Public, private sectors take part in 2nd annual cyber security exercise

A week after new cyber security laws were proposed to tighten requirements on 11 critical information infrastructure (CII) sectors, entities from these sectors — both in the private and public spheres — took part in a national cyber security exercise on Tuesday (July 18).

It was the first time that entities from seven of these CII sectors were involved in the second annual exercise organised by the Cyber Security Agency of Singapore (CSA). These include the water, land transport, healthcare, aviation, media, security and emergency, and maritime sectors.

The remaining CII sectors — banking and finance, energy, government and infocomm — had been involved in last year’s exercise.

Involving more than 200 participants from over 20 entities, such as national water agency PUB and Singapore Airlines, yesterday’s exercise covered scenarios of different types of cyber attacks that target essential services. These include ransomware attacks, distributed denial of service  attacks, and malware infections.

In one of the simulations, national cyber incident response teams from the Ministry of Defence, CSA, and the Government Technology Agency of Singapore defended their systems against a ransomware attack, similar to the recent WannaCry incident.

Mr David Koh, chief executive of CSA, said such exercises were important in bringing Singapore’s critical sectors together for better coordination across the board to respond to incidents. “With greater interconnectivity, and the proliferation of cyber threats, the ability of our critical sectors to respond promptly to attacks is vital.” Deputy Prime Minister Teo Chee Hean and Minister-in-charge of Cybersecurity Yaacob Ibrahim observed the exercise yesterday.

Last week, new cyber security laws to beef up Singapore’s defences against increasingly sophisticated cyber attacks were put up for public consultation. Among other things, they proposed requiring CII owners of these 11 key sectors to report cyber security incidents, and to share information with the authorities when ordered.

The draft Cybersecurity Bill also proposes to license cyber security service providers and practitioners, starting with those providing penetration testing and managed security operations centre services.

Read more…

Source: Today Online