Singapore should adopt 'zero-trust' cybersecurity posture to safeguard against cyberattacks: Iswaran
SINGAPORE should adopt a "zero-trust" cybersecurity posture in order to protect networks against cybersecurity attacks, Minister for Communications and Information S Iswaran said on Tuesday.
In order to do so, two key principles must be observed. Firstly, not trusting any activity without verifying it first and secondly, to ensure constant monitoring and vigilance for any suspicious activities.
"This includes compartmentalising and restricting access to different segments of the network, validating transactions across segments, reconciling any escalation of user privileges, and actively and regularly hunting for threats," Mr Iswaran said.
This came after concerns about the SolarWinds cyberattack last year were raised, which affected around 18,000 customers. SolarWinds' clients include US government agencies and Fortune 500 companies such as Microsoft and Cisco systems.
According to Mr Iswaran, there had been no indication so far that Singapore's Critical Information Infrastructure (CII) and government sectors had been adversely affected by the SolarWinds breach.
Nonetheless, the government will remain cautious, with the Cyber Security Agency of Singapore (CSA) issuing public advisories on steps that enterprises and organisations should take to safeguard themselves against the threat of cyberattacks.
BT in your inbox
Start and end each day with the latest news stories and analyses delivered straight to your inbox.
The advisories include having full visibility of their networks and detecting unusual activity in a timely manner.
The minister also added that while organisations should put in place robust plans for cyber incidents response, CSA will strengthen engagement with CII sectors, enterprises and organisations to adopt cybersecurity measures.
CSA will also work with partners in the private sector to ensure that these measures can be adopted by not only large enterprises and CIIs, but also by small and medium-sized enterprises.
"Malicious actors only need to exploit one vulnerability, while the defenders must ensure that there are no vulnerabilities in all the systems and networks that they are protecting, all the time," he said.
Given the nature of the digital domain, cyber incidents will happen from time to time, according to Mr Iswaran.
"Though difficult to completely prevent, we need deliberate, targeted and consistent efforts to strengthen our cyber defences against sophisticated threats like the SolarWinds breach, which exploit the supply chain of trusted vendors and software."
While Singapore can never be foolproof in the effort to fight against cybersecurity attacks, the nation can take every effort to strengthen the system and learn from other incidents, he added.
Copyright SPH Media. All rights reserved.
