Story image

Singapore govt, telcos must refrech cybersecurity focus

05 Feb 2019

Singapore’s Senior Minister of State, Ministry of Communications and Information is taking a refreshed look at the importance of the country’s cybersecurity. In a speech to attendees at the Infocomm Media Cybersecurity Conference last month, Dr Janil Puthucheary reiterated Singapore’s aim to be a Smart Nation that is secure, trusted and resilient.

It is connectivity that underpins technology as an enabler for opportunities, such as 5G, narrowband internet-of-things sensor networks, and others.

But, Puthucheary warns, all of these need cybersecurity.  “A single, isolated computer is easy to secure. But as soon as you have that connection, your threat surface increases, and opportunities for vulnerabilities and penetration also increase. Cybersecurity, in a way, is a consequence of how connectivity drives these waves of transformation. The telecomm industry is key and is fundamental to secure our telco infrastructure and services, and the business that telco operators provide.”

The only way to secure connectivity infrastructure is teamwork and collaboration between government and the telecommunications industry.

“Today, we need to consider the future, as these risks are magnified by new technologies, products and platforms. Advancements in cyber threats are ever present, such as Ransomware-as-a-service, and the weaponisation of AI and use of machine learning,” says Puthucheary.

“The pace of acceleration and the threat around cybersecurity is just as rampant. Opportunities are also created by disruption and transformation of businesses. Everything is evolving at a pace in which technology needs to keep up through deeper, richer connectivity networks and new technologies.”

The Infocommunications Media Development Authority of Singapore has been promoting cybersecurity through a number of initiatives, including the Singapore Computer Emergency Response Team (ISG-CERT), and through revisions to the Telecommunications Cybersecurity Code of Practice.

Puthucheary says more needs to be done. It will not only publish an IoT cybersecurity guide that lists recommendations for protecting IoT systems against threats, it will also run a public consultation on that guide.

“The problem is going to be firstly, a multiplication of the number of devices. The opportunity for cybersecurity penetration will increase, but also the behaviour of these devices – we expect them to run autonomously for months, if not years.” 

“The usual behavioural ways in which we know something is wrong with our computers and networks – these types of assurances are not there if we have a broad, rich and deep IoT device network. We need to rethink what is our regulatory approach and what is the way in which we can assure customers and users of the security of our IoT systems. We need these types of resources, and we need to think about this in a different way.”

IMDA is also looking at quantum key distribution technology and how it can be applied to advanced forms of encryption.

Currently IMDA is involved in developing the Telecom Cybersecurity Strategic Committee (TCSC), which will build Singapore telco providers’ cybersecurity capabilities.

The TCSC will aim to identify challenges, as well as key telecommunication technologies and market developments that will shape the cyber threat landscape. This will ensure that we are always updated on global, technological and industry trends.

It will also act as a regulator and promoter of development that balances innovation with the right regulations.

“We as individuals need to play our part as well and participate in that collective responsibility,” says Puthucheary.

“Often, some of the risks and threats associated with cybersecurity are not about the technology software or hardware, but is about human behaviours and vulnerabilities that we bring – as users, employees or participants – in this space. We also have to play our part to secure our technological platforms and networks to make sure that cybersecurity is something that we are actively maintaining.”

Industrial control component vulnerabilities up 30%
Positive Technologies says exploitation of these vulnerabilities could disturb operations by disrupting command transfer between components.
McAfee announces Google Cloud Platform support
McAfee MVISION Cloud now integrates with GCP Cloud SCC to help security professionals gain visibility and control over their cloud resources.
Why AI and behaviour analytics should be essential to enterprises
Cyber threats continue to increase in number and severity, prompting cybersecurity experts to seek new ways to stop malicious actors.
Scammers targeting more countries in sextortion scam - ESET
The attacker in the email claims they have hacked the intended victim's device, and have recorded the person while watching pornographic content.
Cryptojacking and failure to patch still major threats - Ixia
Compromised enterprise networks from unpatched vulnerabilities and bad security hygiene continued to be fertile ground for hackers in 2018.
Princeton study wants to know if you have a smart home - or a spy home
The IoT research team at Princeton University wants to know how your IoT devices send and receive data not only to each other, but also to any other third parties that may be involved.
Organisations not testing incident response plans – IBM Security
Failure to test can leave organisations less prepared to effectively manage the complex processes and coordination that must take place in the wake of an attack.
65% of manufacturers run outdated operating systems – Trend Micro
The report highlights the unique triple threat facing manufacturing, including the risks associated with IT, OT and IP.