Published: 20 July 2016
Secretary General of ASEAN
Secretary General of INTERPOL
1. The RSA Conference is a leading information security conference in the world. We are glad that we have with us today, a good cross section of people, policy makers, ministers, senior officials, people from the enforcement agencies, senior government officials from ASEAN and ASEAN plus Three countries, and leaders in industry and academia. We wish you a warm welcome. Your presence in this conference shows the importance of this issue.
II. OPPORTUNTIES AND RISKS OF A CYBER-ENABLED WORLD
2. If you look around our world today, we are surrounded virtually in every aspect – our personal information, our devices, our transactions, our day-to-day activities, everything is plugged into the Internet and onto the cloud.
3. The Internet has enabled us to connect, communicate, collaborate and has opened up tremendous opportunities. These include e-banking, social networks, self-driving cars, and the Internet of Things. Netherlands and Korea have recently launched Internet of Things networks and we have launched our Smart Nation initiative. There are tremendous, exciting opportunities. In fact, life is not possible without being plugged in.
4. At the same time, those opportunities are also being seen as opportunities by those on the "dark side". The more connected we are, the more vulnerable we become to cybercriminals.
III. THREAT OF CYBERCRIME
5. Cybercrime is seen, and has rightly been identified, as a growing threat. It does not recognise national boundaries. They hide behind the shadows and the scale and speed with which they can strike is such that it can cause tremendous damage.
6. Cyberspace is changing the nature and complexion of crime all around the world. In the United Kingdom, the number of crimes committed through the internet has exceeded the crimes committed in the physical space. For us, in the last year, the number of crimes committed under the Computer Misuse and Cybersecurity Act (CMCA) has increased by 40% over the previous year. If you look at research estimates, there are some suggestions that by 2019, you could have more than US$2 trillion being lost through cybercrime within three years. That is four times the amount in 2015. There was the "Carbanak" case last year, a highly sophisticated attack on more than 100 banks across 11 countries and causing losses of an estimated US$1 Billion.
7. Cybercrimes go beyond financial loss – drug trafficking, child pornography and many other illegal activities. An example from nearby was the British paedophile Richard Huckle. He lived for slightly more than a year in Kuala Lumpur. He preyed on at least 23 young children in Malaysia. He hid his photographs and blogs in the dark web, built up a vast collection of child pornography and used the Internet to sell the pictures and videos of his crimes to other paedophiles around the world.
8. What we have seen so far is just the tip of the iceberg.
IV. NATIONAL CYBERCRIME ACTION PLAN
9. Most countries have been developing and updating action plans. We have been developing and updating our plans for a period of time, and we call it the National Cybercrime Action Plan, or NCAP. It is a coordinated effort to fight cybercrime. It is both a conceptualisation and to take an approach to really deter, detect and disrupt cybercriminal activity and to create a safe and secure online environment in Singapore, as far as possible.
10. There are four key principles underlying this. First is of course prevention. Second, a quick, strong response to cybercrime. Third, making sure that the legal framework is robust, and fourth, this cannot be done by us alone. It has got to be done in partnership, so it is a shared responsibility.
11. It translates into four key priorities for us. First, educating and empowering the public to stay safe in cyberspace. Second, the Government has to have the capability, and enhance its capability, to fight cybercrime. Third, change our laws and fourth, build partnerships. I will touch briefly on each of these.
V. KEY PRIORITY 1: EDUCATING AND EMPOWERING THE PUBLIC TO STAY SAFE IN CYBERSPACE
12. The first priority has to be to train our people, to be smarter, better in dealing with cyberspace, and empower them to work on the cyberspace. The Singapore Police Force will go on a mass education campaign in schools. They will use the media, including social media, as well as existing platforms. We will also reach out through our Neighbourhood Police Centres. In 2015, we conducted more than 80 roadshows across the island using our Crime Prevention Ambassadors and that will continue, with a special focus on the groups which are more vulnerable – senior citizens and the younger people. They will work with NGOs and schools to raise awareness. Our National Crime Prevention Council will be launching a new app, called the 'Cyro' game app for children later this year.
13. We have an existing Scam alert website and we will also be transforming it into a one-stop self-help portal.
VI. KEY PRIORITY 2: ENHANCING THE GOVERNMENT'S CAPACITY AND CAPABILITY TO COMBAT CYBERCRIME
14. Second, our agencies must be upgraded. Every government is looking at this to meet the challenges and deal with them. Late last year, a new Cybercrime Command was established and that Command brings together capabilities of the enforcement agencies, particularly the Police, in forensics, intelligence and crime prevention. The formation of the Command will help improve the coordination, teamwork and response.
15. The Command will analyse new methods being used by cybercriminals. They will get information, analyse them and that will then allow them to shape crime prevention messages. They will then disseminate it to the public.
16. This Command will also oversee the Cybercrime Response Teams (CRTs). The CRTs will be in every Police Land Division and they will have a level of proficiency and expertise in investigations and digital forensics.
17. The Police have developed new tools, for example, which will allow them, through a process of automation, the ability to process a huge amount of data, without somebody having to go through it. So it is automated and that then reduces the processing time for digital evidence and frees up the investigation officers to do other kinds of work.
18. We have also set up in 2014, the Cyber Security Lab (CSL), which is a modern hands-on training laboratory. CSL will expand its curriculum to cover a variety of topics like cyber security fundamentals, digital forensics and malware analysis and equip our officers with the necessary skills.
19. Exercises are key. We have conducted a number of exercises to make sure the coordination is there.
VII. KEY PRIORITY 3: STRENGTHENING LEGISLATION AND THE CRIMINAL JUSTICE FRAMEWORK
20. The third priority is legislation. We are relooking our legislation. In the past, crime was often territorial and geographical. You look at it and deal with it. Today, it is across borders and we have to update our laws to make sure that it remains relevant and redefine what crime is, if necessary, to deal with the transnational nature of crimes and the new and evolving tactics of criminals. So what happens in the real world will have to be replicated in the virtual world and we have to develop the tools to make sure they are updated for that.
VIII. KEY PRIORITY 4: LOCAL AND INTERNATIONAL PARTNERSHIPS
21. Finally, the fourth priority is partnerships. This cannot be done by the government or the government agencies or the Police alone. Partnership with the industry, working with the industry is essential and critical. The private sector, both local and overseas, plays a critical role in our fight against cybercrime. The best expertise in technology does not often reside in the government. It often resides in the private sector and Institutes of Higher Learning, with industry.
22. We will thus work closely with our partners to share knowledge and expertise, to build capabilities in areas like cyber-forensics and cyber-investigations.
23. For example, we are working with the industry to develop customised malware analysis tools. We are also working with our Institutes of Higher Learning like Temasek Polytechnic, for example, to develop a new lab [Temasek Advanced Learning, Nurturing and Testing Laboratory (TALENT Lab)] which will allow students to test their innovations against the latest cyber threats that have been identified. This will be operational by next year.
24. Our partnerships will also transcend national boundaries. We are committed to fight cybercrime across the globe. Last year we had a spate of credit-for-sex scams committed by syndicates operating in China. Our Police worked with Chinese law enforcement counterparts, simultaneous raids were conducted and 43 syndicate members were arrested.
25. We can contribute in the area of capability development both regionally and internationally. As ASEAN's Voluntary Lead Shepherd on Cybercrime, we hope to support our fellow ASEAN Members in this fight.
26. The Ministry of Home Affairs has established a new Institute of Safety and Security Studies (ISSS). ISSS will promote thought leadership and seek to build expertise in different areas, including Cybercrime. Training courses will be conducted, not only for our own officers but also for our partners from ASEAN member states.
27. The INTERPOL Global Complex for Innovation (IGCI) is located in Singapore. We have an excellent partnership with IGCI and IGCI is INTERPOL's global hub on cybercrime. It brings together law enforcement officers from around the world, and industry partners like NEC, Kaspersky, Trend Micro and Microsoft. Through IGCI, INTERPOL has conducted several successful global operations and that will continue. We have a very strong partnership. We will encourage our partners to come together and work with IGCI on this. The Secretary-General was just sharing with me how a mobile laboratory that was created and developed in Singapore was used in the Caribbean for the training of officers. I think we can do more of this and we will.
28. We want to promote knowledge sharing and best practices, by bringing thought leaders from across the world, using platforms like this conference, the ASEAN plus Three Cybercrime Workshop, the Senior Officials Roundtable on Cybercrime and the Future of Cybercrime Forum. Many of you would have attended at least some of these.
29. Through these platforms, we hope to build a collaborative ecosystem to meet the threat of cybercrime. It is not going to be done in a day, it is not going to be done soon, but we have to try and set the norms and the framework, so that some of the countries where cybercriminals find it more hospitable to be in, will also realise that these are international norms that everyone should obey and respect.
30. Ultimately, our National Cybercrime Action Plan is a recognition of a change that cybercrime will bring about in our society and a fundamental relook at our approaches, our laws, our outreach efforts, the way we train and equip our Police officers, and the way our agencies work with partners both within and outside of Singapore.
31. We all want to ensure a safe, secure, online platform for our citizens. Governments and stakeholders around the world will be developing their own strategies. That is why a Conference like this is so valuable because it helps us share the best practices.
32. Together, we have the potential to unlock new capabilities, new methods and new partnerships, and take significant strides in our fight against cybercrime.
33. On that note, I wish all of you a fruitful and meaningful Conference. Thank you.