MDDI 演講稿 · 2026-04-17
高階政務部長陳杰豪在2026年STACKx網路安全會議的開幕致辭
要點
- • GovTech成立十週年之際,99%的公民政府事務已實現數字化,Singpass每月處理逾4100萬筆交易,LifeSG將超130項政府服務整合於單一應用程式。
- • 新加坡網路安全域性(CSA)與GovTech已向關鍵資訊基礎設施(CII)所有者及政府機構發出前沿AI風險預警,援引Anthropic旗下「Claude Mythos」據報能自主識別零日漏洞並將其串聯為可用攻擊鏈。
- • 新加坡正從傳統監管關係轉向與CII所有者的夥伴協作模式,以「網路衛士行動」(Operation Cyber Guardian)跨機構協同應對UNC3886高階持續性威脅對電信基礎設施的攻擊為例,政府現將選擇性共享機密威脅情報及專有威脅檢測系統。
- • GovTech自2018年啟動的政府漏洞賞金計劃已在全球範圍眾包道德駭客,聯動逾60個機構,累計發現超1000個安全問題。
- • 政府將AI與網路安全的關係界定為三個維度:AI作為威脅(攻擊更快、規模更大)、AI作為工具(更早檢測、更快響應)及AI作為攻擊目標(需建立安全採用標準)。
- • CSA通過「新加坡網路人才」(SG Cyber Talent)等計劃構建覆蓋青年至資深專業人員的多元人才通道,GovTech同步為其網路安全團隊提供AI專項培訓,並著手將相關課程體系擴充套件至整個政府部門。
- • 新加坡網路安全治理定於最高層級,總理公署直接統籌國家網路安全職能,並設有國家安全統籌部長與網路安全部長雙重領導架構以彰顯問責優先順序。
完整譯文(繁體中文)
MDDI 英文原文譯文 · 翻譯日期: 2026-06-21
早上好。我很高興今天能參加STACKx網路安全大會。
今年,我們也迎來了GovTech成立十週年。GovTech從根本上改變了公民與政府互動的方式。
如今,公民與政府99%的事務往來均以數字方式完成,從而提供了更高效、更便捷的服務,使公民和公共部門均受益。
Singpass已發展成為我國的國家數字身份,使日常服務的訪問更安全、更快捷,每月支援超過4100萬筆交易,並有效消除了大多數居民填寫紙質表格的需要。
LifeSG是另一個例子,作為一站式應用程式,整合了超過130項政府服務,幫助家庭和個人更便捷地使用政府服務。
對整個GovTech團隊致以讚揚,並向過去10年與他們緊密合作的各方合作伙伴致以衷心感謝!我們期待見證更多里程碑。
在慶祝我們所取得成就的同時,我們也認識到,我們數字系統的攻擊面已大幅擴大,而與此同時,我們還需應對日趨複雜的網路安全形勢。
首先,我們面對的對手大幅增加,從網路罪犯、僱傭駭客組織到國家支援的行為者,不一而足。
例如,近期我們不得不應對一起高階持續性威脅(APT)——UNC3886,該威脅以複雜手段針對新加坡的電信基礎設施發動攻擊。
其次,人工智慧正在迅速發展。人工智慧與網路安全深度交織。人工智慧為網路防禦者提供了重大機遇,但也可能被濫用於發動規模更大、速度更快、手段更復雜的網路攻擊。
Anthropic近期釋出的關於Claude Mythos的報告在網路安全界引發了廣泛關注。據報道,該系統能夠自主識別零日漏洞,並將其串聯成可實際執行的漏洞利用鏈。專家們普遍認為,這些進展代表著威脅形勢的跨越式飛躍。一旦落入不法之手,即便技術較弱的威脅行為者也能以規模化、高速度的方式發動複雜攻擊。可以想象,若由經AI增強的熟練攻擊者掌握,將會造成何等危害。
Claude Mythos目前尚未創造出根本性的全新攻擊型別。然而,業界普遍認識到,此類人工智慧工具縮短了發動網路攻擊所需的時間,降低了所需資源。各組織需要採取主動措施,針對前沿AI模型帶來的攻擊風險,全面強化網路防禦態勢。
各組織需要從根本上重新思考如何保護其數字系統。例如,組織修補漏洞的可用時間可能從數天壓縮至數分鐘。
過去,擁有原始碼晦澀的遺留系統和運營技術(OT)系統的組織尚可自我安慰,認為攻破這些系統需要專業技能。而如今,人工智慧已能加速漏洞的識別與利用。
潘多拉魔盒已經開啟。
為此,新加坡網路安全域性(CSA)和GovTech已向關鍵資訊基礎設施(CII)所有者及政府機構發出警報。CSA還發布了一份關於前沿AI風險的諮詢指南,概述了即時緩解措施,例如修補高危漏洞,以及利用人工智慧主動識別和解決漏洞等其他防禦策略。
我們必須認真對待這些威脅。
今天,我想談談保障我國網路空間安全所需的三個重要要素。
重新界定政府在保障網路空間安全中的角色
第一,政府的角色。
新加坡正式組織網路安全工作略超過十年。
我們於2015年成立CSA,對新加坡的網路安全實施集中監管,並推出了《網路安全戰略》。
2016年,我們成立GovTech,推動智慧國家計劃,並賦予其負責監管政府系統網路安全的職責。
我們還通過了《網路安全法》,建立了保護基本服務的立法框架。
這些舉措使我們得以奠定基礎,例如明確對CII所有者的網路安全標準要求,以及建立審計與合規框架。
面對不同運營環境中的網路安全威脅,各組織需要認識到,網路安全不僅僅是為滿足要求而走過場的例行動作;僅僅提升單個組織的網路安全態勢也是不夠的。
試想這樣一個類比:為保護住宅安全,您必須為房屋安裝堅固的鎖,而不能聽天由命。這是每位房主應達到的最低標準,也符合其自身利益。但與此同時,即便您安裝了最堅固的鎖,若鄰里環境依然不安全,您遭受入侵的風險仍將居高不下。需要集體努力,才能為所有人創造安全的環境。
因此,政府正在超越與CII所有者之間傳統的監管者與被監管者關係,轉而與各組織更緊密地合作,共同應對網路威脅。
我們對UNC3886攻擊的集體應對正是這一轉變的體現。當電信運營商遭受攻擊時,政府在"網路衛士行動"(Operation Cyber Guardian)框架下調動了各機構的網路防禦力量,並與運營商緊密合作,共同應對威脅。
上個月在財政預算委員會辯論中,我分享了我們如何加強與CII所有者合作以應對APT的舉措。政府將積極介入,協助CII所有者,有選擇性地共享機密威脅情報,併為其配備專有威脅檢測系統,以抵禦資源雄厚的對手。
這一共同責任理念與新加坡推行"全面防衛"的做法相似,政府、企業和個人均發揮各自作用。
同樣,我們需要在網路安全領域培育這種集體精神。
加強公私合作,提升能力
政府將盡最大努力保護網路空間,但我們並不能掌握所有答案。私營部門擁有豐富的專業知識和能力。這引出了我的第二點——公私合作的重要性。
我很高興今天看到眾多來自私營部門的與會者。希望這次活動能成為我們共同學習、建立新關係的契機。
通過合作與經驗分享,我們構建起一個強化防禦的網路。
GovTech的政府漏洞賞金計劃便是一個典型案例。自2018年以來,該計劃在全球眾包道德駭客,與逾60個機構合作,發現了1000餘個安全漏洞。
隨著AI應用的增長,這些合作關係將愈發關鍵。我們必須共同應對AI與網路安全的三個方面:
AI作為威脅。威脅行為者正藉助AI提升攻擊的速度、規模與複雜程度。為此,我們必須轉向持續監測與保障模型,以即時發現並化解威脅。
AI作為工具。我們需要利用AI來應對複雜的AI自動化攻擊鏈。AI可實現更早的威脅檢測與更快的響應速度,並減少攻防雙方之間的不對稱性。
最後,AI作為攻擊目標。我們必須確保企業安全地採用AI,使其不成為安全漏洞。這意味著需要建立測試能力,並制定安全、可靠使用AI的標準。
AI領域正在快速演進,保持領先優勢需要政府、產業界與學術界的緊密合作。我們需要充分運用AI能力進行防禦,比圖謀危害我們的人搶先一步。
政府已準備好率先與私營部門攜手應對這些挑戰。今天的會議將探討我們如何在創新的AI與網路安全專案上開展合作。
培養網路安全人才與領導者
第三,培養網路安全人才與領導者。儘管我們談論AI與自動化,但我堅信,保障網路空間安全最重要的因素是人。網路安全人才與領導力在這方面至關重要。
我們正在開闢多種途徑,吸引和培育各階段人才,從青年到經驗豐富的專業人士。市場需求旺盛,未來就業機會和職業發展前景良好。
通過CSA的SG Cyber Talent計劃等專案,我們提供以實戰技能和實踐準備為核心的全面培訓。
AI對網路安全的變革性影響,要求我們建立應用AI和防範AI的能力與素養。政府正積極發揮表率作用。
GovTech已為其網路安全團隊提供了AI在網路安全領域應用及AI系統安全方面的培訓。目前正著手製定專項培訓路徑,並將這些計劃推廣至政府其他部門。
我們與產業界、學校和社群緊密合作,共同建設人才隊伍。人才在政府與私營部門之間雙向流動,促進知識轉移,提升整個生態系統的能力。政府正在發揮引領作用,我們已盡其所能,因此我鼓勵私營部門及學術界的所有合作伙伴與我們攜手共進。
但人才只是方程式的一部分。良好的網路安全同樣需要優秀的領導力。領導者必須能夠做出負責任的決策,不僅在形勢良好時如此,在情況不利時更要如此。
網路安全領導力至關重要,其重要性不亞於數字化或AI轉型。你不能只說想要一輛快車,卻不安裝良好的剎車系統。網路安全不僅僅是CISO或IT部門的技術問題,更是CEO和董事會必須承擔的領導責任。
這一點體現在新加坡政府對網路安全的治理之中。
政府認識到,網路韌性需要最高層級的監督。正因如此,總理公署對國家網路安全職能實施直接監管。
統籌協調國家安全事務部長與網路安全部長的委任,進一步彰顯了領導力的重要性。
這種領導理念必須在每一個組織中紮根落實。
最後,新加坡始終致力於在日益全球化、AI驅動的世界中成為值得信賴的夥伴。
停滯不前並非選項。威脅行為者行動迅速,AI正在重新定義對手的能力。我們必須奮起迎接這些挑戰,同時推動創新,將這些技術轉化為我們的優勢。
我們網路空間的未來,取決於我們今天所構建的夥伴關係。
祝各位會議和大會圓滿充實,希望大家結交新朋友、建立新關係,持續壯大這一實踐共同體,進一步保障我們的網路空間安全。謝謝。
英文原文
MDDI 官網原始記錄 · 抓取日期: 2026-06-21
Good morning. I am pleased to join you at the STACKx Cybersecurity conference today.
This year, we are also marking the 10th anniversary of GovTech. GovTech has fundamentally shifted how citizens interact with the government.
Today, 99% of citizens' transactions with the government are completed digitally, enabling more efficient and convenient services that benefit citizens and the public sector alike.
Singpass has evolved into our national digital identity for safer and faster access to everyday services, supporting over 41 million transactions monthly, and effectively eliminating physical forms for most residents.
LifeSG is another example, serving as a one-stop app consolidating over 130 government services, helping families and individuals interact with government services with greater ease.
Well done to the entire GovTech team, and a big thank you to partners that have worked closely with them over the past 10 years! We look forward to many more milestones.
As we celebrate our achievements, we recognise that the attack surface of our digital system has increased significantly, even as we need to navigate an increasingly complex cyber landscape.
Firstly, we face many more adversaries, from cybercriminals to mercenary groups to state-backed actors.
For example, recently, we have had to deal with an advanced persistent threat (APT), UNC3886 which targeted Singapore’s telecommunications infrastructure with sophisticated techniques.
Secondly, AI is advancing rapidly. AI and cybersecurity are deeply intertwined. AI is a significant opportunity for cyber defenders but can also be misused for increasingly fast and sophisticated cyberattacks at scale.
Anthropic’s recent report on Claude Mythos has created a stir within the cyber community. It is reportedly capable of autonomously identifying zero-day vulnerabilities and chaining these into working exploits. There is consensus among experts that these developments represent a step jump in the threat landscape. In the wrong hands, it will enable even the less skilled threat actors to conduct sophisticated attacks at scale and speed. You can imagine the harm that can be done in the hands of skilled operatives who are augmented by AI.
Claude Mythos does not yet create fundamentally new classes of attacks. However, it is recognised that such AI tools reduce the time and resources required to conduct cyber-attacks. Organisations need to take proactive steps to strengthen their overall cyber defence posture against the risk of attacks from frontier AI models.
Organisations will need a fundamental rethink on how they secure their digital systems. For example, the time that organisations have to patch vulnerabilities may shrink from days to minutes.
In the past, organisations that have legacy systems with obscure source codes and Operational Technology systems could take comfort that specialised skillsets were required to compromise these systems. AI can now accelerate the identification and exploitation of vulnerabilities.
Pandora’s box has been opened.
As such, the Cyber Security Agency of Singapore (CSA) and GovTech have issued an alert to our Critical Information Infrastructure (CII) owners and government agencies. CSA has also published an advisory on frontier AI risks. This outlines immediate mitigation measures such as patching high-critical vulnerabilities, as well as other defence strategies like leveraging AI to proactively identify and address vulnerabilities.
We have to take these threats seriously.
Today, I would like to speak about three important elements needed to secure our cyberspace.
Reframing the role of the Government in securing cyberspace
First, the role of the Government.
Singapore formally organised its cybersecurity effort a little over a decade ago.
We established CSA in 2015 to provide centralised oversight of Singapore’s cybersecurity, and launched the Cybersecurity Strategy.
In 2016, we launched GovTech to drive our Smart Nation initiatives and gave it the responsibility of overseeing the cybersecurity of government systems.
We also passed the Cybersecurity Act and established the legislative framework to secure essential services.
These moves enabled us to put in place the foundations such as articulating the cybersecurity standards expected of our CII owners and the framework for audits and compliance.
To deal with the cybersecurity threats in a different operating environment, organisations need to see cybersecurity as not just another box-checking exercise to meet requirements; it is also not enough to just uplift the cybersecurity posture of individual organisations.
Consider this analogy: to keep your house safe, you must install strong locks on your house and not leave it to chance. That is the minimum and in the interest of each homeowner. At the same time, even if you have the strongest lock, if the rest of the neighbourhood remains unsafe, your risk of intrusion stays high. There needs to be a collective effort to create a secure environment for all.
Hence, the Government is moving beyond the traditional regulator-regulatee relationship with CII owners, and is partnering more closely with organisations to combat cyber threats together.
Our collective response to the UNC3886 attacks exemplifies this shift. When the telcos came under attack, the Government mobilised cyber defenders across different agencies under Operation Cyber Guardian and worked closely with the operators to tackle the threat.
At the Committee of Supply Debate last month, I shared how we are stepping up efforts with CII owners against APTs. The Government will lean in to help CII owners, selectively sharing classified threat intelligence and equipping them with proprietary threat detection systems to defend against well-resourced adversaries.
This shared responsibility concept is similar with the approach Singapore takes for Total Defence where the Government, firms and individuals all play a role.
Similarly, we need to foster this collective spirit for cybersecurity.
Strengthening public-private collaboration to uplift capabilities
While the Government will do our best to protect cyberspace, we will not have all the answers. There is a wealth of expertise and capabilities in the private sector. This brings me to my second point on the importance of public-private collaboration.
I am glad to see many attendees from the private sector today. I hope that this will be an occasion for all of us to learn together and build new relationships.
Through collaboration and sharing experiences, we build a network that strengthens our defence.
GovTech's Government Bug Bounty Programme is one such example. Since 2018, it has crowdsourced ethical hackers worldwide, working with over 60 agencies and uncovering more than 1000 security issues.
These partnerships will become even more critical as AI adoption grows. Together, we must address three aspects of AI and cybersecurity:
AI as a threat. Threat actors are using AI to increase the speed, scale and sophistication of their attacks. To counter this, we must shift toward a continuous monitoring and assurance model to detect and mitigate threats in real-time.
AI as a tool. We will need to harness AI to counter sophisticated, AI-automated attack chains. AI can enable earlier threat detection and faster response times and reduce the asymmetry between attackers and defenders.
Lastly, AI as a target. We must ensure enterprises adopt AI securely so it does not become a vulnerability. This means building capabilities in testing and establishing standards for safe and secure AI use.
The AI space is evolving rapidly, and staying ahead requires close collaboration between government, industry and academia. We need to make full use of AI capabilities to defend and be a step ahead of those who wish us harm.
The Government is prepared to take the lead in working with the private sector on these challenges. The sessions today will explore how we can collaborate on innovative AI and cybersecurity projects.
Developing cybersecurity talents and leaders
Third, developing cybersecurity talents and leaders. While we talk about AI and automation, I firmly believe that the most important ingredient to secure our cyberspace is our people. Cybersecurity talent and leadership are critical in this aspect.
We are developing multiple pathways to attract and nurture talent at all stages, from youths to experienced professionals. The demand is strong, with good jobs and career prospects ahead.
Through programmes like CSA's SG Cyber Talent initiative, we provide comprehensive training focusing on real-world skills and practical readiness.
AI’s transformative impact on cybersecurity demands building capabilities and competencies to use and guard against it. The Government is stepping up to lead by example.
GovTech has provided its cybersecurity teams with training on AI applications in cybersecurity and the security of AI systems. Work is underway to develop specialised training pathways and expand these programmes across the rest of government.
We work closely with industry, schools and the community to build up our workforce. Talent flows between government and the private sector, enabling knowledge transfer and strengthening capabilities across the ecosystem. Government is taking the lead and we are doing our part so I encourage all our partners in the private sector, as well as academia, to work together with us.
But talent is only part of the equation. Good cybersecurity also requires good leadership. Leaders must be able to make responsible decisions that hold up not only on good days, but even more so on bad days.
Cybersecurity leadership matters, and is as important as digital or AI transformation. You cannot say you want a fast car without putting in good brakes. Cybersecurity is not simply a technical issue for the CISO or IT department, but a leadership responsibility that the CEO and board must own.
This is reflected in the governance of cybersecurity within the Singapore Government.
The Government recognises that cyber resilience demands oversight at the highest levels. This is why the Prime Minister’s Office maintains direct stewardship over our national cybersecurity functions.
The appointment of both a Coordinating Minister for National Security and a Minister for Cybersecurity further underscores the importance of leadership.
This leadership mindset must take root in every organisation.
In closing, Singapore remains committed to being a trusted partner in an increasingly globalised, AI-driven world.
Standing still is not an option. Threat actors are moving fast, with AI redefining adversarial capabilities. We must rise to meet these challenges while driving innovation to harness these technologies to our advantage.
The future of our cyberspace depends on the partnerships we forge today.
I wish all of you a productive session and conference, and hope that you make new friends, build new relationships and continue to foster this community of practice to further secure our cyberspace. Thank you.