Extension of Government Cybersecurity Agencies' Advisory Support to Non-government Entities

36 Dr Tan Wu Meng asked the Minister for Communications and Information (a) whether the Cyber Security Agency and other related agencies provide advice, support and assistance to entities outside the .gov.sg Internet domain such as (i) banks (ii) NETS (iii) public healthcare institutions' intranet and internet-facing facilities (iv) utilities providers and (v) telcos to attain adequate cyber resilience against cyberattacks including distributed denial-of-service attacks; and (b) if so, what is the nature of the support.

Mrs Josephine Teo: In today’s cyber threat environment, a strong cybersecurity posture is essential. Even with best efforts, not all attacks will be prevented. There must therefore be resilience built into our systems. They must be robust and have the ability to resume normal operations without prolonged disruption.

For critical information infrastructure (CII), all entities, government and non-government, are regulated in the same way under the Cybersecurity Act. The Cyber Security Agency of Singapore provides cybersecurity support in the design of networks and systems, and issues advisories on the latest threats and the precautionary measures to be taken.

Sector regulators, such as for financial services, water and healthcare, may also have additional specific cybersecurity requirements for organisations operating within their sectors.

All companies and organisations, and not just those owning CIIs, should practise strong cybersecurity hygiene. They should make use of the resources available, to put in place the necessary cyber defences and be prepared to respond to cyber attacks swiftly and effectively.