Singapore addresses cyber resilience with new inter-agency task force
- CSA collaborates with CII owners and Sector Leads to foresee, identify, prevent, detect, respond to, and quickly recover from cyberthreats
- Singapore established the Counter Ransomware Task Force (CRTF), which will unite businesses, the government, and international partners to successfully combat ransomware attacks
There are risks and opportunities associated with the expanding nexus between the physical and digital worlds. As government institutions and vital infrastructure suffer targeted disruptions and ransomware attacks, cyber security is becoming an integral aspect of national security – demanding cyber resilience for everyone associated to the value chain.
The topic of COVID-19 accelerating digital technology has been discussed extensively. It is true, no matter how boring it may be to hear.
COVID the foundation to accelerate digitalization
The digital world now poses far more serious and complex threats as it has grown to be an essential and significant component in the fabric of people’s daily life. Attacking critical infrastructure could have serious consequences for nations, international systems of governance, organizations, and corporations — not to mention financial losses for businesses, and threats to lives and livelihoods.
“This is why at the global level, we need international cooperation to build a robust framework that can safeguard cybersecurity and promote confidence and trust in cyberspace,” said Teo Chee Hean, the Senior Minister and Coordinating Minister for National Security, Singapore, at the Singapore International Cyber Week (SICW). “This is key to establish norms of responsible state behavior, build consensus around the application of existing international law in cyberspace, and facilitate confidence-building measures, capacity-building and standards.”
Collaborating internationally to meet cyber resilience
At the national level, countries must create comprehensive national strategies to safeguard themselves against challenges from all spheres of influence. Hence, Singapore developed Total Defense, its national defense plan, which was unveiled in 1984 and was adopted from Sweden and Switzerland.
Given the growing significance of the cyber and digital spheres, Singapore opted to include a new pillar in 2019 called “Digital Defense.” Teo asserted that there are five tiers, or layers, to integrate cyber defense in the digital sphere.
First, the infrastructure for digital transformation needs to be protected. In addition to the physical cables and other digital connections with the rest of the world, this also refers to the gear and systems run by telcos, internet service providers, and cloud service providers.
Secondly, the need to safeguard the nation’s soft infrastructure. This includes Singapore’s National Digital Identity system, known as Singpass, which offers reliable credentials for online identity verification, and National Digital Payment system, known as PayNOW, which serves as the framework for sending and receiving national digital payments.
Third, there is a need to safeguard critical information infrastructure (CII). The fundamental services, like the provision of water, energy and transportation, depend on these digital systems.
“As part of our Total Defense philosophy, the Cybersecurity Agency of Singapore or CSA, works closely with our CII owners and Sector Leads to anticipate, identify, prevent, detect, respond, and recover rapidly from cyber threats,” explained Teo. “To improve coordination with the CII sectors, CSA is developing a next-generation National Cyber Security Centre (NCSC), which will feature tighter integration with our CII owners and Sector Leads.”
Fourth, the need to bolster organizations’ cyberthreat defenses, as well as those of research and educational institutions. Ransomware is an example of a threat that is affecting all organizations. “To help companies and organizations deal with ransomware, Singapore set up an interagency Counter Ransomware Task Force (CRTF) earlier this year. The CRTF will bring businesses, Government, and international partners together to more effectively counter ransomware attacks,” said Teo.
Last but not least, people must exercise good cybersecurity practices and safeguard the systems and devices they use. A wide variety of IoT devices, including personal ones, are linked to other hardware, software, and networks. If people or any of these devices are compromised, they could be used to weaken the entire system or network, in addition to doing damage to themselves.
“It was in this spirit that CSA launched the Cybersecurity Labelling Scheme (CLS) to help consumers identify smart devices that meet their cybersecurity needs. CSA intends to extend this labelling scheme to include medical devices. CSA will also be launching the Internet Hygiene Portal, which allows users to do “health checks” to ascertain whether the websites that they visit have the necessary security protocols,” concluded Teo.
To reach cyber resilience status, the people, organizations and nations must collaborate in order to bolster collective defense and more thoroughly defend digital systems and cyberspace.