{"id":11052,"date":"2025-11-13T01:14:48","date_gmt":"2025-11-12T17:14:48","guid":{"rendered":"https:\/\/sgbuzz.com\/?p=11052"},"modified":"2025-11-13T01:14:48","modified_gmt":"2025-11-12T17:14:48","slug":"board-members-of-critical-services-operators-will-soon-be-required-to-undergo-cyber-security-training","status":"publish","type":"post","link":"https:\/\/sgbuzz.com\/?p=11052","title":{"rendered":"Board members of critical services operators will soon be required to undergo cyber security training"},"content":{"rendered":"<p><br \/>\n<\/p>\n<div>\n<p class=\"font-body-baseline-regular text-primary\" data-testid=\"article-paragraph-annotation-test-id\">SINGAPORE &#8211;<!-- --> Board members of the operators of critical services in Singapore will need to go through cyber security training, as part of new requirements that will be codified within the first quarter of 2026.<\/p>\n<p class=\"font-body-baseline-regular text-primary\" data-testid=\"article-paragraph-annotation-test-id\">These board members will also need to enhance their supervision and responsibility over the critical information infrastructure (CII) as well as adjacent systems, said Minister for Digital Development and Information Josephine Teo on Nov 12.<\/p>\n<p class=\"font-body-baseline-regular text-primary\" data-testid=\"article-paragraph-annotation-test-id\">These critical sectors include energy, healthcare, telecommunications, finance and media.<\/p>\n<p class=\"font-body-baseline-regular text-primary\" data-testid=\"article-paragraph-annotation-test-id\">Chief information security officers should also be provided direct access to the board as part of the updated Cybersecurity Code of Practice, said Mrs Teo, adding that threat actors will stop at nothing to steal data from CII operators and disrupt services.<\/p>\n<p class=\"font-body-baseline-regular text-primary\" data-testid=\"article-paragraph-annotation-test-id\">The updates come after the Government announced in October that it <a href=\"https:\/\/www.straitstimes.com\/singapore\/singapore-government-to-share-classified-threat-intelligence-with-critical-sectors-to-beef-up?ref=inline-article\" rel=\"nofollow noopener\" class=\"gap-x-04 items-center inline text-primary-60 select-auto\" aria-label=\"link\" target=\"_blank\" data-testid=\"custom-link\"><\/p>\n<p class=\"font-body-baseline-regular inline\" data-testid=\"paragraph-test-id\">will be sharing classified threat intelligence<\/p>\n<p><\/a> with these organisations to prevent cyber attacks that could jeopardise national security.<\/p>\n<p class=\"font-body-baseline-regular text-primary\" data-testid=\"article-paragraph-annotation-test-id\">\u201cWhat we would like for CII owners to do is to have a clear-eyed view of what they are up against, and to take the necessary action to better protect Singaporeans,\u201d said Mrs Teo. <\/p>\n<p class=\"font-body-baseline-regular text-primary\" data-testid=\"article-paragraph-annotation-test-id\">Speaking on the sidelines of the annual Critical Infrastructure Defence Exercise (Cidex) for the nation\u2019s 11 critical sectors, she said the update comes at a time when the threat landscape has shifted considerably. The code was last updated in 2022.<\/p>\n<p class=\"font-body-baseline-regular text-primary\" data-testid=\"article-paragraph-annotation-test-id\">CII operators that are found to have been negligent in securing their systems in the wake of an attack would face penalties, as outlined in the Cybersecurity Act. This would include those that do not follow the requirements in the updated code.<\/p>\n<p class=\"font-body-baseline-regular text-primary\" data-testid=\"article-paragraph-annotation-test-id\">The Cybersecurity Act came into force in 2018, and <a href=\"https:\/\/www.straitstimes.com\/singapore\/politics\/s-pore-amends-cybersecurity-law-to-better-secure-national-interests-essential-services?ref=inline-article\" rel=\"nofollow noopener\" class=\"gap-x-04 items-center inline text-primary-60 select-auto\" aria-label=\"link\" target=\"_blank\" data-testid=\"custom-link\"><\/p>\n<p class=\"font-body-baseline-regular inline\" data-testid=\"paragraph-test-id\">was amended in 2024<\/p>\n<p><\/a> to require CII operators in Singapore to declare any cyber-security outage and attack on their premises or along their supply chain that may cross borders.<\/p>\n<p class=\"font-body-baseline-regular text-primary\" data-testid=\"article-paragraph-annotation-test-id\">\u201cWhen it comes to cyber security, we need to hunt as a pack to identify where our weaknesses and vulnerabilities are; but we also need to defend as a team,\u201d Mrs Teo said, adding that Cidex hones this aspect.<\/p>\n<p class=\"font-body-baseline-regular text-primary\" data-testid=\"article-paragraph-annotation-test-id\">More than 250 participants from 33 governmental and private organisations are taking part in the exercise in 2025, which is being held at the Singapore Institute of Technology from Nov 11 to 14. The exercise has been held yearly since 2022 to test participants\u2019 skills against simulated cyber attacks. <\/p>\n<p class=\"font-body-baseline-regular text-primary\" data-testid=\"article-paragraph-annotation-test-id\">Participants include Changi Airport Group, telco M1, OCBC Bank and the Government Technology Agency, as well as others responsible for defending the nation\u2019s digital backbone, power grid, rail systems and telecommunications networks.<\/p>\n<p class=\"font-body-baseline-regular text-primary\" data-testid=\"article-paragraph-annotation-test-id\">The focus of the 2025 exercise is incorporating intelligence from ongoing cyber operations into the design of the attacks, said Singapore\u2019s Defence Cyber chief Clarence Cai. <\/p>\n<p class=\"font-body-baseline-regular text-primary\" data-testid=\"article-paragraph-annotation-test-id\">\u201cWe do this so that our defenders know what and, importantly, how to look for advanced actors in their networks when they return to their respective organisations,\u201d he said. <\/p>\n<p class=\"font-body-baseline-regular text-primary\" data-testid=\"article-paragraph-annotation-test-id\">This includes sophisticated attacks that originate in the IT space, that go on to disrupt infrastructure that controls physical systems and devices, he added.<\/p>\n<p class=\"font-body-baseline-regular text-primary\" data-testid=\"article-paragraph-annotation-test-id\">He said participants also benefit from the learnings of various industry players such as Google and Amazon Web Services, which have shared their observations on cyber threats across different cloud environments.<\/p>\n<p class=\"font-body-baseline-regular text-primary\" data-testid=\"article-paragraph-annotation-test-id\">Defence Minister Chan Chun Sing said that 2025\u2019s drill is the first where all 11 CIIs participated to attain three goals: vigilance, unity of action and resilience.  <\/p>\n<p class=\"font-body-baseline-regular text-primary\" data-testid=\"article-paragraph-annotation-test-id\">\u201cVigilance means that we must keep everyone updated on the latest threats,\u201d he said. <\/p>\n<p class=\"font-body-baseline-regular text-primary\" data-testid=\"article-paragraph-annotation-test-id\">On unity of action, Mr Chan said the strength of the network is dependent on the weakest link. <\/p>\n<p class=\"font-body-baseline-regular text-primary\" data-testid=\"article-paragraph-annotation-test-id\">\u201cSo if there\u2019s one compromise in any part of the network, it actually compromises the entire network, which is why having all the various agencies coming together is so important,\u201d he said.  <\/p>\n<p class=\"font-body-baseline-regular text-primary\" data-testid=\"article-paragraph-annotation-test-id\">But the most important goal, he said, is resilience, marked by how all the sectors\u2019 competency can be levelled up to bounce back from any setback as soon as possible. <\/p>\n<p><iframe loading=\"lazy\" title=\"[FULL] Chan Chun Sing, Josephine Teo on national cyber defence exercise\" width=\"500\" height=\"281\" src=\"https:\/\/www.youtube.com\/embed\/IfAvDL3bFAo?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe><\/p>\n<p class=\"font-body-baseline-regular text-primary\" data-testid=\"article-paragraph-annotation-test-id\">A state-sponsored threat actor entering through a virtual private network gateway to take down an energy plant was one of the simulated attacks that Major (NS) Chong Rong Hwa led his 20-strong team to defend against during the exercise. <\/p>\n<p class=\"font-body-baseline-regular text-primary\" data-testid=\"article-paragraph-annotation-test-id\">As mentor of the cyber defenders within the energy sector, he worked with his team to identify all the different channels that an attack could come from, and guided them in differentiating between benign and malicious activities on the network.<\/p>\n<p class=\"font-body-baseline-regular text-primary\" data-testid=\"article-paragraph-annotation-test-id\">\u201cWe will then remediate by removing some of the threats, perhaps by removing malicious software and IP addresses,\u201d said MAJ Chong, who is from the Digital and Intelligence Service, a branch of the Singapore Armed Forces. <\/p>\n<p class=\"font-body-baseline-regular text-primary\" data-testid=\"article-paragraph-annotation-test-id\">Another scenario faced by the transport sector was a traffic collision that resulted from a cyber attack on a traffic signalling system, <!-- -->he<!-- --> said.    <\/p>\n<p class=\"font-body-baseline-regular text-primary\" data-testid=\"article-paragraph-annotation-test-id\">Colonel Cai said: \u201cAn attack that starts in one sector may quickly be promulgated to other sectors, so our ability to communicate threat intelligence picked up by one sector to others is immensely important.<\/p>\n<p class=\"font-body-baseline-regular text-primary\" data-testid=\"article-paragraph-annotation-test-id\">\u201cThis is the seriousness with which we take this exercise, because we know how it will affect the lives of our fellow Singaporeans.\u201d<\/p>\n<\/div>\n<p><br \/>\n<br \/><a href=\"https:\/\/www.straitstimes.com\/tech\/board-of-critical-services-operators-will-need-cyber-security-training-have-greater-responsibility\" target=\"_blank\" rel=\"noopener\">Read Full Article At Source <\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>SINGAPORE &#8211; Board members of the operators of critical services in Singapore will need to go through cyber security training, as part of new requirements&#8230;<\/p>\n","protected":false},"author":1,"featured_media":1864,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"","fifu_image_alt":"","footnotes":""},"categories":[2611],"tags":[],"class_list":["post-11052","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-buzz-headlines","wpcat-2611-id"],"_links":{"self":[{"href":"https:\/\/sgbuzz.com\/index.php?rest_route=\/wp\/v2\/posts\/11052","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sgbuzz.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sgbuzz.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sgbuzz.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/sgbuzz.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=11052"}],"version-history":[{"count":0,"href":"https:\/\/sgbuzz.com\/index.php?rest_route=\/wp\/v2\/posts\/11052\/revisions"}],"wp:attachment":[{"href":"https:\/\/sgbuzz.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=11052"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sgbuzz.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=11052"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sgbuzz.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=11052"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}