‘Test, test and test’: How GovTech strengthens the cyber resilience of public services

Ready to explore the frontlines of cybersecurity? Here’s your chance to attend STACKx Cybersecurity Conference 2025 - for free! Read on to find out how you can secure a complimentary pass.

Singapore is shaping its national cybersecurity posture with three strategic shifts: from discrete to continuous, from reactive to proactive, and from compliance to competency, says Justiin Ang, the Singapore Government’s Chief Information Security Officer (CISO).

Apart from his role as Government CISO, Ang is also GovTech Singapore’s Assistant Chief Executive, Cybersecurity, Trusted Infrastructure Service.

Speaking to GovInsider ahead of the STACKx Cybersecurity Conference on April 15 at Sands Expo and Convention Centre in Singapore, Ang shares more about GovTech’s efforts to enhance cyber defences across public agencies.

From discrete to continuous

“Test, test, and test some more” has become GovTech’s mantra to ensure that critical government systems remain intact and standing in the face of malicious threats.

“Baseline vulnerability assessments and penetration tests are important, but [they] merely provide a snapshot. Can we do better by testing more frequently?”, he asks.

He cites the successes in doing so through GovTech’s Government Bug Bounty Programme (GBBP) and Vulnerability Disclosure Programme (VDP).

The programmes respectively engage in continuous red teaming and resilience testing, as well as to promote responsible reporting among public agencies.

The agency is also scaling up its Distributed Denial of Service (DDoS) testing capabilities to make it easier for other public agencies to test safely.

All users and systems must be continuously verified, he says, adding that this can be done by adopting a multi-layered security approach and integrating zero-trust architecture.

“This will have to be complemented with comprehensive monitoring, and timely response and remediation capabilities,” he shares.

To subscribe to the GovInsider bulletin click here.

From reactive to proactive

Shifting “beyond the paradigm that cyber attacks can be prevented”, GovTech is preemptively and continuously testing its systems for vulnerabilities, rather than rely on just periodic checks, says Ang.

Other than putting in place a robust defence, strong intelligence-driven detection and responses are also important, which can be enabled by artificial intelligence (AI).

“By using intelligence and context to enrich logs and AI assistance to automate repetitive tasks and sieve through large volumes of logs… our defenders are in a much better stead to detect and respond expeditiously,” he explains.

To make it easier for public agencies to deploy AI for cybersecurity, GovTech aims to incorporate AI solutions into the Singapore Government Tech Stack (SGTS) and offer secure-by-design AI services that can be readily implemented by agencies.

Concurrently, GovTech is also working with the Government's cyber engineers to identify the opportunities to weave AI in to tackle their pain points.

"This involves carefully evaluating potential improvements and prioritising them based on their feasibility and ability to address these specific challenges”, he explains.

Aside from developing in-house capabilities by “starting small and exploring AI use cases,” Ang highlights that this should be complemented by a build-buy strategy.

The strategy entails “working with industry partners to explore proven AI solutions based on our learnings, and developing products for government-specific use cases or areas not currently addressed by the industry”, he adds.

From compliance to competency

As government services and applications become increasingly digitalised, security is everyone’s responsibility – and not just the CISOs and security teams, Ang says.

He also emphasises the need for public officers to possess the competence to assess the risks of systems, rather than to depend on a checklist to guide them.

But while cybersecurity training is “an easy start”, he notes the greater value of regular sharing sessions focused on cyber threat intelligence, featuring redacted real-world examples and post-incident analyses.

To enter the lucky draw for a free pass to STACKx Cybersecurity conference, write to editorial@govinsider.asia before April 10 with two things:

1) state a reason why you want to attend this event; 2) send a screenshot of you subscribed to GovInsider bulletin/eDM newsletter here.

CISOs are expected to take on more of a strategic leadership role by balancing security with innovation needs across agencies.

One of the key challenges is managing the supply chain dependencies and complex digital ecosystem.

“As public agencies increasingly rely on third-party services and solutions, CISOs must navigate the risks associated with vendor integrations, cloud services, and external partnerships,” says Ang.

He adds that the challenge is further magnified by the need to ensure compliance with security standards, while preserving operational efficiency and service delivery.

Ang also underlines the importance for CISOs to cultivate strong partnerships with vendors.

“Organisations in the private sector will need to understand government challenges in safeguarding national security and serving public interests, while public agencies will need to create opportunities and streamline communication channels for private sector collaboration”, he says.

“The community is equally important, with the public and private sectors working hand in hand to defend our nation, exchanging ideas and pushing boundaries.”

Why public officers should attend STACKx Cybersecurity event

The one-day event will consist of panel and breakout sessions, as well as networking opportunities that are targeted at exploring three key themes.

The themes are AI x Cybersecurity, Resilient and Secure Cloud, as well as the CISOs of the Future.

Ang shares that public officers can learn about the latest cybersecurity tools and techniques being adopted across the government. Also, the networking and discussions create opportunities for cross-agency collaboration and knowledge sharing on cyber defence strategies.

The event will also see industry partners showcasing their collaborations with GovTech, which provides an opportunity for public officers to learn more and adapt to their work.

Don’t miss this opportunity to shape the future of digital security! Use our promo code P_GOVINSIDER25ST to get a 20 per cent discount for your ticket. Sign up now at go.gov.sg/stackxcyber-govinsider! Registration closes on April 10, 2025. 

Date: April 15, 2025
Time: 9:00 AM – 5:00 PM (SGT)
Venue: Sands Expo and Convention Centre, Singapore