CTWG Workshop on CISR16 – 17 Oct 2014

SINGAPORE’s APPROACH:CRITICAL INFRASTRUCTURE PROTECTION

1

Overview of Singapore

• Island city-state with land area of 716km2

• No natural resources or hinterland

• High population density

• Major hub for financial services, aviation and port services, and telecommunications

2

Target Hardening Framework

MHA’s Counter-Terrorism Strategy

3rd LayerTarget Hardening

(3) Crowded / Soft Targets

(4) SSM-related Targets

(1) Critical Infrastructure

(2) High Profile Targets

“At-risk” infrastructure

3

What is ‘Critical Infrastructure’?

“Physical infrastructure and assets that are vital to the continued

delivery of the essential services upon which Singapore relies, the

loss or compromise of which would lead to a debilitating

impact on security, economy or public health and safety”

4

Critical Infrastructure Programme (CIP)

• Overarching framework for protection of Critical Infrastructure (CI)

• Objectives:– Identify and prioritise CIs

– Protect and prepare CIs against relevant security threat scenarios

– Enhance robustness and resiliency of our CIs

5

Key Principles of CIP

• Protection requirements should be risk calibrated

• Criticality of infrastructure should guide resource prioritisation

• CI protection is part of the multi-layered approach

• Strong tripartite relationship between Government, Sector Leads and Owners

6

Critical Infrastructure Sectors

• Energy

• Water

• Info-Communications

• Transportation

• Security & Emergency Services

• Health

• Government

• Economy

• Banking & Finance

• Environment

• Food Supply

7

Roles & Responsibilities

State

• Formulate protection policies and programmes• Coordinate efforts across Sectors to raise protection level• Work with stakeholders to identify and prioritise CIs• Develop standards and guidelines

Sector

• Develop and implement sector-specific protection plans• Identify critical facilities, assets and functions for the Sector• Work with private operators to mitigate threats• Conduct exercises to ascertain adequacy of plans & measures

Asset

• Work with Sector Lead to improve security of CI• Implement appropriate measures to mitigate vulnerabilities• Develop and implement BCP & Contingency Plans

8

CI Protection: Risk-based Approach

Set security objectives1 Identify critical

assets & functions2 Identify relevant Threats3

Identify Vulnerabilities 4Assess Risks 5

Prioritise6 Mitigate vulnerabilities7 Evaluate

Effectiveness8Review & Monitor (feedback loop)

9

Understanding interdependencies

• Increasingly important for prioritisation and protection of CIs

• Interdependency Study – Identify interdependencies and

vulnerabilities– Uncover concentration risks– Enhance contingency planning and

response capabilities

10

POLICIES & MEASURES TO ENHANCE PROTECTION

11

Security-by-Design

• Key thrust of our approach to target hardening since 2006

• Process requirement to factor in security considerations upstream

• Threat dependent and outcome-based approach

12

Operational Measures

• High visibility patrols at “at-risk” establishments and high threat locations

• Formation of Transport Security Command

• Public Camera Zones (PCZs)

13

Partnering the Community

• Safety & Security Watch Groups (SSWGs)– Promulgate good security practices

– Facilitate sharing of information

• Clustered concept and membership is voluntary

14

Conclusion

• Security threat against CI remains real

• Protection of our CIs is vital to continuity of essential services and functions

• Singapore takes a risk-based, multi-agency and collaborative approach towards CI protection

15

THANK YOU

16