SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
Singapore govt, telcos must refrech cybersecurity focus
Tue, 5th Feb 2019
FYI, this story is more than a year old

Singapore's Senior Minister of State, Ministry of Communications and Information is taking a refreshed look at the importance of the country's cybersecurity. In a speech to attendees at the Infocomm Media Cybersecurity Conference last month, Dr Janil Puthucheary reiterated Singapore's aim to be a Smart Nation that is secure, trusted and resilient.

It is connectivity that underpins technology as an enabler for opportunities, such as 5G, narrowband internet-of-things sensor networks, and others.

But, Puthucheary warns, all of these need cybersecurity.  “A single, isolated computer is easy to secure. But as soon as you have that connection, your threat surface increases, and opportunities for vulnerabilities and penetration also increase. Cybersecurity, in a way, is a consequence of how connectivity drives these waves of transformation. The telecomm industry is key and is fundamental to secure our telco infrastructure and services, and the business that telco operators provide.

The only way to secure connectivity infrastructure is teamwork and collaboration between government and the telecommunications industry.

“Today, we need to consider the future, as these risks are magnified by new technologies, products and platforms. Advancements in cyber threats are ever present, such as Ransomware-as-a-service, and the weaponisation of AI and use of machine learning,” says Puthucheary.

“The pace of acceleration and the threat around cybersecurity is just as rampant. Opportunities are also created by disruption and transformation of businesses. Everything is evolving at a pace in which technology needs to keep up through deeper, richer connectivity networks and new technologies.

The Infocommunications Media Development Authority of Singapore has been promoting cybersecurity through a number of initiatives, including the Singapore Computer Emergency Response Team (ISG-CERT), and through revisions to the Telecommunications Cybersecurity Code of Practice.

Puthucheary says more needs to be done. It will not only publish an IoT cybersecurity guide that lists recommendations for protecting IoT systems against threats, it will also run a public consultation on that guide.

“The problem is going to be firstly, a multiplication of the number of devices. The opportunity for cybersecurity penetration will increase, but also the behaviour of these devices – we expect them to run autonomously for months, if not years.”

“The usual behavioural ways in which we know something is wrong with our computers and networks – these types of assurances are not there if we have a broad, rich and deep IoT device network. We need to rethink what is our regulatory approach and what is the way in which we can assure customers and users of the security of our IoT systems. We need these types of resources, and we need to think about this in a different way.

IMDA is also looking at quantum key distribution technology and how it can be applied to advanced forms of encryption.

Currently IMDA is involved in developing the Telecom Cybersecurity Strategic Committee (TCSC), which will build Singapore telco providers' cybersecurity capabilities.

The TCSC will aim to identify challenges, as well as key telecommunication technologies and market developments that will shape the cyber threat landscape. This will ensure that we are always updated on global, technological and industry trends.

It will also act as a regulator and promoter of development that balances innovation with the right regulations.

“We as individuals need to play our part as well and participate in that collective responsibility,” says Puthucheary.

“Often, some of the risks and threats associated with cybersecurity are not about the technology software or hardware, but is about human behaviours and vulnerabilities that we bring – as users, employees or participants – in this space. We also have to play our part to secure our technological platforms and networks to make sure that cybersecurity is something that we are actively maintaining.