Chok Wen Li, Consultant, Cybersecurity Certification Centre, Cyber Security Agency of Singapore, Singapore

By Yun Xuan Poon

Women in GovTech Special Report 2021.

How do you use technology/policy to improve citizens’ lives? Tell us about your role or organisation.

As a certifier with the Cybersecurity Certification Centre at the Cyber Security Agency of Singapore (CSA), I evaluate and certify IT products. This involves scrutinising the product for security vulnerabilities and weaknesses. In layman’s terms, it would be “hacking” the IT products (with the agreement and cooperation from the manufacturers themselves) to uncover vulnerabilities.

Another important part of my work is to enhance cybersecurity awareness and encourage the use of more secured products. I am grateful for the opportunities of conducting hacking demos to students at recruitment fairs and on Singapore’s television programmes such as Frontline and Punk’d etc. It is interesting to observe the audience’s surprised reactions when they see that those devices could be hacked, and it is much easier than they thought it would be.

Personally, I see the importance of promoting cybersecurity awareness, and making cybersecurity easy and more accessible to the general public, such as my family and my friends, so that they can better protect themselves against online scams and safeguard their privacy. This has been the thing which I have always wanted to do, and I am thankful that I can do so in my course of work.

What was the most impactful project you worked on this year?

I am glad to be part of the team that conceived, designed and launched the Cybersecurity Labelling Scheme (CLS). It is a first of its kind in the world with a four-level rating scheme for smart products. We were inspired by the Singapore’s National Environment Agency (NEA) five ticks Energy Label indicating the energy efficiency of home appliances. Similarly, our Cybersecurity Label from 1* to 4* provides transparency and visibility to consumers on the cybersecurity measures implemented in the product. Consumers would be more conscious about product security and thus able to make more informed decisions on the level of security the devices have. In addition, it also incentivises manufacturers to develop more secure products and which could help them gain greater market access.

Most importantly, our hope is to improve cybersecurity hygiene in smart devices leading to a more secure cyberspace for everyone so that we can all reap the benefits of digitalisation.

What is one unexpected learning from 2021?

I am an active volunteer at Jurong Spring Community Club, focusing on befriending and event planning for seniors. I am also happy to teach them how to navigate the internet safely. I am thankful that I was given the unexpected opportunity to conduct my first webinar speaking (in Chinese!) at the IMDA’s Digital Pods webinar for seniors to learn digital knowledge
such as safety tips to guard against phishing, online scams etc.

In addition, I had the opportunity to be on Singapore’s MediaCorp Chinese current affairs programme, Frontline, to demonstrate how cybercriminals conducted phishing attacks on unsuspecting public.

Beyond the technical work, I have learnt how to make cybersecurity easier for the public to understand and got the chance to practise my public speaking!

What’s your favourite memory from the past year?

It would be the launch of CLS during the Singapore International Cyber Week (SICW) 2020. It was a challenging journey for my team as we had no reference model and we had never thought that we could make it to eventually launch the scheme. We faced difficulties in crafting the requirements for each CLS level and selecting a suitable reference standard which would be commonly adopted globally to facilitate mutual recognition with other nations. It was also crucial to have a delicate balance in the difficulty of the requirements and at the same time, the requirements should be achievable such that the manufacturers remain motivated to meet the requirements and continue to develop better and more secured products.

Moreover, SICW 2020 was hosted virtually due to the Covid-19 pandemic; we had to overcome and adapt to the unforeseen changes. I am pleased that we made it and it was rewarding to see the consumers, manufacturers and the ecosystem benefiting from CLS.

What’s a tool or technique you’re excited to explore in 2022?

I would say it is hard to restrict myself to just a tool or technique. I have always liked learning new things and hacking different things. For instance, now that everything is almost digitalised or virtualised, I aim to explore fields such as software-defined networking (SDN), network functions virtualisation (NFV) and 5G to broaden the range of network products for evaluation. With the fast pace of technological advancement, I am also keen to look into how our team could do things more efficiently, such as leveraging software analysis tools, automation or even AI/machine learning.

What are your priorities for 2022?

I would like to continue deepening my technical skillsets and at the same time reach out to more people to promote cybersecurity awareness.

I am also looking forward to the new Graduate Certificate in Hardware Security Evaluation and Certification programme offered by Nanyang Technological University (NTU) in collaboration with CSA. I believe this programme would equip me with the knowledge and skillsets on physical hardware attacks and how to defend against them – an area which I am currently not very proficient yet.

Who are the mentors and heroes that inspire you?

My parents have been the best mentors in my life. They taught me to follow my passion, not give up during hardship and take small steps towards my goal. I see my teammates as the heroes who dare to dream, work towards our goal and celebrate our achievements together.

Cybersecurity could be difficult due to the fast-changing pace of technology and yet, this is also the fascinating part of cybersecurity as we are always given the opportunity to learn, unlearn and re-learn.

What gets you up in the morning?

Cybersecurity covers a wide range of areas from network, cryptography, hardware, software and many more. It provides endless learning opportunities.

Picking up new skills each day is what gets me up in the morning. Also, I find it meaningful and significant in my evaluation/certification work as it contributes to safeguarding individuals and the nation against cyber incidents.

Lastly, sharing my knowledge with the public to help them better understand cybersecurity and stay safe in the digital world, also gives me an extra energy boost in the morning!