MDDI 演讲稿 · 2026-04-17

高级政务部长陈杰豪在2026年STACKx网络安全会议的开幕致辞

高级政务部长陈杰豪在2026年STACKx网络安全会议的开幕致辞

Tan Kiat How · MDDI 高级政务部长 · How 亮相 STACKx 网络安全大会

要点

  • GovTech成立十周年之际,99%的公民政府事务已实现数字化,Singpass每月处理逾4100万笔交易,LifeSG将超130项政府服务整合于单一应用程序。
  • 新加坡网络安全局(CSA)与GovTech已向关键信息基础设施(CII)所有者及政府机构发出前沿AI风险预警,援引Anthropic旗下「Claude Mythos」据报能自主识别零日漏洞并将其串联为可用攻击链。
  • 新加坡正从传统监管关系转向与CII所有者的伙伴协作模式,以「网络卫士行动」(Operation Cyber Guardian)跨机构协同应对UNC3886高级持续性威胁对电信基础设施的攻击为例,政府现将选择性共享机密威胁情报及专有威胁检测系统。
  • GovTech自2018年启动的政府漏洞赏金计划已在全球范围众包道德黑客,联动逾60个机构,累计发现超1000个安全问题。
  • 政府将AI与网络安全的关系界定为三个维度:AI作为威胁(攻击更快、规模更大)、AI作为工具(更早检测、更快响应)及AI作为攻击目标(需建立安全采用标准)。
  • CSA通过「新加坡网络人才」(SG Cyber Talent)等计划构建覆盖青年至资深专业人员的多元人才通道,GovTech同步为其网络安全团队提供AI专项培训,并着手将相关课程体系扩展至整个政府部门。
  • 新加坡网络安全治理定于最高层级,总理公署直接统筹国家网络安全职能,并设有国家安全统筹部长与网络安全部长双重领导架构以彰显问责优先级。

完整译文(中文)

MDDI 英文原文译文 · 翻译日期: 2026-06-21

早上好。我很高兴今天能参加STACKx网络安全大会。

今年,我们也迎来了GovTech成立十周年。GovTech从根本上改变了公民与政府互动的方式。

如今,公民与政府99%的事务往来均以数字方式完成,从而提供了更高效、更便捷的服务,使公民和公共部门均受益。

Singpass已发展成为我国的国家数字身份,使日常服务的访问更安全、更快捷,每月支持超过4100万笔交易,并有效消除了大多数居民填写纸质表格的需要。

LifeSG是另一个例子,作为一站式应用程序,整合了超过130项政府服务,帮助家庭和个人更便捷地使用政府服务。

对整个GovTech团队致以赞扬,并向过去10年与他们紧密合作的各方合作伙伴致以衷心感谢!我们期待见证更多里程碑。

在庆祝我们所取得成就的同时,我们也认识到,我们数字系统的攻击面已大幅扩大,而与此同时,我们还需应对日趋复杂的网络安全形势。

首先,我们面对的对手大幅增加,从网络罪犯、雇佣黑客组织到国家支持的行为者,不一而足。

例如,近期我们不得不应对一起高级持续性威胁(APT)——UNC3886,该威胁以复杂手段针对新加坡的电信基础设施发动攻击。

其次,人工智能正在迅速发展。人工智能与网络安全深度交织。人工智能为网络防御者提供了重大机遇,但也可能被滥用于发动规模更大、速度更快、手段更复杂的网络攻击。

Anthropic近期发布的关于Claude Mythos的报告在网络安全界引发了广泛关注。据报道,该系统能够自主识别零日漏洞,并将其串联成可实际运行的漏洞利用链。专家们普遍认为,这些进展代表着威胁形势的跨越式飞跃。一旦落入不法之手,即便技术较弱的威胁行为者也能以规模化、高速度的方式发动复杂攻击。可以想象,若由经AI增强的熟练攻击者掌握,将会造成何等危害。

Claude Mythos目前尚未创造出根本性的全新攻击类型。然而,业界普遍认识到,此类人工智能工具缩短了发动网络攻击所需的时间,降低了所需资源。各组织需要采取主动措施,针对前沿AI模型带来的攻击风险,全面强化网络防御态势。

各组织需要从根本上重新思考如何保护其数字系统。例如,组织修补漏洞的可用时间可能从数天压缩至数分钟。

过去,拥有源代码晦涩的遗留系统和运营技术(OT)系统的组织尚可自我安慰,认为攻破这些系统需要专业技能。而如今,人工智能已能加速漏洞的识别与利用。

潘多拉魔盒已经打开。

为此,新加坡网络安全局(CSA)和GovTech已向关键信息基础设施(CII)所有者及政府机构发出警报。CSA还发布了一份关于前沿AI风险的咨询指南,概述了即时缓解措施,例如修补高危漏洞,以及利用人工智能主动识别和解决漏洞等其他防御策略。

我们必须认真对待这些威胁。

今天,我想谈谈保障我国网络空间安全所需的三个重要要素。

重新界定政府在保障网络空间安全中的角色

第一,政府的角色。

新加坡正式组织网络安全工作略超过十年。

我们于2015年成立CSA,对新加坡的网络安全实施集中监管,并推出了《网络安全战略》。

2016年,我们成立GovTech,推动智慧国家计划,并赋予其负责监管政府系统网络安全的职责。

我们还通过了《网络安全法》,建立了保护基本服务的立法框架。

这些举措使我们得以奠定基础,例如明确对CII所有者的网络安全标准要求,以及建立审计与合规框架。

面对不同运营环境中的网络安全威胁,各组织需要认识到,网络安全不仅仅是为满足要求而走过场的例行动作;仅仅提升单个组织的网络安全态势也是不够的。

试想这样一个类比:为保护住宅安全,您必须为房屋安装坚固的锁,而不能听天由命。这是每位房主应达到的最低标准,也符合其自身利益。但与此同时,即便您安装了最坚固的锁,若邻里环境依然不安全,您遭受入侵的风险仍将居高不下。需要集体努力,才能为所有人创造安全的环境。

因此,政府正在超越与CII所有者之间传统的监管者与被监管者关系,转而与各组织更紧密地合作,共同应对网络威胁。

我们对UNC3886攻击的集体应对正是这一转变的体现。当电信运营商遭受攻击时,政府在"网络卫士行动"(Operation Cyber Guardian)框架下调动了各机构的网络防御力量,并与运营商紧密合作,共同应对威胁。

上个月在财政预算委员会辩论中,我分享了我们如何加强与CII所有者合作以应对APT的举措。政府将积极介入,协助CII所有者,有选择性地共享机密威胁情报,并为其配备专有威胁检测系统,以抵御资源雄厚的对手。

这一共同责任理念与新加坡推行"全面防卫"的做法相似,政府、企业和个人均发挥各自作用。

同样,我们需要在网络安全领域培育这种集体精神。

加强公私合作,提升能力

政府将尽最大努力保护网络空间,但我们并不能掌握所有答案。私营部门拥有丰富的专业知识和能力。这引出了我的第二点——公私合作的重要性。

我很高兴今天看到众多来自私营部门的与会者。希望这次活动能成为我们共同学习、建立新关系的契机。

通过合作与经验分享,我们构建起一个强化防御的网络。

GovTech的政府漏洞赏金计划便是一个典型案例。自2018年以来,该计划在全球众包道德黑客,与逾60个机构合作,发现了1000余个安全漏洞。

随着AI应用的增长,这些合作关系将愈发关键。我们必须共同应对AI与网络安全的三个方面:

AI作为威胁。威胁行为者正借助AI提升攻击的速度、规模与复杂程度。为此,我们必须转向持续监测与保障模型,以实时发现并化解威胁。

AI作为工具。我们需要利用AI来应对复杂的AI自动化攻击链。AI可实现更早的威胁检测与更快的响应速度,并减少攻防双方之间的不对称性。

最后,AI作为攻击目标。我们必须确保企业安全地采用AI,使其不成为安全漏洞。这意味着需要建立测试能力,并制定安全、可靠使用AI的标准。

AI领域正在快速演进,保持领先优势需要政府、产业界与学术界的紧密合作。我们需要充分运用AI能力进行防御,比图谋危害我们的人抢先一步。

政府已准备好率先与私营部门携手应对这些挑战。今天的会议将探讨我们如何在创新的AI与网络安全项目上开展合作。

培养网络安全人才与领导者

第三,培养网络安全人才与领导者。尽管我们谈论AI与自动化,但我坚信,保障网络空间安全最重要的因素是人。网络安全人才与领导力在这方面至关重要。

我们正在开辟多种途径,吸引和培育各阶段人才,从青年到经验丰富的专业人士。市场需求旺盛,未来就业机会和职业发展前景良好。

通过CSA的SG Cyber Talent计划等项目,我们提供以实战技能和实践准备为核心的全面培训。

AI对网络安全的变革性影响,要求我们建立应用AI和防范AI的能力与素养。政府正积极发挥表率作用。

GovTech已为其网络安全团队提供了AI在网络安全领域应用及AI系统安全方面的培训。目前正着手制定专项培训路径,并将这些计划推广至政府其他部门。

我们与产业界、学校和社区紧密合作,共同建设人才队伍。人才在政府与私营部门之间双向流动,促进知识转移,提升整个生态系统的能力。政府正在发挥引领作用,我们已尽其所能,因此我鼓励私营部门及学术界的所有合作伙伴与我们携手共进。

但人才只是方程式的一部分。良好的网络安全同样需要优秀的领导力。领导者必须能够做出负责任的决策,不仅在形势良好时如此,在情况不利时更要如此。

网络安全领导力至关重要,其重要性不亚于数字化或AI转型。你不能只说想要一辆快车,却不安装良好的刹车系统。网络安全不仅仅是CISO或IT部门的技术问题,更是CEO和董事会必须承担的领导责任。

这一点体现在新加坡政府对网络安全的治理之中。

政府认识到,网络韧性需要最高层级的监督。正因如此,总理公署对国家网络安全职能实施直接监管。

统筹协调国家安全事务部长与网络安全部长的委任,进一步彰显了领导力的重要性。

这种领导理念必须在每一个组织中扎根落实。

最后,新加坡始终致力于在日益全球化、AI驱动的世界中成为值得信赖的伙伴。

停滞不前并非选项。威胁行为者行动迅速,AI正在重新定义对手的能力。我们必须奋起迎接这些挑战,同时推动创新,将这些技术转化为我们的优势。

我们网络空间的未来,取决于我们今天所构建的伙伴关系。

祝各位会议和大会圆满充实,希望大家结交新朋友、建立新关系,持续壮大这一实践共同体,进一步保障我们的网络空间安全。谢谢。

英文原文

MDDI 官网原始记录 · 抓取日期: 2026-06-21

Good morning. I am pleased to join you at the STACKx Cybersecurity conference today.

This year, we are also marking the 10th anniversary of GovTech. GovTech has fundamentally shifted how citizens interact with the government.

Today, 99% of citizens' transactions with the government are completed digitally, enabling more efficient and convenient services that benefit citizens and the public sector alike.

Singpass has evolved into our national digital identity for safer and faster access to everyday services, supporting over 41 million transactions monthly, and effectively eliminating physical forms for most residents.

LifeSG is another example, serving as a one-stop app consolidating over 130 government services, helping families and individuals interact with government services with greater ease.

Well done to the entire GovTech team, and a big thank you to partners that have worked closely with them over the past 10 years! We look forward to many more milestones.

As we celebrate our achievements, we recognise that the attack surface of our digital system has increased significantly, even as we need to navigate an increasingly complex cyber landscape.

Firstly, we face many more adversaries, from cybercriminals to mercenary groups to state-backed actors.

For example, recently, we have had to deal with an advanced persistent threat (APT), UNC3886 which targeted Singapore’s telecommunications infrastructure with sophisticated techniques.

Secondly, AI is advancing rapidly. AI and cybersecurity are deeply intertwined. AI is a significant opportunity for cyber defenders but can also be misused for increasingly fast and sophisticated cyberattacks at scale.

Anthropic’s recent report on Claude Mythos has created a stir within the cyber community. It is reportedly capable of autonomously identifying zero-day vulnerabilities and chaining these into working exploits. There is consensus among experts that these developments represent a step jump in the threat landscape. In the wrong hands, it will enable even the less skilled threat actors to conduct sophisticated attacks at scale and speed. You can imagine the harm that can be done in the hands of skilled operatives who are augmented by AI.

Claude Mythos does not yet create fundamentally new classes of attacks. However, it is recognised that such AI tools reduce the time and resources required to conduct cyber-attacks. Organisations need to take proactive steps to strengthen their overall cyber defence posture against the risk of attacks from frontier AI models.

Organisations will need a fundamental rethink on how they secure their digital systems. For example, the time that organisations have to patch vulnerabilities may shrink from days to minutes.

In the past, organisations that have legacy systems with obscure source codes and Operational Technology systems could take comfort that specialised skillsets were required to compromise these systems. AI can now accelerate the identification and exploitation of vulnerabilities.

Pandora’s box has been opened.

As such, the Cyber Security Agency of Singapore (CSA) and GovTech have issued an alert to our Critical Information Infrastructure (CII) owners and government agencies. CSA has also published an advisory on frontier AI risks. This outlines immediate mitigation measures such as patching high-critical vulnerabilities, as well as other defence strategies like leveraging AI to proactively identify and address vulnerabilities.

We have to take these threats seriously.

Today, I would like to speak about three important elements needed to secure our cyberspace.

Reframing the role of the Government in securing cyberspace

First, the role of the Government.

Singapore formally organised its cybersecurity effort a little over a decade ago.

We established CSA in 2015 to provide centralised oversight of Singapore’s cybersecurity, and launched the Cybersecurity Strategy.

In 2016, we launched GovTech to drive our Smart Nation initiatives and gave it the responsibility of overseeing the cybersecurity of government systems.

We also passed the Cybersecurity Act and established the legislative framework to secure essential services.

These moves enabled us to put in place the foundations such as articulating the cybersecurity standards expected of our CII owners and the framework for audits and compliance.

To deal with the cybersecurity threats in a different operating environment, organisations need to see cybersecurity as not just another box-checking exercise to meet requirements; it is also not enough to just uplift the cybersecurity posture of individual organisations.

Consider this analogy: to keep your house safe, you must install strong locks on your house and not leave it to chance. That is the minimum and in the interest of each homeowner. At the same time, even if you have the strongest lock, if the rest of the neighbourhood remains unsafe, your risk of intrusion stays high. There needs to be a collective effort to create a secure environment for all.

Hence, the Government is moving beyond the traditional regulator-regulatee relationship with CII owners, and is partnering more closely with organisations to combat cyber threats together.

Our collective response to the UNC3886 attacks exemplifies this shift. When the telcos came under attack, the Government mobilised cyber defenders across different agencies under Operation Cyber Guardian and worked closely with the operators to tackle the threat.

At the Committee of Supply Debate last month, I shared how we are stepping up efforts with CII owners against APTs. The Government will lean in to help CII owners, selectively sharing classified threat intelligence and equipping them with proprietary threat detection systems to defend against well-resourced adversaries.

This shared responsibility concept is similar with the approach Singapore takes for Total Defence where the Government, firms and individuals all play a role.

Similarly, we need to foster this collective spirit for cybersecurity.

Strengthening public-private collaboration to uplift capabilities

While the Government will do our best to protect cyberspace, we will not have all the answers. There is a wealth of expertise and capabilities in the private sector. This brings me to my second point on the importance of public-private collaboration.

I am glad to see many attendees from the private sector today. I hope that this will be an occasion for all of us to learn together and build new relationships.

Through collaboration and sharing experiences, we build a network that strengthens our defence.

GovTech's Government Bug Bounty Programme is one such example. Since 2018, it has crowdsourced ethical hackers worldwide, working with over 60 agencies and uncovering more than 1000 security issues.

These partnerships will become even more critical as AI adoption grows. Together, we must address three aspects of AI and cybersecurity:

AI as a threat. Threat actors are using AI to increase the speed, scale and sophistication of their attacks. To counter this, we must shift toward a continuous monitoring and assurance model to detect and mitigate threats in real-time.

AI as a tool. We will need to harness AI to counter sophisticated, AI-automated attack chains. AI can enable earlier threat detection and faster response times and reduce the asymmetry between attackers and defenders.

Lastly, AI as a target. We must ensure enterprises adopt AI securely so it does not become a vulnerability. This means building capabilities in testing and establishing standards for safe and secure AI use.

The AI space is evolving rapidly, and staying ahead requires close collaboration between government, industry and academia. We need to make full use of AI capabilities to defend and be a step ahead of those who wish us harm.

The Government is prepared to take the lead in working with the private sector on these challenges. The sessions today will explore how we can collaborate on innovative AI and cybersecurity projects.

Developing cybersecurity talents and leaders

Third, developing cybersecurity talents and leaders. While we talk about AI and automation, I firmly believe that the most important ingredient to secure our cyberspace is our people. Cybersecurity talent and leadership are critical in this aspect.

We are developing multiple pathways to attract and nurture talent at all stages, from youths to experienced professionals. The demand is strong, with good jobs and career prospects ahead.

Through programmes like CSA's SG Cyber Talent initiative, we provide comprehensive training focusing on real-world skills and practical readiness.

AI’s transformative impact on cybersecurity demands building capabilities and competencies to use and guard against it. The Government is stepping up to lead by example.

GovTech has provided its cybersecurity teams with training on AI applications in cybersecurity and the security of AI systems. Work is underway to develop specialised training pathways and expand these programmes across the rest of government.

We work closely with industry, schools and the community to build up our workforce. Talent flows between government and the private sector, enabling knowledge transfer and strengthening capabilities across the ecosystem. Government is taking the lead and we are doing our part so I encourage all our partners in the private sector, as well as academia, to work together with us.

But talent is only part of the equation. Good cybersecurity also requires good leadership. Leaders must be able to make responsible decisions that hold up not only on good days, but even more so on bad days.

Cybersecurity leadership matters, and is as important as digital or AI transformation. You cannot say you want a fast car without putting in good brakes. Cybersecurity is not simply a technical issue for the CISO or IT department, but a leadership responsibility that the CEO and board must own.

This is reflected in the governance of cybersecurity within the Singapore Government.

The Government recognises that cyber resilience demands oversight at the highest levels. This is why the Prime Minister’s Office maintains direct stewardship over our national cybersecurity functions.

The appointment of both a Coordinating Minister for National Security and a Minister for Cybersecurity further underscores the importance of leadership.

This leadership mindset must take root in every organisation.

In closing, Singapore remains committed to being a trusted partner in an increasingly globalised, AI-driven world.

Standing still is not an option. Threat actors are moving fast, with AI redefining adversarial capabilities. We must rise to meet these challenges while driving innovation to harness these technologies to our advantage.

The future of our cyberspace depends on the partnerships we forge today.

I wish all of you a productive session and conference, and hope that you make new friends, build new relationships and continue to foster this community of practice to further secure our cyberspace. Thank you.

MDDI 官网原文