书面答复 · 2026-04-07 · 届国会 15
评估当前网络安全战备能否应对不断演变的威胁并兼顾行动安全
评估当前网络安全战备能否应对不断演变的威胁并兼顾行动安全
议员沙拉尔·塔哈以地缘政治紧张、网络行动日益成为混合冲突手段为背景,书面质询政府是否评估新加坡网络威胁暴露已上升,以及如何在不损害行动安全的前提下保护关键信息基础设施、政府系统、企业和个人抵御包括 AI 攻击在内的演变威胁。数字发展与信息部长杨莉明答复:新加坡作为金融枢纽和数字经济体是高价值目标;关键系统受《网络安全法》更高标准约束;网络安全局(CSA)将更新标准,并向关键系统业主提供专有威胁检测系统以应对高级威胁行为者和 AI 赋能威胁;GovTech 将要求管理关键系统的政府供应商满足 Cyber Trust Mark;家用路由器强制标准从标签计划一级升至二级,并拟扩展至 IP 摄像头。政府承认即使防御最佳仍须对 AI 网络威胁保持警惕。
关键要点
- • 关键系统业主将获政府专有威胁检测系统,应对 AI 赋能威胁
- • 管理关键系统的政府供应商须满足 Cyber Trust Mark 要求
- • 家用路由器强制标准从标签计划一级升至二级,拟扩展至 IP 摄像头
- • CSA 的 CISO-as-a-Service 为中小企业提供网络安全顾问
政府认为新加坡保持着稳健且自适应的网络安全态势,但承认面对包括 AI 赋能攻击在内的演变威胁必须持续升级标准、检测能力和供应商义务。
AI 赋能攻击已被正式纳入新加坡国家网络防御的威胁模型,监管重心从关键基础设施向政府供应链和消费级设备逐层下沉。
“然而,即使拥有最好的防御,我们也必须对不断演变的威胁——包括 AI 赋能的网络威胁——保持警觉和戒备。”
参与人员 (2)
完整译文(中文)
Hansard 原始记录 · 2026-06-09
18 Sharael Taha议员向数字发展与信息部长提问,鉴于地缘政治紧张局势上升和网络行动日益被用作混合冲突工具,(a) 政府是否评估新加坡的网络威胁暴露已经加剧;(b) 政府如何评估新加坡当前在保护关键信息基础设施、政府系统、企业和个人居民免受不断演变的威胁(包括人工智能驱动的攻击)方面的整体网络安全就绪程度,同时不损害运营安全。
Josephine Teo夫人:新加坡作为主要金融中心和数字经济体的地位使我们成为恶意行为者的吸引目标。新加坡网络安全局(CSA)定期通过SingCERT通告和《新加坡网络景观》出版物等方式向公众通报网络安全威胁。
多年来,政府采取了措施加强我们的网络防御。
关键系统根据《网络安全法》需要达到更高的网络安全标准和义务。我们也在能力发展方面进行了大量投资。诸如CSA网络安全发展计划等举措有助于加强我们的人才储备,而诸如网络星演习等国家演习有助于提高公私部门网络防御人员的运营就绪程度。
随着威胁的演变,我们的应对也必须随之演变。CSA将审查和更新我们的网络安全标准和义务,以加强安全控制。政府也将帮助关键系统所有者更好地检测威胁,包括来自高级威胁行为者和人工智能驱动的威胁。这包括为他们配备专有威胁检测系统。我们还将与产业界合作,深化我们网络防御人员的能力,以便他们能更好地保护新加坡。
对于政府系统,GovTech拥有现有的内部指南,以保护持有敏感数据和提供重要政府服务的系统。展望未来,GovTech将为政府供应商引入更严格的网络安全和数据保护义务,例如要求管理关键系统和敏感政府数据的政府供应商满足网络信任标志要求。
对于企业,CSA推出了各种举措来协助组织加强防御。例如,CSA的首席信息安全官即服务计划为中小企业提供了与网络安全顾问合作的途径,这些顾问可以与他们合作提升网络卫生。
政府还采取了措施来保护我们的公民免受恶意行为者伤害,例如为网关设备(即家庭路由器)引入强制性网络安全要求。家庭路由器目前需要以网络标签方案第1级的形式满足最低网络安全要求。此要求将提升至更高标准(即网络标签方案第2级)。我们还将探索为IP摄像头引入类似标准。这些措施将使数字产品更难被破坏。
总之,新加坡保持强大且具有适应性的网络安全态势。但是,即使拥有最好的防御,我们也必须对不断演变的威胁保持警惕和警觉,包括人工智能驱动的网络威胁。政府将继续审查我们的政策和举措,以确保新加坡人在网络空间中保持良好保护。
英文原文
SPRS Hansard 原始记录 · 抓取日期:2026-06-09
18 Mr Sharael Taha asked the Minister for Digital Development and Information in light of rising geopolitical tensions and the increasing use of cyber operations as part of hybrid conflict (a) whether the Government assesses that Singapore's cyber threat exposure has heightened; and (b) how the Government assesses Singapore's current overall cybersecurity readiness in safeguarding critical information infrastructure, Government systems, businesses and individual residents against evolving threats, including AI-enabled attacks, without compromising operational security.
Mrs Josephine Teo : Singapore's position as a major financial hub and digital economy makes us an attractive target for malicious actors. The Cyber Security Agency of Singapore (CSA) regularly updates the public on cybersecurity threats, such as through SingCERT advisories and the Singapore Cyber Landscape publication.
Over the years, the Government has taken steps to strengthen our cyber defenses.
Critical systems are held to higher cybersecurity standards and obligations under the Cybersecurity Act. We have also invested heavily in capability development. Initiatives like CSA's Cybersecurity Development Programme have helped to strengthen our talent pipeline while national exercises, such as Exercise Cyber Star, help enhance the operational readiness of cyber defenders across both public and private sectors.
As the threat evolves, so must our response. CSA will be reviewing and updating our cybersecurity standards and obligations to strengthen security controls. The Government will also be helping owners of critical systems better detect threats, including those from advanced threat actors and AI-enabled threats. This includes equipping them with proprietary threat detection systems. We will also partner the industry to deepen the capabilities of our cyber defenders so they can better protect Singapore.
For Government systems, GovTech has existing internal guidelines to safeguard systems that hold sensitive data and provide important Government services. Moving forward, GovTech will be introducing more stringent cybersecurity and data protection obligations for Government vendors, such as requiring Government vendors that manage critical systems and sensitive Government data to meet Cyber Trust Mark requirements.
For businesses, CSA has rolled out various initiatives to assist organisations in raising their defenses. For example, CSA's CISO-as-a-Service programme provides small and medium enterprises with access to cybersecurity consultants who can work with them to raise their cyber hygiene.
The Government has also put in place measures to protect our citizens against malicious actors, such as by introducing mandatory cybersecurity requirements for gateway devices (i.e., home routers). Home routers are currently required to meet minimum cybersecurity requirements in the form of the Cyber Labelling Scheme Level 1. This requirement will be raised to a higher standard (i.e., Cyber Labelling Scheme Level 2). We will also explore introducing similar standards for IP cameras. These will make digital products harder to compromise.
In summary, Singapore maintains a robust and adaptive cybersecurity posture. However, even with the best of defenses, we must remain vigilant and alert to evolving threats including AI-enabled cyber threats. The Government will continue to review our policies and initiatives to ensure that Singaporeans remain well protected in cyberspace.