Government to develop new programme to abate cybersecurity risks

The Critical Information Infrastructure Supply Chain Programme will involve all stakeholders.

The Ministry of Communications and Information is working with relevant stakeholders for a programme that will manage cybersecurity risks.

In a speech on 2 March, Senior Minister Janil Puthucheary of the Ministry of Communications and Information announced the Critical Information Infrastructure (CII) Supply Chain Programme, which will involve the Cyber Security Agency, CII owners, and their vendors.

“This programme will provide recommended processes and sound practices for all stakeholders to manage cybersecurity risks in the supply chain. In the discussions that we will have with the stakeholders as a result of this programme, will also help the government improve our policies around supply chain risks,” Puthucheary said.

The data breach of telecommunications firm Singtel was one of the events that preceded this move, as the data breach hit almost 130,000 customers and several enterprises in December 2020.

“We also need to manage cybersecurity risks across the supply chain. Doing so requires CII owners to have a better understanding of their vendors to identify systemic risks and improve the level of cyber hygiene with the vendors,” Puthucheary said.

Moving forward, he advised the CII sector to adopt a “zero-trust cybersecurity posture,” an approach that looks at data breaches as something that has already happened as opposed to something that can still be prevented.