NCC Group responds to Cyber Security Agency of Singapore ('CSA') public consultation on licensing

A new licensing framework proposed by the Cyber Security Agency of Singapore ('CSA') is expected to launch early next year, requiring cyber security providers to be licensed before providing certain services (penetration testing and managed security operations centre monitoring services).

The Cybersecurity Act came into force on 31 August 2018, although the licensing framework was deferred to allow for further study and consultation.

The framework aims to:

• Provide greater assurance of security and safety to consumers
• Improve the standards and standing of cybersecurity service providers
• Address the information asymmetry between consumers and the cybersecurity service providers.
• Any framework should complement existing (voluntary) accreditation and certification schemes that serve to demonstrate individuals’ competence and qualifications so there is no confusion or undermining

Following, the CSA’s public consultation on the licensing conditions and legislation, Charles Spencer, APAC Managing Director at NCC Group, shares his thoughts on what has been proposed...

“We see cyber security as a crucial enabler for the prosperity and resilience of the future digital economy in the region and efforts to professionalise our industry will ultimately promote that vision.

We welcome the opportunity to offer a response at this stage of the industry consultation and outline the following key areas for consideration; 

• Any framework should complement existing (voluntary) accreditation and certification schemes that serve  to demonstrate individuals’ competence and qualifications so there is no confusion or undermining 
• Through the creation of barriers to entry, the framework could be in danger of hampering innovation so further understanding of the potential impact must be considered
• Any framework and associated administration/record keeping databases must be created with security in mind from the outset to protect the valuable information that would be created
• Any licensing conditions should not impede security researchers’ ability to disclose vulnerabilities to help remediate weakness and improve cyber resilience for society’s benefit

We look forward to the development of a pragmatic and workable licensing scheme that supports the CSA’s objectives and will underpin an ever growing and flourishing cyber security sector in Singapore.

Image: Shutterstock: Royalty-free stock photo ID: 155585048