New Initiative to Help Manage Cybersecurity Risks in Singapore’s Critical Information Infrastructure



[ad_1]

SINGAPORE: Singapore is developing an initiative to help organizations establish best practices to better manage cybersecurity risks throughout the supply chain, including the vendors that support their operations.

This relates to Singapore’s Critical Information Infrastructure (CII), which refers to 11 sectors responsible for the delivery of the country’s essential services, including government, energy and healthcare.

Announcing the initiative on Tuesday (March 2), State Minister for Communications and Information Janil Puthucheary noted that all CII owners are currently required to maintain a mandatory level of cybersecurity under the Cybersecurity Law.

“However, we also recognize that most organizations, including CII owners, hire vendors to support their operations. Therefore, we also need to manage cybersecurity risks throughout the supply chain, ”he said in Parliament.

This requires infrastructure owners to better understand their providers to identify systemic risks and improve their level of “cyber hygiene,” he added.

The initiative, called the IIC Supply Chain Program, will involve the Cyber ​​Security Agency (CSA), IIC owners and their suppliers.

It will provide recommended processes and sound practices for all stakeholders to manage cybersecurity risks in the supply chain, said Dr. Puthucheary.

He said discussions with stakeholders will help the government improve policies on supply chain risks.

“In the longer term, our CII companies and sectors will also need to adopt a zero-trust cybersecurity posture,” he added.

READ: ‘No indication’ SolarWinds hack has adversely affected Singapore, says Iswaran

This is necessary to defend against supply chain attacks by “highly sophisticated threat actors,” such as those behind the SolarWinds breach, said Dr. Puthucheary.

The breach, first reported in December last year, involved hackers breaking into Solarwinds systems and adding malicious code to its software system, using the company as a stepping stone to break into corporate and government networks. from USA

Solarwinds is a leading provider of information technology management software based in Texas. Its clients include US government agencies and large companies such as Microsoft, FireEye, and Cisco Systems.

“In concrete terms, this means that IIC owners should not rely on digital activity on their networks without verification. They also need to continually authenticate, detect anomalies in a timely manner, and validate transactions across all segments of the network, ”said Dr. Puthucheary.

The Ministry of Communications and Information (MCI) noted that IIC’s Supply Chain Program will help infrastructure owners develop guidelines that allow them to better understand and manage their suppliers, for example by ranking them based on their cybersecurity posture.

The program will also allow providers to maintain an adequate level of cybersecurity, he added.

More details about the program will be released in the third quarter of this year, MCI said.

On the other hand, CSA will support companies in strengthening their cybersecurity with the launch of the SG Cyber ​​Safe Program, as part of the Safer Cyberspace Master Plan.

“First, we will provide informational resources and educational material for key roles, including senior executives, cybersecurity teams, and front-line employees, based on their specific roles and knowledge needs,” said Dr. Puthucheary.

A suite of cybersecurity tools for employees will be introduced later this year.

READ: Approximately 130,000 Singtel customer personal data, including NRIC details, stolen in data breach

“TRUSTED BRAND” OF CYBER SECURITY FOR COMPANIES

CSA will also introduce tools for companies to self-assess their cybersecurity posture.

A voluntary SG Cyber ​​Safe trust mark will also be introduced as a mark of distinction for companies that have invested significantly in cybersecurity.

“This means that if you are a consumer, a company, you are looking for a HR processing service, for example, and you are concerned about the cybersecurity level of the service provider, you can look for the trusted mark for greater assurance that the service provider accepts your cybersecurity. seriously, ”said the prime minister of state.

Industry consultations on the details of the trusted mark will begin in April, he added.

MCI noted that the SG Cyber ​​Safe trustmark is expected to be introduced early next year.

“As the trust mark is intended for companies and / or projects with higher cyber risk, a separate cyber hygiene mark will also be developed to complement the SG Cyber ​​Safe trust mark,” the ministry said in a press release, and added that more details would be obtained on both. to be announced later.

Singapore’s success in digitizing has exposed new vulnerabilities, which will only grow as technologies evolve and become more complex, said Dr. Puthucheary.

“Trust in our digital systems is key to the success of our digital economy efforts. Without the confidence to transact or innovate, our best efforts to develop our digital ecosystem and reap the dividends will fall short, “he said.

“A solid foundation, such as the ones I have described, will strengthen our defenses against online threats and support this trust. But they are not enough, “he added.

“We need our companies and individuals to be aware of the risks, be aware of their manifestations and make informed decisions to protect our safety.”

[ad_2]