Oleg Blokhin - Getty Images

Singapore refreshes cyber security strategy

The city-state updates its national cyber security strategy to shore up the security of critical infrastructure and enterprises while growing its cyber security industry, among other goals

Singapore has updated its cyber security strategy, going beyond critical sectors and taking a more proactive stance to address cyber threats which have intensified over the past five years.

The updated strategy, which focuses on building a resilient infrastructure, enabling a safer cyberspace and enhancing international cyber cooperation, builds on the work set out in 2016 when Singapore detailed its first cyber security strategy.

While the earlier strategy was focused on building the cyber resilience of critical information infrastructure (CII), the updated strategy will focus on non-CII entities whose disruption could have significant repercussions for the rest of Singapore. The Cyber Security Agency (CSA) is studying this group of entities closely to identify the most appropriate approach for them to manage and mitigate the risks.

Meanwhile, the CSA said it will continue to work closely with CII owners to strengthen the security of their operational technology (OT) systems. Together with Mercer Singapore, it has developed a new OT security competency framework which enterprises can use to establish processes, structures, or jobs to manage OT security.

CSA also wants to secure Singapore’s cyber space by simplifying cyber security for end-users. Even though the CSA has sought to raise awareness and encourage adoption of good cyber hygiene, it has realised that despite a high level of awareness, adoption of good cyber hygiene practices among enterprises and individuals remains low.

As part of its efforts to make cyber security easy and convenient for end-users, the CSA has launched the SG Cyber Safe partnership programme that will rope in organisations such as Microsoft and Dell Technologies to develop training content, products and services, or community outreach programmes to raise awareness and encourage adoption of good cyber security practices by businesses and the public.

To help businesses take greater ownership of cyber security, CSA has developed cyber security toolkits for large enterprises and small and medium-sized enterprises (SMEs). The toolkits will focus on areas such as rationalising investments in cyber security and help businesses make informed trade-offs between security, system usability and cost.

When the first strategy was launched, CSA was stepping up its international cyber engagements and strengthening its bilateral and multilateral partnerships. It is looking to build on that to raise its level of involvement in international cyber discussions.

In fact, Singapore will be leading some of these discussions as the next chairman of the United Nations’ Open-Ended Working Group on Security of and in the Use of ICTs. CSA will also advance the implementation of the norms developed at these discussions, and work towards an open, secure and interoperable cyberspace.

Like Australia, Singapore has been working to develop its local cyber security industry through various initiatives such as funding for cyber security solutions that meet Singapore’s national cyber security needs.

Building on successes in the past five years, CSA said the new strategy will seek to position Singapore as an international recognised hub for security evaluation and testing. It also hopes to develop cyber security R&D to be a source of competitive advantage for Singapore.

IoT security

The CSA has been stepping up efforts to address the security of internet-of-things (IoT) devices in recent years through initiatives such as the Cybersecurity Labelling Scheme (CLS) for network-connected smart devices.

The first of its kind in the Asia-Pacific region, the scheme provides different levels of cyber security ratings to help consumers make informed choices about the security features of the smart devices they purchase.

Since the launch of the CLS in October 2020, CSA has received more than 100 applications, with labelled products now available in physical stores and popular online shops. Some examples of the manufacturers with labelled products are BroadLink and local manufacturer Aztech.

With the CLS garnering international interest, CSA and the Singapore Standards Council (SSC) have also launched the first national standard, Technical Reference (TR) 91, on Cybersecurity Labelling for Consumer IoT.

The TR 91 aims to serve as a standard that can be adopted by manufacturers, developers, testing bodies and suppliers of consumer IoT devices globally, as well as a framework for the harmonisation and mutual recognition of cyber security labels across countries.

To meet growing demand for CLS assessment, CSA is planning to increase the number of approved test labs for levels three and four applications. CSA is also looking into extending the CLS to additional products and services beyond consumer IoT devices to further grow the scheme and champion a security-by-design approach.

Read more about cyber security in APAC

Read more on Endpoint security

Data Center
Data Management