critical infrastructure protection - apec … · ctwg workshop on cisr 16 – 17 oct 2014...
TRANSCRIPT
CTWG Workshop on CISR16 – 17 Oct 2014
SINGAPORE’s APPROACH:CRITICAL INFRASTRUCTURE PROTECTION
1
Overview of Singapore
• Island city-state with land area of 716km2
• No natural resources or hinterland
• High population density
• Major hub for financial services, aviation and port services, and telecommunications
2
Target Hardening Framework
MHA’s Counter-Terrorism Strategy
3rd LayerTarget Hardening
(3) Crowded / Soft Targets
(4) SSM-related Targets
(1) Critical Infrastructure
(2) High Profile Targets
“At-risk” infrastructure
3
What is ‘Critical Infrastructure’?
“Physical infrastructure and assets that are vital to the continued
delivery of the essential services upon which Singapore relies, the
loss or compromise of which would lead to a debilitating
impact on security, economy or public health and safety”
4
Critical Infrastructure Programme (CIP)
• Overarching framework for protection of Critical Infrastructure (CI)
• Objectives:– Identify and prioritise CIs
– Protect and prepare CIs against relevant security threat scenarios
– Enhance robustness and resiliency of our CIs
5
Key Principles of CIP
• Protection requirements should be risk calibrated
• Criticality of infrastructure should guide resource prioritisation
• CI protection is part of the multi-layered approach
• Strong tripartite relationship between Government, Sector Leads and Owners
6
Critical Infrastructure Sectors
• Energy
• Water
• Info-Communications
• Transportation
• Security & Emergency Services
• Health
• Government
• Economy
• Banking & Finance
• Environment
• Food Supply
7
Roles & Responsibilities
State
• Formulate protection policies and programmes• Coordinate efforts across Sectors to raise protection level• Work with stakeholders to identify and prioritise CIs• Develop standards and guidelines
Sector
• Develop and implement sector-specific protection plans• Identify critical facilities, assets and functions for the Sector• Work with private operators to mitigate threats• Conduct exercises to ascertain adequacy of plans & measures
Asset
• Work with Sector Lead to improve security of CI• Implement appropriate measures to mitigate vulnerabilities• Develop and implement BCP & Contingency Plans
8
CI Protection: Risk-based Approach
Set security objectives1 Identify critical
assets & functions2 Identify relevant Threats3
Identify Vulnerabilities 4Assess Risks 5
Prioritise6 Mitigate vulnerabilities7 Evaluate
Effectiveness8Review & Monitor (feedback loop)
9
Understanding interdependencies
• Increasingly important for prioritisation and protection of CIs
• Interdependency Study – Identify interdependencies and
vulnerabilities– Uncover concentration risks– Enhance contingency planning and
response capabilities
10
POLICIES & MEASURES TO ENHANCE PROTECTION
11
Security-by-Design
• Key thrust of our approach to target hardening since 2006
• Process requirement to factor in security considerations upstream
• Threat dependent and outcome-based approach
12
Operational Measures
• High visibility patrols at “at-risk” establishments and high threat locations
• Formation of Transport Security Command
• Public Camera Zones (PCZs)
13
Partnering the Community
• Safety & Security Watch Groups (SSWGs)– Promulgate good security practices
– Facilitate sharing of information
• Clustered concept and membership is voluntary
14
Conclusion
• Security threat against CI remains real
• Protection of our CIs is vital to continuity of essential services and functions
• Singapore takes a risk-based, multi-agency and collaborative approach towards CI protection
15
THANK YOU
16