Parliament Sitting on 4 July 2022

QUESTION FOR WRITTEN ANSWER

99. Mr Sharael Taha: To ask the Minister for Communications and Information in view of malware tools such as Pipedream or Incontroller which can seize control of critical infrastructure (a) what is the threat that such malware poses to Singapore’s critical infrastructure; (b) what steps have been taken to protect Singapore from such threats; and (c) how can the Government help companies in Singapore to be aware of such threats and take the necessary precaution.

Answer: 

1. The Cyber Security Agency (CSA) monitors threats to Singapore’s cyberspace closely, especially those that threaten Critical Information Infrastructure (CII) that support essential services.

2. The strain of malware discovered in April, referred to as Pipedream or Incontroller, is designed to target equipment found in industrial control systems, which are core to the proper functioning and control of operational systems and processes. This malware enables the attacker to manipulate and disrupt industrial processes, allowing them to remotely collect information from these systems, shut down operations, sabotage industrial processes, and potentially cause physical harm and destruction.

3. When reports of this malware surfaced in April, CSA issued an advisory to our CII sector leads and owners to take precautions against this threat and make timely incident reports. To date, we have not found any evidence of Pipedream being used against our CII. Beyond CIIs, SingCERT also publishes public advisories on protecting industrial control systems, most recently in March, to advise enterprises on how they may bolster their cybersecurity measures against threats that target these systems.

4. It is important that CII owners and other enterprises remain vigilant against cyber threats and adopt the necessary cybersecurity practices to safeguard the systems and networks. CII owners are required by the Cybersecurity Act to put in place measures to meet cybersecurity standards set by CSA. For enterprises, CSA launched the SG Cyber Safe Programme in 2021 to encourage and help companies strengthen their cybersecurity posture.

5. This includes a cybersecurity certification programme for enterprises – comprising the Cyber Essentials and Cyber Trust marks – to recognise enterprises that have implemented good cybersecurity practices. CSA also developed cybersecurity toolkits for companies of various profiles to guide enterprise leaders and their employees on cybersecurity best practices. I encourage companies to apply for these cyber marks and take advantage of the resources and toolkits available on CSA’s website.

7. Mr Speaker, cyber threats are constantly evolving. Pipedream will not be the last strain of malware to threaten us. I urge everyone to stay vigilant, take cybersecurity seriously and practice good cyber hygiene.

 

MCI response to PQ on Impact Of Recent Flaw In IOS Devices On Personal Data Of Singaporeans Parliament QAs Cyber Security 13 Sep 22
Opening Address by Mrs Josephine Teo, Minister for Communications and Information, at SCCCI's SME and Infocomm Commerce Conference, on 13 September 2022 Speeches Cyber Security, Digital Readiness, Infocomm Media 13 Sep 22
Speech by Dr Janil Puthucheary, Senior Minister of State, Ministry of Communications and Information, at Cybersecurity Innovation Day on 31 August 2022 Speeches Cyber Security 31 Aug 22
Speech by Mrs Josephine Teo, Minister for Communications and Information, at The Singapore Computer Society (SCS) Tech3 Forum on 26 Aug 2022 Speeches Others, Cyber Security, Personal Data 26 Aug 22
Speech by Mr Tan Kiat How, Senior Minister of State, Ministry of Communications and Information, on “Regulatory Bridge Between Physical Economy & Metaverse” at Business China’s Singapore Digital Economy Forum 2022 Speeches Cyber Security 23 Aug 22
Speech by Dr Janil Puthucheary, Senior Minister of State, Ministry of Communications and Information, at the Law Society's Cybersecurity and Data Protection Conference 2022 Speeches Cyber Security 04 Aug 22