Parliament: Cyber Security Agency to give directions to critical sectors on how to bolster cyber defence

The Cyber Security Agency will also give advice to owners of critical information infrastructure on what they can do to further beef up their defence, Minister for Communications and Information S. Iswaran said. ST PHOTO: GAVIN FOO

SINGAPORE - To better protect essential services like government, healthcare or water against cyber attacks, the Cyber Security Agency (CSA) will give directions to organisations providing critical services on the security measures they have to adopt.

The agency will also give advice to owners of critical information infrastructure (CII) - computer systems involved in delivering essential services - on what they can do to further beef up their defence.

Minister for Communications and Information S. Iswaran gave this update in Parliament on Monday (Aug 6), when answering questions about government measures to strengthen cyber security in the wake of the worst data breach in Singapore.

Last month, it was announced that hackers had infiltrated the computers at healthcare group SingHealth and stole the personal data of 1.5 million SingHealth patients, along with the outpatient prescriptions of 160,000 of these patients.

In Parliament, Mr Iswaran noted that SingHealth's patient database is part of Singapore's CII. "A cyber attack on any CII can disrupt essential services and affect public welfare and confidence," he said.

Mr Iswaran, who is also Minister-in-charge of Cyber Security, said: "CSA will direct CII owners on the essential security measures they must adopt to meet a required standard. Beyond this, CSA will also render its professional advice on what CII system owners could do to further strengthen their defences."

Mr Iswaran's comments came after the CSA announced last Friday that 11 critical service sectors have been asked to review connections to untrusted external networks or ensure better protection if they could justify the need for these connections. These sectors are: government, infocomm, energy, aviation, maritime, land transport, healthcare, banking and finance, water, security and emergency, and media.

The minister noted that the Cybersecurity Act passed in February gives the Government "additional levers to strengthen the protection of CII against cyber attacks". The CSA is currently implementing the provisions of the Act and would decide which organisations are in the CII sectors by the end of this year.

Last Friday, CSA also announced that it had lifted the pause on Smart Nation projects imposed after the SingHealth data breach.

Mr Iswaran said that the Government had taken added precautions despite there being no evidence that the Government's information and communication technology systems had been compromised.

"The Smart Nation and Digital Government Group (SNDGG) was directed to review the cyber-security measures of all existing and upcoming government systems," he said.

"SNDGG has completed its review, and will implement additional security safeguards where necessary."

Join ST's Telegram channel and get the latest breaking news delivered to you.