Speech by Senior Minister of State Janil Puthucheary at the Committee of Supply Debate 2025

1. Thank you, Mr Chairman. I thank the Members for their cuts and questions, and I hope in my response today to be addressing cuts filed by Ms Jessica Tan, Ms Tin Pei Ling, Mr Ong Hua Han, Mr Sharael Taha, Mr Dennis Tan and Ms Mariam Jaafar.

2. Sir, trust is at the heart of our Smart Nation efforts. Our citizens and businesses must be confident that the digital systems and services that they rely on, and the interactions and transactions that they engage in, can be trusted.

3. I will explain MDDI’s approach to building this trust: by ensuring the resilience, security and future-readiness of key digital infrastructure, and by driving Government AI adoption and innovation for the public good.

Upholding Resilience and Security of Key Digital Infrastructure and Services

4. The Government has existing regulations to reduce risks to digital infrastructure and services, including cyber-attacks and service disruptions. For example:

a. Under the Telecommunications Act, IMDA requires broadband and mobile network operators to take proactive measures to minimise disruptions.

b. There are also sectoral regulations for digital services, such as MAS’ IT resilience and security requirements for financial institutions.

5. But the digital landscape is much bigger, and constantly evolving. Digital infrastructure like data centres and cloud services have become important in enabling many functions including e-banking and payments, ride-hailing, e-commerce, and digital identity. These functions allow citizens to meet their day-to-day needs and do so conveniently and effectively. They help businesses to grow. However, the growing scale and complexity of our digital infrastructure also mean an increased surface area for cyber-attacks, and a higher risk of disruptions arising from hardware failures, misconfigurations, and other problems. Should these disruptions occur, the impact is higher given the increasing utilisation of these services.

6. Last year, we amended the Cybersecurity Act to address new challenges in our operating environment.

a. These amendments, which are expected to come into force later this year, will empower CSA, the Cyber Security Agency, to better ensure the cybersecurity of important entities and systems beyond the Critical Information Infrastructure. These include data centres and cloud services. This in turn improves trust and confidence in Singapore and our digital economy. Owners of Critical Information Infrastructure also have the opportunity, we hope, to review their business models. We hope that they will be encouraged to review their business models and do so with a view to using new technologies such as commercial cloud solutions.

7. Beyond cyber threats, we must guard against risks that disrupt access to digital infrastructure and services, including physical hazards like fires, and less visible risks like hardware failure and system misconfiguration.

8. These are risks as a result of our dependence on digital infrastructure and services. We cannot eliminate risk completely, so we must enhance our preparedness by reducing the occurrence and the impact of disruptions.

9. We are working towards introducing a new law this year, called the Digital Infrastructure Act. This will improve Singapore’s digital resilience and security. The Act targets foundational digital infrastructure, starting with major cloud service providers and data centres.

a. The Act will require major operators to implement measures to uphold their resilience and security, and to minimise disruptions.

b. We are studying requirements for major operators to report disruptions to the Government, so that we can better learn and improve from these incidents, and support response and recovery efforts where needed.

c. We have been seeking feedback from digital infrastructure providers and some of their customers, since mid-2024.

10. The Infocomm Media Development Authority, IMDA, recently released Advisory Guidelines for cloud service providers and data centres. These guidelines contain key measures that we have been consulting stakeholders on.

a. The guidelines encourage data centre operators to have a robust business continuity system and ensure high availability for their enterprise customers.

b. Cloud service providers are also encouraged to manage data security risks, and ensure business continuity planning.

c. All operators are encouraged to implement the measures, and many providers including Microsoft, Equinix and Keppel, and their enterprise customers, have expressed support for the new Advisory Guidelines, which they find to be fit for purpose and aligned with international standards.

11. We are also strengthening the resilience of our Government systems to ensure that Singaporeans have trust and confidence when interacting with the Government online.

a. We have improved the resilience of central systems used by Agencies. Service availability for these systems rose from 95% to 99.5% in the last year. We will continue to increase the adoption of tools to improve the resilience of Government applications, including those that monitor system uptime.

b. As resilience measures incur costs, our approach must be calibrated. We will support Agencies providing important services to implement more sophisticated measures where appropriate.

12. There is a need for Government to manage access to information about individuals, as such information could be exploited in scam tactics.

a. We are committed to ensure that data, including personal data, is managed carefully and responsibly.

b. In the Government’s provision of the digital services involving data, Agencies must assess the right balance between the benefits and risks in each use case, to achieve the dual objectives of service accessibility and data protection, in line with the guidelines and safeguards that MDDI has provided.

Ensuring Future-Readiness of our Digital Infrastructure

13. Sir, our digital infrastructure must not only be secure and resilient, but also position Singapore for the future.

14. Last year, we announced that IMDA is investing up to $100 million to upgrade our Nationwide Broadband Network (NBN). This will enable broadband speeds up to 10 times faster than what most households have today.

a. Operators are starting to offer higher speed broadband services at lower prices. A 10 Gig plan now costs between $30 to $70, compared to more than $100 a year ago.

15. Developing our future-ready digital infrastructure also entails addressing resource constraints as we pursue growth. We must explore ways to support Singapore’s AI ambitions while keeping to our climate commitments, as well as balance digital infrastructure growth with environmental sustainability.

a. IMDA launched the Green Data Centre Roadmap last year to guide data centres to improve energy efficiency and use green energy to grow AI compute capacity sustainably. We have made good progress. For example, the BCA-IMDA Green Mark for data centres was refreshed last October to raise the bar for data centre sustainability. IMDA also launched the Energy Efficiency Grant for the data centre sector last December to support businesses’ upgrades to more energy efficient IT equipment.

b. MDDI is exploring further ways to uplift data centre sustainability through regulations. We are studying other jurisdictions and are in early engagement with industry to develop a framework for Singapore’s context.

Doing Digital Government Differently

16. Sir, we have to lead by example, as a Digital Government. We must continue to build the capabilities for the public sector to create and experiment with AI, and unlock citizen-centric solutions.

a. We have made available within the Public Service access to best-in-class AI and Large Language Model tools, LLM tools. Pair Chat is a fast and secure generative AI assistant used by more than half the Public Service today. Last year, we organised a whole-of-government prompt engineering competition. This attracted over 1,040 officers. The fact that I can say this already makes us quite unusual in terms of how we ‘do Digital Government’ – that we have a prompt engineering competition within Government and that there were 1,040 officers who participated. The finalists were tasked to build an event publicity website within 10 minutes using LLM tools. The winner of this competition was Muhammad Naim Bin Zahari, a firefighter with SCDF. At the time of the competition, he had just completed a 24-hour shift. In second place was Rachel Tiang, a finance officer at MOM. Neither were in technical roles dealing with AI. Both of them and all the competitors were more than capable of building this functioning publicity website within 10 minutes using these AI and LLM-augmented tools.

b. We actively involve non-technical public officers in creating digital products. Last year, GovTech held its inaugural series of hackathons for public officers, called the LAUNCH! Programme. It gathered more than 600 ideas and birthed 26 innovative prototypes. For example, a team of two primary school teachers and a GovTech officer prototyped an AI tool to provide students with immediate customised feedback on their oral skills performance.

c. We are also exploring how officers can innovate better and faster with AI. One of the prototypes from our recent Hack for Public Good hackathon was Spaceship, a tool to make prototyping less daunting for public officers. Spaceship enables officers to use AI agents to build and deploy fully functional prototype applications, including LLM-based tools. They do this using just plain English. This is a tool for non-technical public officers to get from an idea to a workable app in minutes using just plain English. I tried out this prototype, and I tried to have it code a portal that restricted the length of MPs’ speeches. It put the appropriate filter into the spreadsheet, but I think that is the limit of the technology today.

17. As we increase the use of AI in Government, it is critical to understand and mitigate the risks in AI applications. GovTech is building the capabilities to ensure that the Government’s Generative AI applications go-to-market safely.

a. We have Litmus, a tool for AI safety and security testing. We have curated a set of tests to ensure our AI applications are resistant to risks that mislead users or cause reputational harm. Litmus is built in partnership with IMDA’s Moonshot, and will be launched this year. Based on tests with Agencies, we have seen how Litmus can spot potential safety issues ahead of time, allowing us to act proactively. Essentially this is AI testing as a service.

b. Litmus provides a diagnosis of the AI risks, but we also need a solution once those risks are detected. In the AI world, guardrails ensure that AI systems operate within ethical, legal, and functional boundaries. We are building Sentinel, a platform that provides guardrails as a service for the Government’s AI applications. Product teams can choose from a curated list of guardrails, including those from top AI developers and localised ones like LionGuard, and easily integrate these into their applications. Sentinel has been able to accurately identify attempts to infiltrate systems or trick AI models into producing inappropriate output.

c. Litmus and Sentinel demonstrate how we want to develop Government Generative AI applications that are safe for use, including by members of the public.

Conclusion

18. Sir, our digital infrastructure underpins key functions that citizens and businesses rely on. We have therefore actively invested in enhancing the security, resilience and future-readiness of our key digital infrastructure. We also continue to build capabilities in the public sector, and embrace experimentation and innovation with AI, to better serve Singaporeans. I am hopeful that this will build trust in our digital future as we continue on our Smart Nation journey.

19. Thank you.