As the digital landscape continues to evolve at an unprecedented pace, government organisations are increasingly at the forefront of both technological innovation and cybersecurity challenges. Singapore, recognised globally as a leader in digital government initiatives, is no exception.
GovTech has been instrumental in fortifying Singapore’s cyber defences and shaping the nation’s ICT strategies. In the lead-up to our Future of Singapore Government summit, we had the privilege of speaking with Rong Hwa Chong, Director of the Cybersecurity Group at GovTech Singapore, Singapore’s digital innovation powerhouse and lead agency behind the city-state’s Smart Nation initiative.
With cyber threats evolving as rapidly as the technology itself, Chong shared insights on how governments can navigate this complex landscape and ensure the security of their digital infrastructure. This comes at a crucial time as Singapore continues to push the boundaries of digital government, integrating cutting-edge ICT innovations to enhance public services while safeguarding against emerging threats.
FST: After working more than 15 years in the Singapore government, what are some of the biggest advancements you’ve seen in how the government views cybersecurity and technology?
Chong: With rapid advancements in the tech industry over the past few years, we know that we must adapt to thrive. GovTech, as the lead agency in engineering a digital government, has been continuously and relentlessly harnessing relevant technologies to aid in better delivery of government services, as well as ensuring the security of the digital services used by members of the public.
One of these key advancements is in using generative AI (GenAI) to enhance public officers’ productivity, in turn delivering better and faster services to members of the public. For example, tools like Pair Chat, which is like ChatGPT for public officers, assist with writing, research, and coding.
At the same time, with these rapid tech advancements, we also see cyber-attacks becoming more sophisticated and prevalent.
As the use of Government digital services becomes widespread, and as citizens and businesses become increasingly dependent on them, a key challenge we must tackle is upholding the public’s trust in our national digital infrastructure in the face of system disruptions and cyber-attacks.
This is why we are placing greater emphasis on protecting our key products and minimising the impact of disruptions.
We are increasing our cybersecurity capabilities to better secure ourselves and provide more cyber-resilient services to the citizens. This includes enhancing detection capability in Government networks, providing more platforms with cybersecurity tools baked-in to agencies, and validating the security of the Government’s services, all in a continuous manner.
We’ve taken many bold steps to elevate our cybersecurity posture. These have ranged from securing our people through whole-of-government phishing exercises that emulate ransomware attacks, which “freeze” public officers’ computer screens, to securing systems by inviting white-hat hackers to test Government systems and report security vulnerabilities for remediations before attackers could exploit them.
FST Media: What do you see as the next stage of government ICT and security evolution, and how can government organisations stay ahead and secure in the face of rapidly evolving technology and cyber threats?
Chong: I think the next step for the Singapore Government is to advance its partnership with the private sector and the Institutes of Higher Learning (IHL).
While the Government can focus on its core infrastructure and services, more can be done to secure the ecosystem, which in turn will provide better security products and services back to the Government.
As the lead overseeing government Info-Communications Technology and Smart Systems’ security, GovTech focuses on evaluating various cyber products, influencing product roadmaps, and promulgating assessment results to advise other government agencies on suitable products for their use cases.
In the same vein, we are also interested in uplifting the quality of cybersecurity services provided by the industry to government agencies through clearer specification of standards and more hands-on validation of deliveries. By doing so, the industry will have a clearer idea of the Government’s expectations and deliver better quality services to address cybersecurity concerns.
Lastly, to stay ahead of fast-changing technologies, the Singapore Government will have a lean experimental cyber unit that continuously scans for threats and opportunities and engages IHLs for collaboration opportunities. For now, we are keen on threats and opportunities that arise due to exponential growth in the Artificial Intelligence (AI) space; in the future, we are keen on the development of quantum technologies.
FST: Governments are often targets for cyber-attacks. What can organisations and departments do to keep data and systems protected?
Chong: Broadly, many things need to be done – and there are too many to be listed – to ensure data and systems are secured. Fundamentally, to be effective in practising cybersecurity, it all boils down to having the right cybersecurity mindset.
Firstly, before cyber defence can actualise, the top management of organisations needs to be serious about cybersecurity. They need to put money where their mouth is. Even though different organisations with different budgets may need to implement cybersecurity differently, all require a reasonably sized core team of highly skilled cybersecurity practitioners that drive organisations to have the right security mindset and practices.
Secondly, cybersecurity should be more than just a stick.
Practising cybersecurity using only a stick rather than both a stick and a carrot may encourage wrong behaviours across the organisation.
For example, top management may want to encourage employees to report security anomalies or whistle-blow cyber negligence rather than penalise those who truthfully report poor cyber health of systems.
Lastly, while we have a core team of cybersecurity practitioners, cybersecurity is a joint responsibility. An entire organisation should be trained as cyber defenders as it takes everyone within to play their part in securing their systems and networks. Employees who implement technologies must perform adequate cyber risk assessments, implement systems security, and adopt good cyber practices. Other employees would also need to step up their cyber vigilance to deter, detect, and report any potential threats that may come along their way.
FST: We’re delighted to have you featured at our Future of Singapore Government Summit later this month. What do you hope to learn and share with your peers?
Chong: I hope to learn more about strategies for addressing cyber challenges, new technological focus areas, and explore partnership opportunities. My peers and I could also cross-share thoughts on the future of technological and cyber landscapes.
Rong Hwa Chong will be a featured panellist at this year’s Future of Singapore Government conference.