NIST continues to coordinate a National Cybersecurity Awareness and Education Program that includes activities such as the widespread dissemination of cybersecurity technical standards and best practices; efforts to make cybersecurity best practices usable by a variety of individuals and stakeholders; increasing public awareness of cybersecurity, cyber safety, and cyber ethics; increasing the understanding of the benefits of ensuring effective risk management of information technology and the methods to mitigate and to remediate vulnerabilities; supporting formal cybersecurity education programs at all levels to prepare and improve a skilled cybersecurity workforce; and promoting initiatives to evaluate and forecast future cybersecurity workforce needs of the Federal Government and develop strategies for recruitment, training, and retention.

National Initiative for Cybersecurity Education

The National Initiative for Cybersecurity Education (NICE) is a partnership among government, academia, and the private sector. NICE is focused on cybersecurity education, training, and workforce development. NIST’s leadership of the program helps position it to support the country’s ability to address current and future cybersecurity challenges through standards and best practices.

NICE’s mission is to energize and promote a robust network and ecosystem of cybersecurity education, training, and workforce development. This mission supports the vision of helping to secure the nation by increasing the number of skilled cybersecurity professionals.

Click to download

Pacific Island countries have unique demographic attributes characterized by low and scarce populations and high migration rates. Due to this, the economic heft of the Pacific Islands is also limited, with a cumulative regional GDP of USD 32 billion (GDP per capita of USD 3,600) as of 2020, as compared to neighboring Australia with ~USD 1.3 trillion (GDP per capita of USD 51,812).

The Pacific Islands are also one of the least densely populated regions in the world, with ~34 people per square kilometre. Apart from the demographic constraints, the Pacific Island countries have limited natural resources and a large proportion of the Pacific Islander population living overseas in Australia and New Zealand, thus leaving the region highly dependent on inward remittances.

Despite efforts taken by individual Pacific Island countries to develop payments infrastructure, several challenges have constrained progress. Firstly, the demographic challenge of small and scarce populations, characterized by low economic resources and poor financial and technology literacy rates, has limited the uptake of newer technologies.

Secondly, the ecological fragility of the countries’ locations makes infrastructure projects such as undersea data cables challenging. Thirdly, the current payment infrastructures are not interoperable, making cross-border transactions highly cumbersome. Finally, a lack of uniform regulations to govern digital payments, rigid existing regulatory requirements, and the lack of ancillary regulations covering areas such as data privacy and cybersecurity further exacerbates the challenge and has left one-third of the region’s population lacking access to formal financial services.

Click to download

What should our anonymisation process seek to achieve?

An effective anonymisation process seeks to reduce the likelihood of someone being identified or identifiable to a sufficiently remote level. This level depends on a number of factors specific to the context.

It may seem fairly easy to say whether a piece of information relates to an identified individual, as this may be clear from the information itself. For example, bank statements clearly identify individual account holders and contain information that relates to them. anonymisation processes should take into account the concept of identifiability in its broadest sense. They should not simply focus on removing obvious information that clearly relates to someone.

Click to download

Organizations have the responsibility to protect the data they hold and safeguard their systems. This can be challenging, as technology changes in size and complexity, and as resources and workforces become more limited. Organizations must remain vigilant, as outside parties may attempt to gain unauthorized access to sensitive data through ransomware.

Ransomware refers to a business model and a wide range of associated technologies that bad actors use to extort money. The bad actors use a range of tactics to gain unauthorized access to their victims’ data and systems, including exploiting unpatched vulnerabilities, taking advantage of weak or stolen credentials, and using social engineering. Access to the data and systems is restricted by the bad actors, and a ransom demand is made for the “safe return” of these digital assets.

There are several methods such actors use to restrict or eliminate legitimate access to resources, including encryption and deletion, modified access controls, and network-based denial of service attacks. In some cases, even after data access is restored, bad actors have demanded a “second ransom,” promising that its payment guarantees the deletion of victims’ sensitive data, instead of selling it or publicly releasing it.
Ransomware attacks are typically opportunistic in nature, targeting end users through emails, embedding malicious code within websites, or gaining access through unpatched systems. Ransomware can cost organizations a significant amount of resources in response and recovery, as well as impact their ability to operate.

Click to download

Singapore launched our first Singapore Cybersecurity Strategy in 2016 (‘Strategy 2016’), which helped lay the foundations of our cybersecurity efforts today. As our strategic and technological environment has changed significantly over the past five years, we have reviewed and refreshed our cybersecurity strategy to address new and emerging cyber-threats.

With a robust cybersecurity workforce and a vibrant cybersecurity ecosystem as key enablers, the Singapore Cybersecurity Strategy 2021 (‘Strategy 2021’) lays out our plans to strengthen the security and resilience of our digital infrastructure and enable a safer cyberspace to support our digital way of life. It also articulates how Singapore could play an outsized role in the digital domain despite being a small country, to support an open, secure, stable, accessible, peaceful, and interoperable cyberspace.

Click to download