Parliament Sitting on 9 November 2016
QUESTION FOR ORAL ANSWER
*3. Mr Desmond Choo: To ask the Minister for Communications and Information in light of the recent cyber attacks on one of our telcos (a) how ready are our telcos and essential infrastructure in meeting such cyber attacks; and (b) and how can the Government better support our companies to improve their readiness.
Given Singapore’s heavy reliance on digital technologies, cyber-attacks can significantly disrupt the smooth running of essential services such as finance, telecommunications and transportation. The government takes these cyber threats seriously. We formed the Cybersecurity Agency of Singapore, or CSA last year and the Prime Minister launched Singapore’s Cybersecurity Strategy last month. The recent attack that affected Internet access for some users is a timely reminder that these threats are real and everyone has a part to play to secure our cyberspace.
2 11 critical sectors that provide essential services have been identified and CSA works closely with government agencies and operators in these sectors to strengthen the cyber resilience of their Critical Information Infrastructure. For example, through the Readiness Maturity Index (RMI) programme, CSA engages sector leads and operators to review the current level of preparedness, identify areas of improvement and take steps to beef up their defences. CSA also conducts regular exercises to validate and test the readiness of these plans.
3 CSA works closely with the Info-communications Media Development Authority (IMDA), as the sector lead for the infocomm sector. CSA and IMDA place strong emphasis on the cyber resilience of our telecommunications infrastructure as it is a crucial enabler for other sectors. Besides aligning with national level plans, IMDA requires ISPs to comply with the Secure and Resilient Internet Infrastructure Code of Practice as part of their license conditions. This Code requires ISPs to put in place various controls related to prevention, detection and response to cyber-attacks across telecommunications networks. The ISPs are also required to engage IMDA-approved auditors to audit their compliance to the Code.
4 To improve responses to cyber threats in the infocomm sector, then-IDA also formed the Infocommunications Singapore Computer Emergency Response Team (ISG-CERT) last year. Its remit has since been expanded to include the media sector with the formation of IMDA. ISG-CERT shares information through the issuance of actionable intelligence and alerts to the telecommunications and media operators to enhance their readiness. ISG-CERT also coordinates sector-wide responses to cyber-attacks.
5 However, the cyber threat landscape facing our CIIs is rapidly evolving and attacks are becoming more sophisticated. Despite our best efforts, breaches cannot be eliminated entirely. It is important that we respond swiftly when attacked and bring services back to normalcy as soon as possible. We will also need to continually adapt our plans based on lessons learnt. While investigations are on-going for the recent attack, IMDA, CSA and ISPs have not stood still. IMDA, through ISG-CERT has issued advisories to local ISPs on measures to take to mitigate similar attacks, such as beefing up Domain Name Server capacity, and monitoring and placing limits if needed on traffic coming from identified network ports.
6 Beyond the critical sectors, it is also important that companies – including SMEs – adopt good cybersecurity practices. Consumers expect that digital processes are secured and their private information is protected when transacting with companies. Businesses should therefore view cybersecurity as investments to improve their competitiveness, rather than just additional cost. To keep informed of latest cybersecurity threats and steps to take to mitigate these risks, companies can refer to regular advisories and alerts that are issued by the Singapore Computer Emergency Response Team (SingCERT).
7 As shown from the recent incident, consumers also play an important role in building a safer cyberspace. Consumers should adopt good cyber hygiene to minimise the risk of falling prey to cyber criminals or unwittingly allow their internet-connected devices such as webcams and routers to be used to launch cyber attacks against others. Each of us can take responsibility by taking steps such as changing the default password on home equipment and wireless networks, and regularly applying software updates to our computers and mobile phones. Such measures are published regularly on SingCERT’s website.