Veronica Tan, Director, Safer Cyberspace Division, Cyber Security Agency of Singapore (CSA)

1. How do you use technology/policy to improve citizens’ lives? Tell us about your role or organisation. 

I’m with the Cyber Security Agency of Singapore (CSA), which is the national body responsible for protecting Singapore’s cyberspace. My role overseeing the Safer Cyberspace portfolio involves building national cyber resilience for organisations in Singapore. 

Cybersecurity is sometimes perceived as a compliance cost by businesses. To change this negative perception, my work at CSA leads the development of Cyber Essentials and Cyber Trust cybersecurity certification standards for organisations.

Attaining these certifications signals that an organisation adheres to cybersecurity standards, which fosters trust among customers, partners, and stakeholders.

This allows businesses to differentiate themselves from competitors who lack these credentials, making it not just a competitive advantage but an investment. 

I also oversee the SG Cyber Safe programme for organisations, which provides free cybersecurity guidance, tools, and funding support. We highly encourage organisations to utilise these resources as much as possible. 

To subscribe to the GovInsider bulletin click here.

2. What was the most impactful project you worked on this year? 

Ensuring that the cybersecurity implementation of an organisation keeps pace with its digital transformation journey. 

Digital transformation involves the integration of digital technologies into all areas of a business to change how organisations operate and deliver value to their customers.

A typical user journey starts with the modernisation of Information Technology (IT), where physical assets and processes are digitalised, then progresses through cloud computing for scalability and agility, followed by Artificial Intelligence (AI) for data-driven decision-making and innovation. 

With each new digital technology, the attack surface of the organisation expands. Therefore, cybersecurity is not a static discipline but one that evolves as the organisation adopts new digital technologies. 

I’ve been working with the cybersecurity standards community in Singapore to explore the revision and expansion of Cyber Essentials and Cyber Trust, to go beyond “classical” cybersecurity by incorporating cloud security, Operational Technology (OT) security, and AI security. 

3. What was one unexpected learning from 2024? 

Creating images and videos using AI-powered tools to communicate specific concepts when stock images are not available or not appropriate.  

4. What’s a tool or technique you’re excited to explore in 2025? 

Exploring the potential of Human-Machine Collaboration (HMC) – this refers to humans and automated technology working alongside each other to achieve a shared goal. 

Think of this as your own personalised digital twin, or AI wingman. Reid Hoffman, co-founder and former Executive Chairman of LinkedIn, predicted that every profession will have an AI copilot by 2028. 

Back in 2018, Harvard Business Review published an article on collaborative intelligence and how humans and AI are joining forces.

The article suggested that to take full advantage of this collaboration, companies must understand how humans can most effectively augment machines, how machines can enhance what humans do best, and the need to redesign business processes to support the partnership.

Perhaps this was somewhat ahead of its time then, but with the recent developments in generative AI, this is fast becoming much more achievable. 

To subscribe to the GovInsider bulletin click here.

5. Everybody’s talking about AI today – give us your hot take on AI and what it means for the public sector.

There are 2 dimensions to this: 

1. Public sector harnessing the potential of AI to deliver services more efficiently, make informed decisions and improve public policy; and 

2. Public sector developing policies to steer the responsible use of AI in the country. 

Harnessing potential of AI 

AI can be applied in several uses cases in public sector 

• Automate routine tasks and processes – Frees up manpower for more complex and strategic work 

• Enhance decision-making and policy formulation – Provide insights into trends, risks and opportunities that might be missed by traditional analytics, e.g. identify patterns in public health data, or personalisation of public services 

• Improve citizen engagement and accessibility – Enhance engagement as AI virtual assistants can provide 24/7 access to information and services, or make services more accessible to people with disabilities, or language barriers, e.g. AI-based translation  

Developing policies to steer responsible use of AI 

Whilst AI has immense potential, it also raises significant ethical, legal and social concerns, and Governments around the world are increasingly looking into developing policies for the responsible use of AI.

What this means for the public sector is the need to develop policies that ensure AI is used ethically and responsibly, and it is why CSA launched the Guidelines and Companion Guide for securing AI systems to help organisations adopt AI in a secure manner in Oct 2024.   

6. What are your priorities for 2025? 

Rolling out the revised/expanded Cyber Essentials and Cyber Trust certification standards that provide coverage of cloud security, OT security, and AI security.  

As standards tend to be drafted in the form of guiding principles, I will also be looking into translating the guiding principles encapsulated in these cybersecurity certification standards into practical guidance that is implementable by organisations. 

7. What advice do you have for public sector innovators? 

I would like to share this quote from Walt Disney: 

“We keep moving forward, opening up new doors and doing new things, because we’re curious… and curiosity keeps leading us down new paths”. 

8. Who inspires you today? 

The Internet is one of the most disruptive innovations in human history, transforming industries, economies and social structures on a global scale. 

Therefore, I would cite the fathers, or main creators of the Internet, namely: Vint Cerf, Robert Kahn (both were co-inventors of the TCP/IP protocol suite that enable communications over the Internet), Larry Roberts (father of the ARPAnet, which was the predecessor of the Internet) and Sir Tim Berners-Lee (father of the Web).