What Your Organization Can Do To Manage Digital Asset Risk and Compliance Issues
Part 1: New Trends in Cybersecurity
In our previous post, we talked about what individuals can do to secure their digital assets and transact safely online.
Today, we’ll go over how organizations, including businesses and government agencies, can manage cybersecurity issues surrounding digital assets and critical operations. This is important because businesses are required to maintain compliance with security regulations including those covering anti-money laundering and counter financing of terrorism (AML/CFT).
Introduction: New Cybersecurity Masterplan
At the fourth Singapore International Cyber Week (SICW), the Singaporean government announced the Operational Technology Cybersecurity Masterplan aiming to protect the most critical information infrastructures. The masterplan directs equipment manufacturers and service providers to “implement cybersecurity in their developmental phases so that their products and services are built-in with strong cybersecurity measures”.
The objectives of this masterplan, developed by the Cyber Security Agency of Singapore (CSA) and industry partners, is to develop a more secure operating technology environment, provide better defense and recovery mechanisms for cyberattacks, and create more awareness about cybersecurity. Under this masterplan, a new OT Cybersecurity Information Sharing and Analysis Centre will be set up to facilitate information sharing among the global threat intelligence hub, according to a Cybersecurity ASEAN press release.
Details on actionable to-do items for businesses remain scant at this time, however. While further details will be forthcoming in the next weeks and months, there are some things we can still do to prepare.
Obtaining Cybersecurity Certification
Internationally recognized cybersecurity certification can now be issued in Singapore. This January, Singapore attained the status of an international certification authority. Companies can now apply for Common Criteria (CC) certification through the Singapore Common Criteria Scheme (SCCS).
The SCCS provides a cost-effective path for businesses to certify their products against the Common Criteria standard, which is adopted internationally by both governments and industries for the evaluation and certification of cybersecurity products.
This requires product evaluation to conform to the strict requirements of the CC standards. At the same time, the SCCS will support the growth of the local cybersecurity technology ecosystem, including the product evaluation and certification industry in the region.
Implementing Security by Design
Part of the innovation push is implementing Security-by-Design during the product development phase. To ensure that software and hardware products meet Common Criteria certification standards, developers must consider Security-by-Design to ensure products have security built-in right from the start of the product development cycle, rather than seeing security as a piecemeal add-on.
In his opening speech at SICW, Dr. Janil Puthucheary, the Senior Minister of State, noted that the personal data of Singaporean citizens was compromised by cyber-attackers as a result of poor security design of network-connected devices. He called for better quality assurance of such products through the stringent CC certification process: “If we can adopt these product evaluation and certification regimes, such as CC, it will give the kind of assurance benchmarked at internationally-recognized standards, to strengthen IT security for our government, Smart Nation as well as the digital economy”.
In part 2 of this article, we go into more detail about cybersecurity tools available today that help companies follow best security practices and ensure compliance with new global regulations.
