If China is defensively guarding the continent’s cybersecurity, then Singapore is, by contrast, sticking to the offensive playbook for the “smart” win.
A bill in Singapore is aiming to charter significant territory toward achieving a globally minded Smart Nation, which Prime Minister Lee Hsien Loong says will lean on a key cornerstone: a fortified cybersecurity ecosystem.
Singapore is upholding its new post at #1 on The Global Cybersecurity Index (GCI) 2017; proffering its latest CyberSec bill to the public for review.
Since rising above the USA and taking the number one spot on the Global Cybersecurity Index (GCI) 2017, the world is watching to see if Singapore can continue commitment to cybersecurity without infringing on corporate or citizen privacies.
Some are concerned the bill—if accepted into law—may affect anyone who administers commercial or social activities on so much as a moderate scale. A significant portion of the cybersecurity bill focuses on “protecting computer systems.”
Systems which, according to our previous article, are very vulnerable for many countries.
“The threat from hackers is real,” explains Eugene Kaspersky, CEO of Kaspersky Labs. He warns infrastructure authorities have to build cybersecurity controls at every level of the infrastructure to narrow their exposure to large-scale attacks.
The sweeping legislation in queue for Singapore is now at the mercy of public consultation, where a coalition of cybsersec industry groups—including the U.S. Chamber of Commerce; BSA | The Software Alliance; and the Information Technology Industry Council—hope clarification on what “protecting critical information infrastructures (CII)” entails, will be articulated.
In other words, “if, in the absence of a designation from the Commissioner [of Cybersecurity], an organisation has a responsibility to determine for itself whether it owns any CII,” is the common query, according to a separate article in Lexology.
The CII designation is a classified label, under Singapore’s Official Secrets Act.
As it stands CIIs of interest thus far are businesses [located partially or exclusively in Singapore] that provide technology services, including SaaS or PaaS, or cybersecurity services, such as endpoint security or threat detection services.
The following providers are advised to be cognizant of the obligations under this Cybersecurity Bill:
Vendors for self-install cyber protection don’t fall under the CII provision thus far, rather, would continue to follow obligations under the Personal Data Protection Act.
“The CSA’s chief, formally known as the Commissioner for Cybersecurity, can issue a written notice to designate your computer system as a CII. The Commissioner has the power to request for technical or other information on your computer system before making a CII designation.”
A computer system will be designated as a CII if it is necessary for the continuous delivery of essential services in Singapore. These sectors have been identified as essential: government, security and emergency, healthcare, telecommunications, banking and finance, energy, water, media, land transport, air transport and maritime.
Resolve Systems, an enterprise-wide incident response, automation, and orchestration platform recently opened an APAC regional headquarters in Singapore that provides Security Incident Response technology to organizations helping them to stay in compliance with the legislation. Read more in the recent press release here.
According Foo Tsiang-Tse, the managing director of Quann, a Singapore-based cybersecurity vendor:
”[National infrastructure] vulnerabilities could emerge from lack of comprehensive security strategy that encompassed all network layers, applications and devices.” He adds cybersecurity “should include network design and integration, optimisation, and management. Scalability, in particular, was critical, he said, adding that public safety features should be available as software upgrades, so networks could support future requirements.”
To learn more, read Resolve Systems’ white paper: Security Incident Response Needs a Unified Platform.
Resolve Systems is a vanguard for addressing the entire Security and IT framework: Security, IT Ops, Service Desk and NOC. We are unparalleled in providing flexible and customizable automation orchestration options.
The Singapore legislation allocates certain roles for notifying the government of a security breach to make sure companies are responding to cybersecurity incidents efficiently. To be compliant with the legislation, every CISO will need an efficient security incident response plan in place to notify the Commissioner of Cybersecurity and to resolve all security incidents. Though notification of a breach will be mandatory, Singapore companies are responsible for their own incident response. Resolve Systems is the global leader in security incident response automation and orchestration. With a single platform for CISOs and SOCs to see all security threats, Resolve will help teams expedite response.
To learn more, come see a live demo at our booth 19-21 at Govware 2017.
Automating number port requests accelerates service delivery from three minutes to a few seconds.
A three-step blueprint to define an IT automation program that delivers ROI and real business value.