in 2009 as the national specialist authority overseeing operational IT security.
The CSA also took over some roles undertaken by the then-Infocomm Development of Authority (IDA) such as the Singapore Cyber Emergency Response Team (SingCERT), which facilitates the detection, resolution and prevention of security-related incidents on the Internet.
The agency builds upon the government's cyber security capabilities, which include strategy and policy development, cyber security operations, industry development and outreach; as well as public communications and engagement.
It has organised events such as the Singapore International Cyber Week (SICW) in 2016, with over 5,000 attendees from close to 50 countries. The SICW also saw the launch of Singapore's Cybersecurity Strategy.[8]
In 2017, the second edition of the SICW was held from 18 to 21 September 2017. It also hosted the 2nd ASEAN Ministerial Conference on Cybersecurity.[9]
In October 2016, then-Prime Minister Lee Hsien Loong launched Singapore's Cybersecurity Strategy with the aim to create a resilient and trusted cyber environment for Singapore. Four pillars underpinned the strategy:
Singapore's revised goals were outlined in the Singapore Cybersecurity Strategy 2021.[10] As a result, Singapore's cybersecurity plan, which was originally implemented in 2016, was reviewed and updated.
In 2016, as part of Singapore's Cybersecurity Strategy, it was announced that internet access of civil servants' work stations will be cut-off. David Koh, chief executive of the then-newly formed agency, said officials realised there was too much data to secure and "there is no way to secure this because the attack surface is like a building with a zillion windows, doors, fire escapes".[11]
Security experts commented that the move may only raise the defense against cyber attacks slightly but risk damaging the productivity of civil servants and those working at more than four dozen statutory boards, and cutting them off from the people they serve.[11]
Singapore Cyber Security Agency has launched various programmes to support its strategy, including:[12]
Singapore’s Cyber Security Agency launched a new cyber security certification scheme recognizing organisations with good cyber security practices at the end of March 2022. [19] [20] [21] [22]