Distinguished guests,
Ladies and Gentlemen,
Students,

It is very good to be here and to join you in this concluding session of your four-day camp. This is the first time MINDEF is organising this Cyber Defenders Discovery Camp. The intention is really to reach out to all the cyber talents and enthusiasts among our junior college, polytechnic and university students. I am glad to see that there is strong participation and very keen interest. I hope that all of you have found the four-day programme interesting and enriching. I hope you will give us your feedback and tell us what we can do to improve so that if we decide to do this again, we will make the programme even better for the next batch of students.

Growing Threats in Cyberspace

The creation and phenomenal growth of the Internet is indeed changing the way we live, work and play. All of you probably have gadgets that are connected to the internet or you are on the internet most of the time. But in tandem with this growth in the internet, we are also witnessing the rapid emergence of cyberspace threats. In a sense, the more connected we are, the more plugged in to cyberspace, the more vulnerable we are to attacks as well.

Home computer users, business enterprises, public infrastructures and any form of services or industry that are dependent, directly or indirectly on cyberspace are now exposed to such threats. These threats are manifested in many forms, from targeted phishing (or spear-phishing), distributed botnet attacks, to advanced persistent threats, with the intent to steal users' private data such as usernames, passwords and email contacts. Computers can be hijacked without their users being aware to attack other users or systems through means such as Distributed Denial of Service (DDoS) attacks that could cause severe disruptions to services. You read about these threats, I think you know about them, you sometimes see them on movies where you see hackers coming in or doing things with this sort of cyberspace attacks. In fact they are not just fiction, they are happening in the real world.

In Apr 2007, large-scale cyber attacks affected an entire nation when Estonia's ministries, banks, and media were all targeted, paralysing the nation for hours, if not days. Slightly more than a year later, there were websites in Georgia that were hacked or came under denial-of-service attacks prior to its invasion by Russia. That was another instance where we have massive attacks within the country and there were quite significant cyber threats. Even as we speak today, countries like Iran, Israel, Syria, Lebanon, Saudi Arabia and Egypt are battling off a targeted malicious malware attack which infiltrates government networks to steal sensitive data. The malware called Flame, named after one of its attack modules, is one of the most sophisticated threats ever seen. Flame is reported to use 5 different encryption methods and 3 different compression techniques to evade detection. It is said to employ all peripherals of a computer to steal information including the keyboard, screen, microphone, storage devices, network, Wi-Fi, Bluetooth, USB and system processes. It makes use of all these different weak points to steal information. It uses highly configurable and advanced exploits to spread itself from computer-to-computer and network-to-network.

Threats are getting more and more sophisticated. Cyber attacks can be conducted by rogue individuals, or sponsored by organisations or even state entities. A growing concern is that the terrorist groups are also increasingly cyber savvy. These terrorist groups are making use of the Internet, not just for propaganda and recruitment, they are already doing that, but they are now also starting to use the internet to conduct operations. So far, we have not seen terrorists launching full-scale cyber attacks. But we cannot underestimate the intent or the possibility of this happening. As the US Director of FBI warned earlier this year, the cyber threat could equal or surpass the threat from terrorism in the foreseeable future. So it is a real threat. It is something we have to grapple with and it is something we have to be prepared for. Many countries around the world are worried about this.

Our Response to Cyber Threats

Cyber attacks are becoming a real danger. Such attacks are happening around the world, with increasing scale and sophistication. And they can happen to us in Singapore too. In Singapore, we are a highly-wired society, we have a high level of connectivity, and interdependency. All of us will feel quite lost without internet connection but because we are so wired, a successful cyber attack on our systems could have far reaching consequences.

We have been looking at this issue, we are concerned about it and we are responding to it in several ways. First, the Singapore Infocomm Technology Security Authority (SITSA) was established to work with various industry regulators and to reach out to the various stakeholders of critical information infrastructure such as those in the energy, financial and info comms sectors. The objective is to assess cyber security vulnerabilities in order to build in safeguards in a holistic and consistent manner. Last year, we also set up a National Cyber Security Centre to boost our national capability to counter security threats.

Within MINDEF, we have long recognised the importance of cyber security. We have been doing our part to make sure that our networks are reinforced and strengthened, but we also have another urgent task, which is to build a pipeline of deep cyber security expertise amongst our young people. This means building up interest amongst young Singaporeans in this area, and getting more people to enroll in computer science and engineering courses in our universities. So that as you progress on with your studies and later on in your jobs, this will be something you will be passionate about and to pursue a career in this particular field. MINDEF is doing our part. Together with SUTD, our fourth university, we are setting up a research centre for research into trustworthy computing (iTRUST). iTRUST aims to be a magnet to attract a team of leading researchers in the field to stimulate greater interest in infocomm security in Singapore and to catalyse the build-up of a critical mass of such expertise here.

Using camp as a platform to generate awareness in cyber defence

The organising of this Cyber Defenders Discovery Camp is yet another MINDEF initiative to generate greater interest and awareness in cyber defence.

In this four-day programme, I hope that you have learnt how to find and rectify vulnerabilities of a typical IT system, investigate network attacks and develop measures to detect and remove malware. I hope you gained some insights into these techniques. Please use them responsibly. I think the techniques that you use and that you have learnt will give you a taste of what it means to be a participant in cyberspace defence and cyber security, The aim is to give you a better appreciation of the vulnerabilities of cyberspace, and to give you a glimpse of the day-to-day activities that our cyber defenders do. Through this process, we hope that you recognise what it takes to successfully defend our cyberspace - it is not just about having the technical know-how. That is important but it is also about developing a deep understanding of our IT infrastructures in different domains and IT software, as well as having an understanding of human behaviours and habits.

Conclusion

The uptrend in malicious cyber attacks and our deep reliance on Internet services necessitate that we build expertise and capabilities in our government, industry, academia and research institutes to secure our cyberspace. Addressing this challenge requires multi-disciplinary expertise from economics to computer science and in fact, it is indeed a multi-disciplinary field because you need, not just technical knowhow, but the broader understanding of cyber security. Ultimately it requires the transition of new concepts and technologies into practice. As infocomm technology is a key driver of our knowledge-based economy and our day-to-day life is increasingly intertwined with IT, we need to ensure that we can continue to operate in a cyberspace that is safe, secure and trustworthy.

I hope that having attended this camp, all of you will know why we cannot take the security of our cyberspace for granted. It is vulnerable. Bad things can happen. It has happened in other countries and we cannot assume that it will not happen in Singapore. More importantly, I hope that you now have a better appreciation of the critical roles played by our cyber defenders to keep our cyberspace secure. We have cyber defenders in different domains, not just in the military but in finance, energy, transport and in our infocomms infrastructure. So it is an important endeavour which we must continue to safeguard and continue to strengthen. Naturally, what you have been exposed to is but the tip of the iceberg. There is a lot more to learn in this field and there is a lot more that is being done. Nevertheless, I hope that what you have been through, these four days of camp, is sufficient to arouse your curiosity, to stimulate your interest in cyber security. And I hope that in the years to come, some of you will continue to pursue your interest in this area and you will join the ranks of our cyber defence workforce to safeguard our cyberspace from those with malicious intent. Thank you very much.