The government in Singapore is to set up a programme to help organisations who run the city state’s critical information infrastructure (CII) to better manage their supply chain’s cyber-security risks
The effort coincides with global attacks on software provider SolarWinds and file-sharing company Accellion in recent months. Singapore telecom Singtel was a victim of the Accellion hack.
The Cyber Security Agency (CSA) of Singapore is developing the CII Supply Chain Programme with CII owners and will also engage an external consultant.
The programme covers 11 sectors: government, security and emergency, healthcare, media, banking and finance, energy, water, infocommunications, maritime, aviation and land transport. Joining the programme is not mandatory.
Announcing the effort during a Parliamentary debate, senior minister of state for communications and information Janil Puthucheary said the programme will recommend processes and sound practices for all stakeholders.
“We … need to manage cyber security risks across the supply chain. Doing so requires CII owners to have a better understanding of their vendors to identify systemic risks and improve the level of cyber hygiene with the vendors,” he was quoted as saying by local media.
“With more activities taking place online, it’s important that people trust the digital systems used to store, collect and transfer our information.”
Discussions with stakeholders will help the government improve policies around supply chain security, he added.
The CSA said the programme’s development is not in response to any recent cyber incident, but is something it has been working on for a while.
Plans include vendors having to ensure their systems are resilient and can recover quickly from cyber-attacks. Vendors will also be independently audited regularly.