Singapore Unveils Implementation Guides, Forms Industry Committee To Boost Telecom Security

The Singapore government has formed a committee and released guidelines that it says aim to beef up cybersecurity protection and capabilities in the telecommunications industry. These include implementation best practices for Internet of Things (IoT) systems and electronic Know Your Customer (eKYC) technology that allows mobile operators to digitally authenticate service registrations.

Industry regulator Infocomm Media Development Authority (IMDA) said a new "multi-year roadmap" was being planned to identify cyber threats and develop the capabilities and products needed to strengthen the country's connectivity infrastructure. The long-term plan would recommend strategies and policies as well as highlight areas of improvement to boost cybersecurity in the local telecommunication sector, said Janil Puthucheary, Singapore's Senior Minister of State for Communications and Information, at the Infocomm Media Cybersecurity Conference held Friday.

"Connectivity infrastructure is a key building block for Singapore's economy. The changing needs of the digital economy will require trusted, secure, and resilient next-generation connectivity infrastructure, including 5G and narrowband IoT (NB-IoT) sensor networks," said IMDA, adding that the roadmap would help the agency "strategically and systematically" invest in cybersecurity capabilities for the telecom industry over the next five years.

Led by a team of government officials and panel of industry experts, the first set of recommendations was expected to be published later this year, it said. The committee comprised, amongst others, Singapore's Cyber Security Agency's chief David Koh; IMDA's chair and Perm Sec of Defence Chan Yeng Kit; Team8's co-founder and CEO Nadav Zafrir; and IronNet Cybersecurity's founder and CEO Keith Alexander.

IMDA on Friday also unveiled a implementation guide that aimed to make it more convenient for consumers to register for mobile services online, securely, by enabling operators to digitally verify mobile services registrations without physical face-to-face transactions. eKYC technology allows mobile subscribers to sign up for new services and switch between operators over-the-air without changing their SIM card or going to a physical retail store. It also facilitates secured self-registration via kiosks, mobile apps, online portals, and trusted databases, IMDA said. 

It added that the implementation guide outlined regulatory requirements to secure online verification as well as the performance of eKYC tools implemented by mobile operators. These included, for instance, fraud mitigation, identity theft preventive measures, and the need for biometric verification if facial recognition technology was applied. 

IMDA also released a public consultation on a proposed cybersecurity guide for IoT systems, which it said looked to provide industry best practices--for companies keen to deploy such systems--that helped mitigate cybersecurity risks. The guide aimed to assist organisations in making better purchasing and deployment decisions for IoT systems, taking security designs into consideration, the agency said.

It included checklists to help businesses systematically assess the security state of their IoT systems to determine if sufficient protection from unintentional and malicious threats had been established. IMDA noted: "In particular, the threat modelling checklist assists organisations to identify and understand the potential vulnerabilities/threats in the systems and the vendor disclosure checklist helps organisations to ensure the IoT systems procured are adequately secured."

In addition, the industry regulator also partnered the National University of Singapore's Centre for Quantum Technologies to provide workshops and training for government agencies and the industry. The objective here was to build up capabilities in quantum technologies and carry out Quantum Key Distribution trials with local industry players to gain technical understanding on implementation.

IMDA Chief Executive Tan Kiat How said: "As we look towards deploying the next generation connectivity infrastructure to support Singapore's digital economy, we will also need to be mindful of the increasingly complex and sophisticated cybersecurity risks that we face. [The] multi-year roadmap [will] guide our effort in systemically building a trusted, secure and resilient connectivity infrastructure."

RELATED COVERAGE

Firms fined $1M for SingHealth data security breach

SingHealth and Singapore's public healthcare sector IT agency IHIS have been slapped with S$250,000 and S$750,000 financial penalties, respectively, for the July 2018 cybersecurity attack that breached the country's personal data protection act. The fines are the highest dished out to date.

Employees sacked, CEO fined in SingHealth security breach

Two staff members have been fired for negligence and five senior management executives, including the CEO, were fined for their "collective leadership responsibility" in Singapore's most serious security breach, which compromised personal data of 1.5 million SingHealth patients.

SingHealth breach review recommends remedies that should already be basic security policies

The review committee also finds IT staff to be lacking in cybersecurity awareness and resources and SingHealth's network misconfigured with security vulnerabilities, which helped hackers succeed in breaching its systems.

Singapore must be tougher on firms that treat security as value-add service

Businesses that handle customer data should be expected to do so with all the appropriate cybersecurity systems and polices in place, rather than provide these as a "value-add service", and it's time the Singapore government holds those that fail to do so accountable.

Singapore Airlines data breach affects 285 accounts, exposes travel details

Singapore carrier points to "a software bug" as the cause of the breach that occurred when changes were made to its website, compromising personal data of 285 customers including seven whose passport details were exposed.

RECENT NEWS

Reassessing AI Investments: What The Correction In US Megacap Tech Stocks Signals

The recent correction in US megacap tech stocks, including giants like Nvidia, Tesla, Meta, and Alphabet, has sent rippl... Read more

AI Hype Meets Reality: Assessing The Impact Of Stock Declines On Future Tech Investments

Recent declines in the stock prices of major tech companies such as Nvidia, Tesla, Meta, and Alphabet have highlighted a... Read more

Technology Sector Fuels U.S. Economic Growth In Q2

The technology sector played a pivotal role in accelerating America's economic growth in the second quarter of 2024.The ... Read more

Tech Start-Ups Advised To Guard Against Foreign Investment Risks

The US National Counterintelligence and Security Center (NCSC) has advised American tech start-ups to be wary of foreign... Read more

Global IT Outage Threatens To Cost Insurers Billions

Largest disruption since 2017’s NotPetya malware attack highlights vulnerabilities.A recent global IT outage has cause... Read more

Global IT Outage Disrupts Airlines, Financial Services, And Media Groups

On Friday morning, a major IT outage caused widespread disruption across various sectors, including airlines, financial ... Read more