Singapore has called on its citizens to take responsibility for their own cyber hygiene, so they can better safeguard their devices and not end up putting entire systems at risk. The country wants to help them do so with the introduction of a portal that will assess if websites have the necessary security protocols.
The government also has set up a task force to develop policies and capabilities to bolster efforts to combat ransomware attacks, which are a growing concern for local businesses.
Singapore laid out its cyber defence strategy, which it said spanned five key areas including the need for individuals to arm up on cyber awareness and be capable of protecting themselves.
"Individuals have a responsibility to adopt good cybersecurity practices and protect the systems and devices they use," Senior Minister and Coordinating Minister for National Security, Teo Chee Hean, said Wednesday at the Singapore International Cyber Week conference. The annual event gathers international policy makers, industry players, and academia to discuss cybersecurity best practices and cyber defence.
Teo said: "Personal devices, including the multitude of IoT (Internet of Things) devices, do not exist on their own. They are connected to other devices, systems, and networks. With the introduction of 5G technology, we can expect a step-jump in the number and types of devices to be connected in ever-larger networks. If individuals or these multitude of devices are compromised, they will not only bring harm to themselves, but could be exploited to penetrate and weaken the whole system or network."
He urged citizens to be aware of cyber risks and be responsible for their own online safety.
To help them in this aspect, Singapore's Cyber Security Agency (CSA) launched the Internet Hygiene Portal, which it said served as a one-stop platform for businesses to access resources and self-assessment tools to guide them in adopting online security best practices.
The new portal also features an online hygiene rating table to provide "visibility" on the cyber hygiene of digital platforms. This should help consumers make informed choices on the sites they visited and better protect their digital transactions from potential threats.
For a start, CSA said the portal would list 10 popular e-commerce services providers, each would have a rating based on the "average adoption of internet security best practices". Curated by the government agency, these best practices were internationally recognised common baseline online standards and security controls, and included security protocols such as HTTPS, DNSSEC, and DMARC. These global security protocols were designed to secure website communications, prevent DNS spoofing and cache poisoning, as well as combat email spoofing.
The current list of e-commerce platforms included Amazon.com, Alibaba's Lazada, Qoo10, and Shopee--of which eight had been rated with a green badge, indicating these sites had adopted most baseline online security best practices. Courts and Ebay were the only two platforms to be rated with a yellow badge, indicating they had implemented some baseline online security best practices. No website was tagged with a red badge, which meant most baseline best practices were absent.
According to CSA, the e-commerce internet hygiene ratings would be next updated in January 2023. It said it would look to add companies from other sectors on a similar rating list, such as banking and financial services and healthcare.
The new hygiene portal also offers cybersecurity toolkits that were introduced as part of the SG Cyber Safe Programme, which aimed to support businesses with guides on online hygiene standards and best practices, and self-assessment tools for email, website, and internet connectivity.
Apart from individual accountability, Teo said Singapore's cyber defence also encompassed the need to safeguard digital information infrastructures, including systems operated by local telcos, internet services and cloud services providers, as well as the physical cables and other digital connections with the world.
He further pointed to the need to protect the country's "soft" national infrastructure, including its national digital identity system or SingPass, which provided trusted credentials for digital identity verification, and national digital payment platform PayNow.
The integrity and resilience of these infrastructures were essential to enable citizens and businesses to transact securely with each other as well as with the government, the minister said.
Singapore also needed to safeguard its critical information infrastructures (CIIs), which delivered essential services such as water, transport, and electricity. Teo said CSA worked closely with CII owners and leads to identify, detect, and respond to cyber threats.
He noted that the security government agency was developing a National Cyber Security Centre, which would look to tighten integration with Singapore's CII operators.
Apart from these sectors, he added that all organisations as well as research and educational institutions also would need to bolster their own defences against online threats--one of which was ransomware.
Pointing to the new task force, Teo said this inter-agency counter-ransomware unit would help pull together businesses, government, and international partners to "more effectively" combat ransomware attacks.
Singapore saw a 54% year-on-year increase in reported ransomware cases, which hit 137 in 2021 with small and midsize businesses (SMBs) from sectors such as manufacturing and IT mostly falling victims to such attacks.
With ransomware a cross-border problem, CSA noted that ransomware criminals often were based overseas and leveraged jurisdictional boundaries to move illicit assets and evade legal consequences.
Hence, the task force would look to coordinate Singapore's international engagement efforts to counter ransomware and drive greater international cooperation in cybersecurity, financial supervision, and cross-border law enforcement operations, CSA said.
It added that the task force was working on a set of recommendations the government could take to improve its counter ransomware efforts. These would be published "in due course".
Teo said: "Because the digital domain has become a more important and indispensable part of our everyday lives, threats in the digital domain have become much more serious and more challenging. Threats that start out in the digital domain can also quickly impact events in the physical world.
"If a critical system is brought down by an attack, there could be severe effects on countries and the international system, organisations and businesses...[there could be] financial losses and threats to lives and livelihoods," he said.
Adding that there were no borders in the digital domain, he noted the need for international cooperation to build a robust framework that could safeguard cybersecurity and promote confidence and trust in cyberspace.
"This is key is to establish norms of responsible state behaviour, build consensus around the application of existing international law in cyberspace, and facilitate confidence-building measures, capacity-building and standards," the Singapore minister said. "These are the basic building blocks to a cyber stability framework, which will guide states and other stakeholders to better trust each other and work together on cyber issues in a meaningful manner."