Update on Cyber Security Agency's Investigations into Computer Security Initiative Consultancy
Ministry of Digital Development and InformationSpeakers
Summary
This question concerns an inquiry by Ms He Ting Ru regarding the Cyber Security Agency’s investigations into Computer Security Initiative Consultancy (COSEINC) and its previous business contracts with the Government. Senior Minister of State for Communications and Information Dr Janil Puthucheary stated that COSEINC had provided cybersecurity training services to the Government under standard contractual terms. He noted that while the company was added to a United States Department of Commerce entity list, the Cyber Security Agency found no evidence of breaches of Singapore's laws. The Senior Minister of State explained that the listing necessitates export licenses for specific items but does not automatically signify a violation of local cybersecurity regulations. He emphasized that the Government remains committed to dealing with any companies found to have contravened Singapore’s laws in accordance with the legal framework.
Transcript
19 Ms He Ting Ru asked the Minister for Communications and Information whether he can provide an update on the Cyber Security Agency’s investigations into a local company, Computer Security Initiative Consultancy (COSEINC), that has been added to an entity list by the US Department of Commerce.
20 Ms He Ting Ru asked the Minister for Communications and Information (a) whether the Government or related agencies have procured any services or products from a local company, Computer Security Initiative Consultancy (COSEINC); and (b) if so, what is the nature of the contract awarded to COSEINC.
The Senior Minister of State for Communications and Information (Dr Janil Puthucheary) (for the Minister for Communications and Information): Mr Deputy Speaker, Ms He Ting Ru has asked two questions about COSEINC. May I take the two questions together, please?
Mr Deputy Speaker: Please do.
Dr Janil Puthucheary: Sir, in November 2021, the US Department of Commerce placed several companies on the Bureau of Industry and Security’s Entity List, including a local company, Computer Security Initiative Consultancy, also known as COSEINC. The effect of being placed on this List means that US persons intending to export, re-export or transfer items that the US regulates to COSEINC must first obtain a licence to do so from the US Government.
Arising from this, the Cyber Security Agency (CSA) looked into COSEINC. The company’s offerings include cybersecurity training courses. We can share that, in this regard, it is one of many vendors to have provided training services to the Government and the contractual terms were standard.
CSA also found no evidence that COSEINC had breached cybersecurity laws in Singapore. Companies found to have contravened our laws and regulations will be dealt with in accordance with the law.
Mr Deputy Speaker: Order. End of Question Time. I propose to take a break now. I suspend the Sitting and will take the Chair at 3.30 pm. Order.
Sitting accordingly suspended
at 3.00 pm until 3.30 pm.
Sitting resumed at 3.30 pm.
[Deputy Speaker (Mr Christopher de Souza) in the Chair]