Be aware of scammers impersonating as IMDA officers and report any suspicious calls to the police. Please note that IMDA officers will never call you nor request for your personal information. For scam-related advice, please call the Anti-Scam helpline at 1800-722-6688 or go to www.scamalert.sg.

Infocomm Media Cyber Security

Overview

Infocomm Media Cyber Security plays an important role in creating a secure and trusted environment as it enhances the resilience of our economy against cyber threats. By implementing robust IMDA regulations and guidelines, IMDA aims to enhance the resilience of our economy against cyber security threats and boost the confidence of investors in choosing Singapore as a strategic and secure location for their investments.

Telecommunications Cybersecurity Code of Practice

IMDA has formulated Codes of Practice to enhance the cyber security preparedness for designated licensees. The Codes are currently imposed on major Internet Service Providers (“ISP”) in Singapore for mandatory compliance, and the coverage includes their network infrastructure providing Internet services. Besides security incident management requirements, the Codes include requirements to prevent, protect, detect, and respond to cyber security threats in Singapore. The Code was formulated using international standards and best practices including the ISO / IEC 27011 and IETF Best Current Practices.

Starting from 2012, periodic audits are being conducted to ensure that ISPs comply with all requirements and gaps identified are promptly addressed to mitigate the associated cyber security risks. Such requirements are reviewed and updated, in consultation with designated licensees, to include proportionate controls for various infrastructures that are commensurate with evolving cyber security risks. As the Sector Lead for Infocomm and Media (ICM) sectors, IMDA’s Codes will encompass related requirements from other security agencies as well.

Infocommunications Singapore Computer Emergency Response Team (ISG-CERT)

The Infocommunications Singapore Computer Emergency Response Team (ISG-CERT) was established in 1st April 2015 to provide IMDA with the capability to respond effectively to cyber security threats within the Infocomm and Media sector in Singapore.

The ISG-CERT supports IMDA in overseeing and enhancing the cyber-security posture and preparedness of the Infocomm and Media Sector. Internationally, as a full and active member of the Forum of Incident Response and Security Teams (FIRST), ISG-CERT cooperates and coordinates with regional and global trusted CERTs in responding to computer security incidents relating to the Infocomm and Media Sector.

ISG-CERT provides the following to the constituents of the local Infocomm and Media sector:

  • Sharing of information through the issuance of actionable intelligence and advisories/alerts
  • Promoting security awareness and enhance technical knowledge by conducting security courses, seminars and workshops
  • Performing incident management, computer forensic analysis and malware analysis
  • Coordinating with other CERTs and organisations to resolve security incidents

Cyber Security Vulnerability Reporting (CSVR) Guide

IMDA works closely with infocomm and media companies in Singapore to ensure that the services they provide to the public are adequately secured against cyber security threats. However, given the myriad of infocomm software solutions and applications, it is not possible to totally eliminate all cyber security vulnerabilities despite best efforts.

IMDA recognises that the cyber security researcher (“Researcher”) community regularly makes valuable contributions through making responsible disclosures to enhance the security of public-facing applications and networks of service providers, leading to safer Internet user experience. 

This Cyber Security Vulnerability Reporting Guide (“CSVR Guide”) is intended for Researchers to report to IMDA cyber security vulnerabilities that they have detected in the public-facing applications and networks of Telecommunications service providers such as the Internet Access, Mobile and Fixed-line voice/data service providers, Broadcast, Print (Newspaper) and Postal service providers operating in Singapore (“Relevant Organisations”).


View the CSVR Guide here.

Advisories

LAST UPDATED: 23 MAY 2024