The Infocomm Development Authority of Singapore (IDA) is working closely with industry partners to boost cyber security capabilities in Singapore. In January, it announced a collaboration with FireEye to establish its Asia Pacific Centre of Excellence (COE) here.

The COE, the first of its kind outside the United States and Europe, is aimed at strengthening manpower capabilities to deal with the growing cyber security threats and challenges. It will also serve as a centre for FireEye Labs to gather cyber intelligence from attacks taking place in Asia and around the globe.

Speaking at the opening of the COE on 15 January, Ms Jaqueline Poh (pictured above), Managing Director, Infocomm Development Authority of Singapore (IDA), said such intelligence work will greatly benefit businesses in managing their cyber security challenges. “Cyber security is a global concern. In recent years, cyber threats have been increasing in size, scale and sophistication,” she noted.

According to FireEye’s 2012 Advanced Threat Report, across industries, organisations on average are experiencing malware-related activities once every three minutes. Threat vectors are also evolving rapidly, creating increasingly complex cyber threats which can easily bypass traditional signature-based defences, such as firewalls, anti-virus, and gateways comprising the majority of enterprise networks. The widespread problems of malware aimed at disrupting individual users and, website defacement are giving way to more insidious Advanced Persistent Threats aimed at espionage, theft of data and the disruption of critical systems.

The launch of the COE also dovetails with one of the key focus areas of Singapore’s National Cyber Security Masterplan 2018, which is to grow the country’s expertise in cyber security.

IDA will collaborate with FireEye in two key areas. Firstly, it will accredit FireEye’s manpower training programmes for expert level skill sets such as Dynamic Threat Intelligence, Detection Efficacy Analytics and Threat Response. This will be done through the National Infocomm Competency Framework developed by IDA and the Workforce Development Authority. Through the COE, FireEye plans to build up a base of more than 100 professionals over two years to deliver cyber intelligence monitoring and incidence response capabilities.

IDA will help to accelerate the up-skilling of these professionals to expert levels. “Through this collaboration, new roles such as Malware Research Analyst, Global Threat Advisory Security Consultant as well as Incident Response and Forensic Consultants will be created,” said Ms Poh.

The second area of the IDA-FireEye collaboration is in the development of next generation cyber security solutions on its application programming interface platform.  The aim is to develop at least 10 new malware detection and prevention application tools to manage Advance Persistent Threats.  This will be done by facilitating collaboration between the Institutes of Higher Learning (IHLs) and local ICT companies to build these new products and solutions for both local and regional markets.

Another industry partner which is helping to build up cyber security capabilities in Singapore is KPMG. On 14 January, it announced the launch of the KPMG Cyber Security Centre (CSC), in partnership with IDA and Singapore Polytechnic. Mr Lyon Poh, Partner and Head of IT Assurance and Security, KPMG in Singapore, said the CSC will focus on equipping cyber security professionals in organisations with the right skills to enhance their situational awareness so that they can detect threats early and respond in a robust manner. The CSC will also work closely with participating companies to develop security proof-of-concepts relevant to their business situation.

“We believe that empowering companies in their own cyber security defence as far as possible is more sustainable than totally relying on external vendors for security,” said Mr Poh.

The first initiative by the CSC is a six-month capability development programme offered to qualifying companies for their cyber security professionals. It is focused on helping companies to build and enhance their capabilities for cyber security preparedness. The programme addresses three key areas. These include training participants to implement enterprise frameworks and architectures for detecting cyber threats and preparing a robust incident response; helping participants to acquire expertise in discovering, analysing, containing and eradicating malware threats; and developing enterprise security intelligence capabilities for situation awareness and defence against cyber attacks.