Speech by Mr. Louis Ng Kok Kwang, MP for Nee Soon GRC at the Second Reading of the Cybersecurity Bill [Bill No. 2/2018]
Sir, I rise in support of this Bill. Singapore runs on computers. Everything from our transport system and fire departments, to our hospitals and military, relies on the availability of sustained access to computer systems and networks.
This also means that a successful cyber-attack on our Critical Information Infrastructure (CII) would not simply pose a threat to our way of life but could seriously endanger our national security. Therefore, I applaud MCI and CSA’s efforts to develop the resilience needed to ensure that when we are attacked, we will stay strong.
I have seen how technology, used in the right way, has uplifted people. Ride-sharing and food delivery applications have given many people a new outlet for income, and entrepreneurs have embraced e-commerce to expand their market. Technology has helped many to climb the socio-economic ladder.
Resilience is not just for CIIs
Ensuring our CII’s are resilient to a large-scale cyber-attack is important. But there is more to who we are as a country than just 11 critical sectors. Small businesses must be resilient to hacks and learn how to maintain business operations, but regular Singaporeans should also be armed with tools to stay safe online.
A 2015 survey published by IT Security firm ESET notes that although 76% of Singaporeans know of some precautions to take when going online, only 44% actually do anything about it.
So how can we help our SMEs, our Instagram influencers and first-time e-retailers stay safe and be able to continue their business operations when they are hacked? How can we help the older generation, the aunties and uncles, to learn the best practices of using the Internet, so they can avoid becoming victims of cyber-attacks?
The risks that regular people face online are increasing. Last year thousands were affected when WannaCry ransomware hit our shores. But the threat can come from within Singapore too. Singapore hosts 1.6% of all the malware in the world, which is an astronomical amount considering that our island holds only a very small fraction of the world’s population. The very fact that we are a connected and smart country means that we are more at-risk to cyber attacks.
Proposals to improve cyber resilience
An idea is to start with our young ones. The UK, for example, has set aside 20 million pounds to fund CCA clubs in schools that focus on cybersecurity training. This not only teaches children how to be good online citizens, but it also creates a pipeline of future cybersecurity specialists. Would MCI and CSA consider working with MOE on this?
Another possibility would be to provide grants to SMEs to beef up their cybersecurity awareness. Many businessmen may be unaware that being hacked could ruin their company. A recent survey conducted by QBE insurance found that only 23% of all surveyed SMEs are concerned about security of sensitive data while 35% of smaller SMEs have no cyber protection.
Smaller companies do not have large IT footprints but will face serious operational risks if their systems were down. Precision engineering firms would not be able to manufacture if were attacked by ransomware. Others would lose customers if customer data was to be hacked. Would MCI and CSA work with Spring or NTUC to help SMEs and start-ups pay for anti-virus software or hire consultants for cybersecurity reviews?
Next, we can explore ways to do more for our most vulnerable residents – the older generation. I have residents that are 90-year-old grandparents who check their email and WhatsApp constantly. To them, technology is no longer just a novelty, but an integral part of daily life. Unfortunately, these residents are the most vulnerable to hacking. Would CSA work with People’s Association to develop programs to teach the fundamentals of cybersecurity?
Finally, I would like to ask MCI whether there are plans to amend the Bill to require all hacked companies to report breaches. This would give CSA greater visibility to the types of hacks that are happening in Singapore. Rather than waiting for a CII to be attacked, CSA might be able to identify trends and take preventative measures.
This will also prevent incidents from going unreported. For example, like the Equifax breach in the US, which resulted in the sensitive data of 145 million citizens being stolen, or Uber paying off hackers who had stolen customer information. After all, every day that a breach goes unreported is another day that people are at risk of identity theft, or credit theft.
In conclusion, I stand in support of the Bill. Anything we can do to improve our nation’s resilience to outside threats is a positive step. But let us not forget that thousands of SMEs and millions of Singaporeans still do not know how to stay safe in cyberspace. We will never be truly resilient, unless all of us, collectively as Singaporeans, can effectively mitigate the risks of being online.