Cyber Security Agency (Singapore)


The Cyber Security Agency of Singapore is a government agency of Singapore nominally under the Prime Minister's Office, but is day-to-day administratively managed by the Ministry of Communications and Information. It provides centralised oversight of national cyber security functions, and works with sector leads to protect Singapore's Critical Information Infrastructure, such as the energy and banking sectors. Formed on 1 April 2015, the agency also engages with various industries and stakeholders to heighten cyber security awareness as well as to ensure the development of Singapore's cyber security. It is headed by the Commissioner of Cybersecurity, David Koh. The Minister-in-charge is S. Iswaran of MCI.

History and overview

The Cyber Security Agency took over the functions previously carried out by the Singapore Infocomm Technology Security Authority, under the Ministry of Home Affairs. SITSA was set up in 2009 as the national specialist authority overseeing operational IT security.
The CSA also took over some roles undertaken by the then-Infocomm Development of Authority such as the Singapore Computer Emergency Response Team, which facilitates the detection, resolution and prevention of security-related incidents on the Internet.
The agency builds upon the government's cyber security capabilities, which include strategy and policy development, cyber security operations, industry development and outreach; as well as public communications and engagement.
It has organised events such as the Singapore International Cyber Week in 2016, with over 5,000 attendees from close to 50 countries. The SICW also saw the launch of Singapore's Cybersecurity Strategy. The second edition of the SICW will be held from 18 to 21 September 2017. Singapore will also host the 2nd ASEAN Ministerial Conference on Cybersecurity this year.

Singapore's Cybersecurity Strategy

In October 2016, then-Prime Minister Lee Hsien Loong launched Singapore's Cybersecurity Strategy with the aim to create a resilient and trusted cyber environment for Singapore. Four pillars underpin the strategy:
In 2016, as part of Singapore's Cybersecurity Strategy, it was announced that internet access of civil servants' work station will be cut-off. David Koh, chief executive of the then-newly formed agency, said officials realised there was too much data to secure and "there is no way to secure this because the attack surface is like a building with a zillion windows, doors, fire escapes".
Security experts commented that the move may only raise the defense against cyber attack slightly but risk damaging productivity of civil servants and those working at more than four dozen statutory boards, and cutting them off from the people they serve.