書面答覆 · 2026-04-07 · 屆國會 15
評估當前網路安全戰備能否應對不斷演變的威脅併兼顧行動安全
議員沙拉爾·塔哈以地緣政治緊張、網路行動日益成為混合衝突手段為背景,書面質詢政府是否評估新加坡網路威脅暴露已上升,以及如何在不損害行動安全的前提下保護關鍵資訊基礎設施、政府系統、企業和個人抵禦包括 AI 攻擊在內的演變威脅。數字發展與信息部長楊莉明答覆:新加坡作為金融樞紐和數字經濟體是高價值目標;關鍵系統受《網路安全法》更高標準約束;網路安全域性(CSA)將更新標準,並向關鍵系統業主提供專有威脅檢測系統以應對高階威脅行為者和 AI 賦能威脅;GovTech 將要求管理關鍵系統的政府供應商滿足 Cyber Trust Mark;家用路由器強制標準從標籤計劃一級升至二級,並擬擴充套件至 IP 攝像頭。政府承認即使防禦最佳仍須對 AI 網路威脅保持警惕。
關鍵要點
- • 關鍵系統業主將獲政府專有威脅檢測系統,應對 AI 賦能威脅
- • 管理關鍵系統的政府供應商須滿足 Cyber Trust Mark 要求
- • 家用路由器強制標準從標籤計劃一級升至二級,擬擴充套件至 IP 攝像頭
- • CSA 的 CISO-as-a-Service 為中小企業提供網路安全顧問
政府認為新加坡保持著穩健且自適應的網路安全態勢,但承認面對包括 AI 賦能攻擊在內的演變威脅必須持續升級標準、檢測能力和供應商義務。
AI 賦能攻擊已被正式納入新加坡國家網路防禦的威脅模型,監管重心從關鍵基礎設施向政府供應鏈和消費級裝置逐層下沉。
“然而,即使擁有最好的防禦,我們也必須對不斷演變的威脅——包括 AI 賦能的網路威脅——保持警覺和戒備。”
參與人員 (2)
完整譯文(中文)
Hansard 原始記錄 · 2026-06-09
18 Sharael Taha議員向數字發展與信息部長提問,鑑於地緣政治緊張局勢上升和網路行動日益被用作混合衝突工具,(a) 政府是否評估新加坡的網路威脅暴露已經加劇;(b) 政府如何評估新加坡當前在保護關鍵資訊基礎設施、政府系統、企業和個人居民免受不斷演變的威脅(包括人工智慧驅動的攻擊)方面的整體網路安全就緒程度,同時不損害運營安全。
Josephine Teo夫人:新加坡作為主要金融中心和數字經濟體的地位使我們成為惡意行為者的吸引目標。新加坡網路安全域性(CSA)定期通過SingCERT通告和《新加坡網路景觀》出版物等方式向公眾通報網路安全威脅。
多年來,政府採取了措施加強我們的網路防禦。
關鍵系統根據《網路安全法》需要達到更高的網路安全標準和義務。我們也在能力發展方面進行了大量投資。諸如CSA網路安全發展計劃等舉措有助於加強我們的人才儲備,而諸如網路星演習等國家演習有助於提高公私部門網路防禦人員的運營就緒程度。
隨著威脅的演變,我們的應對也必須隨之演變。CSA將審查和更新我們的網路安全標準和義務,以加強安全控制。政府也將幫助關鍵系統所有者更好地檢測威脅,包括來自高階威脅行為者和人工智慧驅動的威脅。這包括為他們配備專有威脅檢測系統。我們還將與產業界合作,深化我們網路防禦人員的能力,以便他們能更好地保護新加坡。
對於政府系統,GovTech擁有現有的內部指南,以保護持有敏感資料和提供重要政府服務的系統。展望未來,GovTech將為政府供應商引入更嚴格的網路安全和資料保護義務,例如要求管理關鍵系統和敏感政府資料的政府供應商滿足網路信任標誌要求。
對於企業,CSA推出了各種舉措來協助組織加強防禦。例如,CSA的首席資訊安全官即服務計劃為中小企業提供了與網路安全顧問合作的途徑,這些顧問可以與他們合作提升網路衛生。
政府還採取了措施來保護我們的公民免受惡意行為者傷害,例如為閘道器裝置(即家庭路由器)引入強制性網路安全要求。家庭路由器目前需要以網路標籤方案第1級的形式滿足最低網路安全要求。此要求將提升至更高標準(即網路標籤方案第2級)。我們還將探索為IP攝像頭引入類似標準。這些措施將使數字產品更難被破壞。
總之,新加坡保持強大且具有適應性的網路安全態勢。但是,即使擁有最好的防禦,我們也必須對不斷演變的威脅保持警惕和警覺,包括人工智慧驅動的網路威脅。政府將繼續審查我們的政策和舉措,以確保新加坡人在網路空間中保持良好保護。
英文原文
SPRS Hansard · Fetched: 2026-06-09
18 Mr Sharael Taha asked the Minister for Digital Development and Information in light of rising geopolitical tensions and the increasing use of cyber operations as part of hybrid conflict (a) whether the Government assesses that Singapore's cyber threat exposure has heightened; and (b) how the Government assesses Singapore's current overall cybersecurity readiness in safeguarding critical information infrastructure, Government systems, businesses and individual residents against evolving threats, including AI-enabled attacks, without compromising operational security.
Mrs Josephine Teo : Singapore's position as a major financial hub and digital economy makes us an attractive target for malicious actors. The Cyber Security Agency of Singapore (CSA) regularly updates the public on cybersecurity threats, such as through SingCERT advisories and the Singapore Cyber Landscape publication.
Over the years, the Government has taken steps to strengthen our cyber defenses.
Critical systems are held to higher cybersecurity standards and obligations under the Cybersecurity Act. We have also invested heavily in capability development. Initiatives like CSA's Cybersecurity Development Programme have helped to strengthen our talent pipeline while national exercises, such as Exercise Cyber Star, help enhance the operational readiness of cyber defenders across both public and private sectors.
As the threat evolves, so must our response. CSA will be reviewing and updating our cybersecurity standards and obligations to strengthen security controls. The Government will also be helping owners of critical systems better detect threats, including those from advanced threat actors and AI-enabled threats. This includes equipping them with proprietary threat detection systems. We will also partner the industry to deepen the capabilities of our cyber defenders so they can better protect Singapore.
For Government systems, GovTech has existing internal guidelines to safeguard systems that hold sensitive data and provide important Government services. Moving forward, GovTech will be introducing more stringent cybersecurity and data protection obligations for Government vendors, such as requiring Government vendors that manage critical systems and sensitive Government data to meet Cyber Trust Mark requirements.
For businesses, CSA has rolled out various initiatives to assist organisations in raising their defenses. For example, CSA's CISO-as-a-Service programme provides small and medium enterprises with access to cybersecurity consultants who can work with them to raise their cyber hygiene.
The Government has also put in place measures to protect our citizens against malicious actors, such as by introducing mandatory cybersecurity requirements for gateway devices (i.e., home routers). Home routers are currently required to meet minimum cybersecurity requirements in the form of the Cyber Labelling Scheme Level 1. This requirement will be raised to a higher standard (i.e., Cyber Labelling Scheme Level 2). We will also explore introducing similar standards for IP cameras. These will make digital products harder to compromise.
In summary, Singapore maintains a robust and adaptive cybersecurity posture. However, even with the best of defenses, we must remain vigilant and alert to evolving threats including AI-enabled cyber threats. The Government will continue to review our policies and initiatives to ensure that Singaporeans remain well protected in cyberspace.