Cybersecurity Measures in Place at Key Installations and Critical Infrastructures

11 Mr Darryl David asked the Minister for Communications and Information what are the cybersecurity measures in place in key institutions and installations, such as the stock exchange, airports, seaports, MRT stations, power stations and other critical infrastructure, to ensure that the systems and networks of these institutions and installations are protected from cyberattacks.

Assoc Prof Dr Yaacob Ibrahim: The Cyber Security Agency (CSA) adopts a sectorial approach to ensure Critical Information Infrastructure (CII) is protected from cyber threats. It does this by working closely with regulators in the 11 CII sectors (Aviation, Banking and Finance, Energy, Government, Healthcare, Infocomm, Land Transport, Maritime, Media, Security and Emergency Services, and Water). The 11 sector regulators, in turn, ensure that entities that operate CII facilities have adequate plans to deal with the cyber threat.

To validate the sector and operator plans, CSA conducts cybersecurity exercises with and across critical sectors. This year, CSA conducted a multi-sector exercise, codenamed Cyber Star. The exercise validated the incident management capabilities of CSA and four critical sectors (Banking & Finance, Energy, Government and Infocomm) to deal with a large-scale cyberattack. CSA will continue to conduct exercises to validate the plans of other sectors and also enhance the sophistication of the exercise scenarios.

CSA is currently developing a National Cybersecurity Strategy, and the protection of CIIs from cyber threats will be an important part of the strategy. In 2017, we intend to introduce a new Cybersecurity Act that will enhance and improve existing rules on CIIs in the areas of protection, information sharing and incident response.