Plan in the works to boost cyber security in telecoms sector

A road map to identify and deal with "next-generation cyberthreats" in the telecommunications sector for the next five years is in the works.

The plan will be developed by the newly formed Telecom Cybersecurity Strategic Committee, which will publish its first set of recommendations later this year.

Senior Minister of State for Communications and Information Janil Puthucheary, who announced the road map yesterday at the inaugural Infocomm Media Cybersecurity Conference at Sheraton Towers Hotel, said it is fundamental to secure Singapore's telecommunications infrastructure.

He said: "As soon as you have a connection, your threat surface increases and the opportunity for vulnerabilities of penetration increases."

Dr Janil also announced two initiatives by the Infocomm Media Development Authority (IMDA) to boost cyber security.

One is a guide for telcos on secure online verification for mobile services, and the other is an upcoming guide on using Internet-of-things (IoT) devices.

The initiatives come after Singapore's worst cyber data breach in June last year, when hackers stole the personal data of 1.5 million SingHealth patients, and the outpatient prescription information of 160,000 people, including Prime Minister Lee Hsien Loong.

A Committee of Inquiry set up to look into the attack recommended a raft of measures to beef up cyber security, such as improving incident response processes.

In a statement yesterday, IMDA said the road map will identify areas for improvement in Singapore's telecom cyber-security capabilities, and recommend strategies, policies and initiatives to address the issues identified.

The road map will also help IMDA decide on what cyber-security capabilities the telecommunications sector needs to develop and invest in.

The new committee is headed by IMDA chairman and Defence Ministry Permanent Secretary Chan Yeng Kit. The three other members are IMDA chief executive Tan Kiat How, Cyber Security Agency of Singapore chief executive David Koh and Mr Cheong Chee Hoo, chief executive of defence research organisation DSO.

The committee has three expert panellists: Mr Robert Hannigan, former director of Britain's Government Communications Headquarters; Mr Nadav Zafrir, co-founder and chief executive of cyber-security company Team8; and Mr Keith Alexander, chief executive of IronNet Cybersecurity.

The Straits Times understands the committee met once last year.

IMDA said the road map will identify "next-generation cyberthreats and develop the solutions and capabilities needed to secure Singapore's connectivity infrastructure", a key building block of the economy.

It also gave more details on the two guides to boost cyber security. The first is for telcos that use Know Your Customer technology - which allows customers to verify registration for mobile services online, like changing SIM cards - without face-to-face transactions.

Telcos using this technology have varying degrees of protection measures. IMDA's implementation guide will specify regulatory requirements for this technology, such as ensuring secure online verification.

For instance, if a telco uses facial recognition technology, it will have to ensure that adequate fraud mitigation and identity theft prevention measures are in place.

IMDA will also hold a public consultation about an upcoming guide to help companies make purchasing and deployment decisions for IoT solutions, designed with security in mind.

IoT refers to a network of devices that contain elements like electronics and software, which allow the devices to connect, interact and exchange data.

The IMDA guide will have checklists that companies deploying IoT solutions can use to assess the security of their systems.

Full article at https://www.straitstimes.com/singapore/plan-in-the-works-to-boost-cyber-security-in-telecoms-sector