CSA to give directions on boosting security of essential services

The Cyber Security Agency will aid organisations providing critical services in the security measures they have to adopt and beef up, said Minister for Communications and Information S. Iswaran in Parliament, on Aug 6, 2018. PHOTO: SCREENGRAB FROM GOV.SG

To better protect essential services like government, healthcare or water against cyber attacks, the Cyber Security Agency (CSA) will give directions to organisations providing critical services on the security measures they have to adopt.

The agency will also give advice to owners of critical information infrastructure (CII) - computer systems involved in delivering essential services - on what they can do to further beef up their defence.

Minister for Communications and Information S. Iswaran gave this update in Parliament yesterday when answering questions about government measures to strengthen cyber security in the wake of the worst data breach in Singapore.

Last month, it was announced that hackers had infiltrated the computers at healthcare group SingHealth and stolen the personal data of 1.5 million of its patients, along with the outpatient prescriptions of 160,000 of these patients.

In Parliament, Mr Iswaran noted that SingHealth's patient database is part of Singapore's CII.

"A cyber attack on any CII can disrupt essential services and affect public welfare and confidence," he said.

Mr Iswaran, who is also Minister-in-charge of Cyber Security, said: "CSA will direct CII owners on the essential security measures they must adopt to meet a required standard. Beyond this, CSA will also render its professional advice on what CII system owners could do to further strengthen their defences."

Mr Iswaran's comments came after the CSA announced last Friday that 11 critical service sectors have been asked to review connections to untrusted external networks or ensure better protection if they could justify the need for these connections. These sectors are: government, infocomm, energy, aviation, maritime, land transport, healthcare, banking and finance, water, security and emergency, and media.

The minister noted that the Cybersecurity Act passed in February gives the Government "additional levers to strengthen the protection of CII against cyber attacks". The CSA is currently implementing the provisions of the Act and would decide which organisations are in the CII sectors by the end of this year.

Last Friday, CSA also announced that it had lifted the pause on Smart Nation projects imposed after the SingHealth data breach.

Mr Iswaran said the Government had taken added precaution despite there being no evidence that the Government's information and communication technology systems had been compromised.

"The Smart Nation and Digital Government Group (SNDGG) was directed to review the cyber security measures of all existing and upcoming government systems," he said. "SNDGG has completed its review and will implement ad-ditional security safeguards where necessary."

Join ST's WhatsApp Channel and get the latest news and must-reads.

A version of this article appeared in the print edition of The Straits Times on August 07, 2018, with the headline CSA to give directions on boosting security of essential services. Subscribe