The Act allows the Commissioner to request specific information from Critical Information Infrastructure (CII) owners (Section 10) and during investigations of cybersecurity threats and incidents (Sections 19 and 20). The sharing of such information is an important part of protecting our systems from cybersecurity threats.
The Cyber Security Agency of Singapore (CSA) also shares information on cybersecurity threats and vulnerabilities with the CII sectors so that appropriate actions can be promptly taken. This is actionable information and is often technical and operational in nature. Examples include technical indicators or signatures of the cyber threat and contextual cyber threat assessments.
Beyond CII, the Singapore Computer Emergency Response Team, or
SingCERT, which is part of CSA, routinely issues timely advisories and alerts to the general public and advises on measures that the public can take to protect themselves. Information and educational materials that promote cyber hygiene for the general public are also available on the
Gosafeonline website. CSA also publishes an annual
Singapore Cyber Landscape report for public awareness.
The CERTs overseeing specific sectors also issue advisories to the operators in their respective sectors. For example, the Info-communications Singapore CERT, or ISG-CERT, issues alerts to operators in the telecommunications and media sector to enhance their cyber readiness, and advisories on cybersecurity vulnerabilities pertaining to this sector.
SingCERT also works with the sectoral CERTs, where necessary, to inform local companies and affected customers on cybersecurity threats and incidents. For example, when D-Link routers were found to have security vulnerabilities in September 2017, SingCERT and ISG-CERT issued a joint advisory which contained information on the affected products and the steps that affected consumers should take - for example, disable remote management of their router and use strong passwords for their Wi-Fi to minimise the risk of their device being compromised.