Parliament Sitting on 11 January 2022

QUESTION FOR WRITTEN ANSWER


22. Ms He Ting Ru: To ask the Minister for Communications and Information (a) what are the precautions that should be taken in Singapore’s cyberspace to protect the digital security of Singaporeans against cyberattacks by private firms allegedly at the behest of state actors and state-backed entities; and (b) what additional and updated steps are being taken to address the risk of such attacks in the wake of developments over the last six months.

Answer:

1. Mr Speaker, the cyberspace is transnational and borderless. This means that cyberattacks can by conducted by anyone, from anywhere in the world. Regardless who the malicious actor is, putting in place cyber resilience measures to protect ourselves is key. 

2. 2021 put cybersecurity under the spotlight with a spate of cyberattacks and serious vulnerabilities discovered around the world; the most recent event of concern being the Log4Shell vulnerability found in an open-source Java package that is widely used by software developers. When there are known incidents and vulnerabilities, the Cyber Security Agency (CSA) takes immediate steps to ensure that our Critical Information Infrastructure (CII) and enterprises are secure.

3. In the case of Log4Shell, CSA called for two emergency meetings with CII sectors to issue technical details and mitigation solutions, and heightened monitoring for unusual activity. Public advisories and alerts were issued; trade associations and chambers were also briefed on the urgency for enterprises to implement the mitigation measures. 

4. To strengthen our cybersecurity, CSA encourages adopting a “zero-trust” posture. This comprises two key principles: first, do not trust any activity on your networks without first verifying it and second, ensure constant monitoring and vigilance for suspicious activities. To raise standards, CSA is developing the CII Supply Chain Programme to ensure that CII owners and their vendors adhere to international best practices for supply chain risk management. At the same time, CSA also developed actionable cybersecurity toolkits and resources for businesses under the SG Cyber Safe Programme to improve their cyber defences. These toolkits and resources can be found on CSA’s website.

5. CSA has consistently advocated that the best defence against cyberattacks is a population that is vigilant and adopts good cyber practices. Businesses and organisations are responsible for their own cybersecurity and must take action to strengthen their posture. This includes regularly updating their software and systems, and practising incident response and business continuity plans to ensure that employees are well-prepared when incidents happen. Individuals should practise good cyber hygiene and stay vigilant against phishing links. We must all strengthen our defences to participate in the digital domain safely and securely.
 
MCI response to PQ on Tracking of Local Companies which Experienced Cyber Attacks over Past Two Years and Measure to Equip Companies with Capabilities to Enhance Cyber Resilience Parliament QAs Cyber Security 09 May 22
MCI response to PQ on Number of Overseas Scam Calls Reported in 2021 and 2022 and Viability of Call Blocking Option for Users Parliament QAs Cyber Security 09 May 22
MCI response to PQ on Reasons for Recent Data Breach of Local Retail Website and Measures to Ensure Security and Protection of Customer Data Parliament QAs Personal Data, Cyber Security 04 Apr 22
Speech by Mr Tan Kiat How, Minister of State, Ministry of Communications and Information, at the launch of CSA’s Cyber Essentials and Cyber Trust marks on 29 March 2022 Speeches Cyber Security 29 Mar 22
Opening Speech by Mrs Josephine Teo, Minister for Communications and Information, at AISP's Ladies in Cyber Symposium, on 22 Mar 2022 Speeches Others, Cyber Security 23 Mar 22
Speech by Mrs Josephine Teo, Minister of Communications and Information, at the Ministry of Communications and Information Committee of Supply Debate on 4 March 2022 Speeches, Parliament QAs Public Comms, Personal Data, Libraries, Infocomm Media, Government Technology, Digital Readiness, Digital Defence, Cyber Security, Others 04 Mar 22