13 hours ago
4
SINGAPORE: The government will help critical information infrastructure owners (CIIOs) defend against cyberattacks with new measures, including equipping them with proprietary threat detection systems.
Speaking in parliament on Monday (Mar 2), Senior Minister of State for Digital Development and Information Tan Kiat How said that these moves will help CIIOs level up and hold their own in a fight against advanced persistent threats.
"Typically, national security is the exclusive domain of governments, such as developing cutting-edge technological systems and training skilled operators to deal with various threat scenarios," he said.
"We have decided to avail some of the government’s expertise to the private sector, to level the playing field between the defenders and the attackers."
The proprietary tools, developed by the Centre for Strategic Infocomm Technologies (CSIT), will complement commercial threat detection systems used by CIIOs. The CSIT is a technical agency in the Ministry of Defence.
Authorities have started deploying these tools in selected CII systems and will progressively deploy them across the rest, Mr Tan said.
While CIIOs may need to incur costs to integrate these tools into their systems, the government will also consider funding support if needed, he added.
The government will also selectively share classified threat intelligence to help CIIOs better spot and respond to threats that are attacking their system, Mr Tan said.
“Even with these measures in place, we must be prepared that some threats will go undetected. This is why defenders must remain vigilant and constantly enhance their capabilities.”
Last year, Coordinating Minister for National Security K Shanmugam revealed that Singapore was actively dealing with a "highly sophisticated threat actor" attacking critical infrastructure.
Mr Shanmugam identified the entity as UNC3886, and said it was not in Singapore’s best interest to name the country linked to it.
Minister for Digital Development and Information Josephine Teo subsequently revealed that all four of Singapore's major telecommunication operators were the targets of that cyberattack.
Singapore’s response to the attack, known as Operation Cyber Guardian, began after the telcos reported suspicious activities within their networks to the Cyber Security Agency of Singapore (CSA) and the Infocomm Media Development Authority (IMDA).
UNC3886 has been described by Mandiant, a cybersecurity firm owned by Google, as a "China-nexus espionage group" that has targeted prominent strategic organisations on a global scale.
The Chinese embassy in Singapore has expressed its “strong dissatisfaction” at the claims linking the country to UNC3886, calling them “groundless smears and accusations against China”.
TACKLING MISINFORMATION
Minister for Digital Development and Information Josephine Teo said in her speech that another risk Singapore faces is the spread of disinformation and misinformation, fueled by technologies like artificial intelligence.
"As a diverse society, we are particularly vulnerable to online falsehoods that erode trust in our society and institutions," she said in laying out her ministry's spending plans for the coming year.
Mrs Teo added that public service media entities are important in maintaining trust in the information space.
"Our public service media entities reach over 90 per cent of Singaporeans. They remain highly trusted by the public, more so than reputable international and online media outlets," she said.
"Consequently, our public service media entities have become indispensable to countering misinformation. MDDI will therefore continue working closely with our public service media entities to maintain their reach and strengthen their fact-checking capabilities."
CNA has set up a digital verification team to investigate disinformation campaigns.
Government agencies have also collaborated with the Straits Times on the AskST series to address misinformation, said Mrs Teo.
"Given the critical role of our public service media entities, MDDI will support efforts to keep public service media content visible and easily discoverable," she added.
"We are studying approaches in other countries and will consult the industry to ensure that initiatives are implemented reasonably and effectively."
RESIDENTIAL ROUTERS' REQUIREMENTS
In a media factsheet, CSA said it will require CIIOs, auditors conducting audits for CIIOs, as well as licensed cybersecurity service providers providing penetration testing and managed security operations centre monitoring services, to meet Cyber Trust Mark (CTM) requirements.
The CTM serves as a mark of distinction for organisations to prove that they have put in place good cybersecurity practices and measures that are commensurate with their cybersecurity risk profile.
There are five cybersecurity preparedness tiers, with 10 to 22 domains under each tier.
Currently, CIIOs are required to adhere to higher standards set out in the Cybersecurity Code of Practice for their CII systems.
The new requirement for CIIOs to meet CTM Level 5 – the highest tier of certification – is meant for non-CII systems owned by the CIIOs. They will be given until the end of 2027 to obtain this certification.
CII auditors will be given until the end of 2026 to obtain this mark at the organisation level for systems that support its business operations or services.
“With Singapore’s rapid digital transformation, many businesses are becoming increasingly reliant on technology,” said CSA and IMDA.
“It is important for organisations, especially CIIOs and their vendors that have access to sensitive data or critical systems, to adhere to a common set of standards to stay ahead of emerging cyber threats.”
The authorities will do more to protect citizens against malicious actors, said Mr Tan.
For one, it will ensure that the digital products that are sold in Singapore have "baseline security safeguards" that make them harder to be compromised, he added.
Currently, all residential routers sold in Singapore must meet CLS level 1 requirements, such as having unique default passwords, vulnerability management processes and keeping software updated.
While CLS Level 1 provides basic protections, the evolving cyber threat landscape requires more robust defences, said CSA and IMDA in a factsheet.
“Current Level 1 requirements, while addressing fundamental vulnerabilities, are insufficient against more sophisticated attacks that exploit weaknesses in data encryption, authentication mechanisms, and secure storage,” added the authorities.
Last year, Singapore took part in a global operation, where it was found that attackers infected over 2,700 Singapore devices, including routers.
“Residential routers are common targets for malicious cyber actors because these devices serve as gateways to home networks and can be exploited to either gain access to other connected systems on the networks or become bots to launch attacks on other systems,” the agencies said.
Under Level 2 requirements, manufacturers must ensure that residential routers incorporate stronger security measures such as secure communications, secure storage of sensitive data and robust authentication mechanisms to better protect users' data and privacy.
These measures also reduce the risk of devices being compromised by malicious cyber actors, said CSA and IMDA.
The new requirements are expected to come into force by end-2027.
Routers currently in use will not be affected by the change, with more details about the transition and implementation period released when ready.
Given that IP cameras are also another "common target" for cyber threat actors, Mr Tan said that CSA will also explore requiring IP cameras to meet CLS Level 2 standards.
CSA will also continue to monitor and review if more digital devices should be required to meet minimum cybersecurity standards, he added.
