Building Global Expertise for National Level Cyber DefenseCybersecurity Awareness Campaign roadshow...

Co-confidential

Building Global Expertise for National Level Cyber Defense 28th November 2018

Mr. Goh Eng Choon

Deputy President, Cybersecurity Systems Group EVP / General Manager ST Engineering Electronics, Info-Security

Chairman, Cybersecurity Chapter

Sharing of A Cyber Security Story

Co-confidential 3 |

Source: http://theindependent.sg/spilt-milk-and-singhealth-data-breach/ https://graphics.straitstimes.com/STI/STIMEDIA/Interactives/2018/07/sg-cyber-breach/index.html

Co-confidential 4 |


Co-confidential 5 |


Senior Manager reluctant to report attack

Healthcare is the new “favorite” target!

Security Team do not get proper access to appropriate level managers

Improve Awarenes of front-end users like doctors, nurses, pharmacist and administrators

Improve Cyber-Physical System to function like tripwires with surveillance cameras and access control

Lack of Centralised C2 Platform led to Disorganised and Missing Information

Server exploited by hackers had not received security software updates for more than a year.

Improve sharing of information between government and industry players to work together as a collective system

Co-confidential 6 |


EMR Systems All Suffer From Common Issues

• Large attack surface with 60,000 endpoints, 6,000 servers and 3TB of Internet Traffic passing through its networks daily.

• Passwords shared or exposed.

• Open workstations.

• Ease of access versus security controls. 3:1 ratios of non-staff vs staff.

• Transactional programs with limited security features.

Co-confidential 7 |

Cybersecurity Journey So Near & Yet So Far

Singapore Experience

2005

1st Infocomm Security

Masterplan

2008

2nd Infocomm Security Masterplan

(CII)

2009

Singapore Infocomm Technology Security

Authority

2013

National Cyber Security Masterplan

& National Cybersecurity

R&D Programme

2014

National Cyber Security Centre

2015

Cybercrime Command

2016

National Cybercrime Action Plan

Source: https://www.csa.gov.sg/~/media/csa/documents/publications/singaporecybersecuritystrategy.pdf

Cyber Security Agency of Singapore

Co-confidential 8 |


National Strategy

Co-confidential 9 |

“Cybersecurity is a team effort, everyone has a part to play, and everyone has to play their part. The Government will take the lead to spearhead initiatives to enhance Singapore’s cybersecurity stance, and we will need everyone’s cooperation to reap long term benefits for the cyber ecosystem. We aim to build a Smart Nation – one that will be enabled by trustworthy infrastructure and technology”

Dr Yaacob Ibrahim Member of Parliament of Singapore

Former Minister-in-charge of Cybersecurity, Singapore (1 November 2015 – 30 April 2018) Source:

https://www.csa.gov.sg/~/media/csa/documents/publications/singaporecybersecuritystrategy.pdf

Co-confidential 10 |

Source: https://www.csa.gov.sg/~/media/csa/documents/publications/singaporecyberlandscape2017.pdf?

*CMCA: offences under the Computer Misuse and Cybersecurity Act



2017: 23,420 2016: 2,512

phishing URLs with a Singapore-linked detected

932% *CMCA: offences under the Computer Misuse and Cybersecurity Act



Combat cybercrime through the National Cybercrime Action Plan

• Educate and empower the public

• Enhance the Government’s capacity and capability

• Strengthen legislation and the criminal justice framework

• Step up partnerships and international engagement

Enhance Standing as a trusted hub

• Build a trusted data ecosystem

Promote collective responsibility for cybersecurity



The inaugural National

Cybersecurity

Awareness Campaign

roadshow in February

2017 attracted close to

16,000 visitors from all

walks of life

Bringing the message to a younger audience through a series of Cyber Safety activity books aimed at primary school students


Another Choice for Your Kid from (ISC)2

Source: https://safeandsecureonline.org/children/



Providing cybersecurity news and advisories, such as free tool kit, to businesses and individuals via the GoSafeOnline website and other social media platforms



Set up the protection of essential services • Critical Information Infrastructure (CII) Protection Programme • Security by Design

Enhance the capability to respond decisively to cyber threats

• National cyber situational awareness

Strengthen the cybersecurity governance and legislative framework

• New Cybersecurity Act

Make government systems more secure • 8 percent of the total Government ICT expenditure to

cybersecurity

CII Operators Cybersecurity Community

Government


Recent Notable Attacks in Industrial Control System (ICS)

Triton • Latest attack framework - Built to interact with Triconex Safety

Instrumented System (SIS) controllers • Attacked industrial hardware in the Middle East • Well-resourced state-sponsored actor

• Ransomware targeted Kiev metro, Odessa airport and Interfax • Linked to Russia

• Ransomware affected more than 230,000 computers in 150 countries with UK NHS, European telecoms companies and Germany state railways hardest hit

• Linked to North Korea

WannaCry

NotPetya

• “Ransomware” primarily targeted organisations in Ukraine

• Spread across the world – Shut down largest terminal in Port of Los Angeles

Dec 2017

Oct 2017

May 2017

Jun 2017

Cost: US$250M - $300M


Cyber Attack on Ukrainian Grid

• Dec 23, 2015: Three regional Ukrainian Electricity distribution companies – Kyivoblenergo, Prykarpattyaoblenergo and Cherivtsioblenergo – suffered power outages due to a cyber attack.

• At the same time, the attackers overwhelmed utility call centers with automated telephone calls, impacting the utilities ability to receive outage reports from customers and frustrating the response effort.

• Impact:

• 30 substations were switched off

• 230,000 people without electricity for 1 to 6 hours

• Utilities relied on manual efforts to restore electricity


ICS-Specific Vulnerabilities Disclosed


IT/OT Cybersecurity Environment

Confidentiality Integrity Availability Availability Integrity Confidentiality

Information Technology (IT) Operations Technology (OT)

• IT is Dynamic

• Data is key

• Confidentiality is #1

• Security Patches frequent

• OT is Deterministic

• Process is key

• Availability is #1

• Security Patches infrequent


User HMI SCADA Server

PLC / RTU Sensors / Actuators

Legacy Devices and Protocols, with

almost no security.

Cyber Attacks

The CIA AAA SAM pyramids

Confidentiality Integrity

Availability

“Systems must work as designed

when called upon in times of

crisis. The availability of these

systems must never be

questioned”

IT

IoT/OT

Safety

Maintainability

Authentication, Authorisation, Auditing

Domains

expertise

Deep

engineering

mindset

System

assurance

Detect Respond

Protect

Domains expertise – there must be

domain expertise to advise the relationship of

components, describe the contextual information

and correlation of data/records/documents.

System Assurance – system assurance

methodology must be adopted to conduct failure

analysis to identify variable component failures,

single-point-of-failure and environmental variable

changes.

Deep engineering mindset – Enterprise

IT compliance framework will not work in IoT/OT

environment; no longer are simple matrix or

compliance checklist will suffix. Contextual

enhancement will be needed to convert data to

information (knowledge to wisdom). Profiling of

components behaviour will be required.

CIA – “Industrial IT” - AIC

11/16

National SOC Architecture

People, Process & Procedure (PPP)

Security

Advanced Data Analytics System

Cyber Situational Awareness & Incident Management System

Technologies

Storage

Early Detection System

Internal Security

Governance

Government Transport Energy Water Health

care

Info Comm Media

Banking &

Finance

Cyber Threat Intel

(Land, Maritime & Aviation)



Government

Industry Partners

Professional Associations

Institutes of Higher Learning

Research Institutes Cybersecurity

Ecosystem

• Strategy & policy • Regulation and standard

• Value creation • Job opportunity and

career

• R&D • Innovation

• Deep expertise • 3rd Party Certification

• Skill development • Education



Establish a professional workforce • Clearer career pathways

• Internationally recognised certifications

• Strong communities of practice

• Up-skilling and re-skilling opportunities

Extend cybersecurity advantage through strong local companies

Attracting and anchoring companies

Nurturing start-ups

Grow local champions

Develop market opportunities

Innovate to accelerate the industry’s growth National Cybersecurity R&D Programme

R&D collaboration between the Government, academia and industry


• Lack of cyber security talent pool in everywhere

• Hard to find cyber security professional with operational skills

• Training courses in the current market are mainly theoretical based training

Challenge in hiring Cyber

Security Professionals

Hardening of Systems’ Security

Security Testing & Diagnosis

Threat Intelligence

Security Detection

& Monitoring

Incident Response &

Recovery

Attack Attribution &

Forensics

1 2 3 4 5 6


Cyber Security Associates & Technologists (CSAT) Project

A joint initiative by the Cyber Security Agency of Singapore and the Infocomm Media Development Authority to grow the cyber security talent pool

Aims to

train and improve the skills of fresh information and communications technology (ICT) talent and mid-career professionals

Curriculum

provides a comprehensive range of operational-centric cybersecurity practical trainings designed to bridge the operational skills gap faced by the industry


Security Operation Centre (SOC) & Operations

Deep Engineering Expertise to Design, Build, Operate &

Maintain SOC

Track Records : 2011 MHA Cybersecurity Centre

2012 ST Engineering Security Operations Centre

2013 National Cybersecurity Centre

2014 Government Security Solutions

2016 Smart City Central Security Infrastructure

2017 Enhancement of cybersecurity monitoring system

2017 Government Central Infrastructure Service

2018 Singapore Power SOC

2018 LTA Log management and cybersecurity analytics solution

2018 Maritime Port Cybersecurity Operations Centre

Track records in National, Sectorial and Enterprises SOC


Overarching Training Methodology Knowledge application through scenario based learning

4

AFTER ACTION REVIEW

SCENARIO

3 HANDS ON

2 THEORY

1 POSTURE

IMPROVEMENT Transfer of theory based

knowledge

SCENARIO EXERCISE

Build cognitive and analytical skills

SUMMATIVE EVALUATION

Internalize sharing and learning experience

FAMILIARIZATION

Acquaint with security tools

Build Posture Improve Maturity

Cybersecurity Training & Cyber-Range

Exercise

Co-Confidential Co-Confidential

ST Electronics

1st in the World to

incorporate Cyber-Range

into (ISC)2 SSCP Training

Trained over 2000

personnel over 150

organisations

Conducted Cyber Range Exercise for

Army, SCDF, GovTech, MAS &

OCBC

OCBC (World’s 3rd

Strongest Bank 2016)

Singapore Civil

Defence Force

Cybersecurity Training & Cyber-Range Exercises

MOU ST Engg and Army For Cyber Def Trg


• Trained more than 100 CSAT Participants

• Both Fresh Graduates and Mid-Career Conversion

• Alvin Koh, at 56 converted to be a Cyber Security Professional in Vulnerability Assessment and Penetration Tester

CSAT, an Ideal platform that self-sustain in the cybersecurity ecosystem as it benefits both the trainees and organisations

Cyber Security Associates & Technologists (CSAT) Project








• Attracting and anchoring companies

• Nurturing start-ups

• Grow local champions

• Develop market opportunities

Innovate to accelerate the industry’s growth National Cybersecurity R&D Programme

R&D collaboration between the Government, academia and industry


Source: https://www.stengg.com/en/innosparks/#/ https://ice71.sg/mapping-singapores-cybersecurity-startup-community/

Incubation Environment for the Future








• Attracting and anchoring companies

• Nurturing start-ups

• Grow local champions

• Develop market opportunities

Innovate to accelerate the industry’s growth • National Cybersecurity R&D Programme

• R&D collaboration between the Government, academia and industry


National Cybersecurity R&D Programme (NCR)

• Launched in 2013, the NCR was supported at $130 million over five years.

• The funding supports research efforts into both technological and human-science aspects of cybersecurity

• In 2016, an additional $60 million was allocated to extend the support until 2020

Source: https://www.nrf.gov.sg/programmes/national-cybersecurity-r-d-programme

National Satellites of Excellence (SOE)

aim to develop and consolidate local cybersecurity research strengths in domains that are of national interest • Trustworthy Software

Systems • Mobile Systems Security &

Cloud Security

National Cybersecurity R&D Laboratory

aims to provide users with a wide range of ready-to-use tools for cybersecurity testing in repeatable and predictable experimentation environments

launched in 2016 to promote research, commercialisation and training in cybersecurity.


Collaboration with Research Institute and Institutes of Higher Learning

Collaboration with

Cyber Security Is Not Local Play But Is Global Play.

BG(Ret) David Koh Chief Executive Cyber Security Agency and

Chief Defence Cyber Security Organisation, Ministry of Defence



Forge international and ASEAN cooperation to counter cyber threats and cybercrime

Champion international and ASEAN cyber capacity building initiatives

Facilitate exchanges on cyber norms and legislation


Source: https://therojakplace.com/2017/09/2nd-asean-ministerial-conference-on-cybersecurity/ https://www.csa.gov.sg/~/media/csa/documents/publications/singaporecyberlandscape2017.pdf?

Singapore International Cyber Week (SICW) • Annual Event • Brings together international and regional cyber leaders to forge partnerships and

engage in critical dialogue on cybersecurity.

ASEAN Cyber Capacity Programme (ACCP) • Launched in April 2017, funding of SGD10 million, to be utilised over five years • Aims to seek to build technical, policy, and strategy-building capacities within

ASEAN Member States • More than 120 ASEAN cybersecurity officials and incident responders have been

trained

HIGHLIGHT


Regional in Cooperation

Global in Perspective

Finally It Depend On You!

CONCLUSION

Thank You

Co-confidential

Building Global Expertise for National Level Cyber DefenseCybersecurity Awareness Campaign roadshow...

Documents

Transcript of Building Global Expertise for National Level Cyber DefenseCybersecurity Awareness Campaign roadshow...