Network security review of critical service sectors to be completed soon

A review of the network security of 11 critical service sectors, following the SingHealth data breach, will be completed by the end of this year, Minister for Communications and Information S. Iswaran said yesterday.

He gave the update in a written parliamentary reply to Ms Cheng Li Hui (Tampines GRC), who had asked about the completion timeframe, whether government grants will be given to help companies in the sectors beef up their cyber defences, and how the Government plans to work with the companies to ensure they remain vigilant. These critical information infrastructure (CII) sectors comprise government, infocomm, energy, aviation, maritime, land transport, healthcare, banking and finance, water, security and emergency, and media.

In his reply, Mr Iswaran said the Cyber Security Agency of Singapore (CSA) has asked the 11 CII sectors to take the following measures:

•Remove all connections to unsecured external networks if there are no strong business or operational reasons to keep such connections open;

•Use gateways that move in a single direction, like data diodes, to mediate connections to unsecured external networks, if they are required; and

•Use a secured information gateway, such as filters for malicious content or firewalls, if two-way communications between a secured network and an unsecured external network are required.

Some potential CII companies had previously told The Straits Times they are waiting for instructions from their regulators to clarify, among other things, what is an "untrusted external network". According to CSA, an untrusted network is not limited to the public Internet and unsecured Wi-Fi connections.


Mr Iswaran added that the Government will continue to review the essential security measures that owners of CII companies are required to adopt.

But the Government will not give grants or fund owners of CII companies to implement measures to meet cyber security requirements, as this should be borne by companies as part of normal business costs, Mr Iswaran said, given that cyber security is critical to protecting business operations and strengthening trust between businesses and their customers in an increasingly digital world.

He added that the Government and CSA will continue working closely with CII owners and businesses to strengthen their cyber security.

This includes giving professional advice to businesses, and working with the industry to provide affordable and convenient cyber security services to companies.

The Singapore Computer Emergency Response Team will also continue to educate people and businesses on how to protect themselves in cyberspace, he said.

A version of this article appeared in the print edition of The Straits Times on September 11, 2018, with the headline 'Network security review of critical service sectors to be completed soon'. Print Edition | Subscribe