Telecommunications Cybersecurity Code of Practice
The IMDA has formulated Codes of Practice to enhance the cyber security preparedness for designated licensees. The Codes are currently imposed on major Internet Service Providers (“ISP”) in Singapore for mandatory compliance, and the coverage includes their network infrastructure providing Internet services. Besides security incident management requirements, the Codes include requirements to prevent, protect, detect and respond to cyber security threats. The Code was formulated using international standards and best practices including the ISO / IEC 27011 and IETF Best Current Practices.
Starting from 2012, periodic audits are being conducted to ensure that ISPs comply with all requirements and gaps identified are promptly addressed to mitigate the associated cyber security risks. Such requirements are reviewed and updated, in consultation with designated licensees, to include proportionate controls for various infrastructures that are commensurate with evolving cyber security risks. As the Sector Lead for Infocomm and Media sectors, IMDA’s Codes will encompass related requirements from other security agencies as well.
Infocommunications Singapore Computer Emergency Response Team (ISG-CERT)
The Infocommunications Singapore Computer Emergency Response Team (ISG-CERT) was established in 1st April 2015 to provide IMDA with the capability to respond effectively to cyber threats within the Infocomm and Media sector in Singapore.
The ISG-CERT supports IMDA in overseeing and enhancing the cyber-security posture and preparedness of the Infocomm and Media Sector. Internationally, as a full and active member of the Forum of Incident Response and Security Teams (FIRST), ISG-CERT cooperates and coordinates with regional and global trusted CERTs in responding to computer security incidents relating to the Infocomm and Media Sector.
ISG-CERT provides the following to the constituents of the local Infocomm and Media sector:
- Sharing of information through the issuance of actionable intelligence and advisories/alerts
- Promoting security awareness and enhance technical knowledge by conducting security courses, seminars and workshops
- Performing incident management, computer forensic analysis and malware analysis
- Coordinating with other CERTs and organisations to resolve security incidents
Cyber Security Vulnerability Reporting (CSVR) Guide
The Info-communications Media Development Authority (“IMDA”) works closely with infocomm and media companies to ensure that the services they provide to the public are adequately secured against cyber threats. However, given the myriad of infocomm software solutions and applications, it is not possible to totally eliminate all cyber security vulnerabilities despite best efforts.
IMDA recognises that the cyber security researcher (“Researcher”) community regularly makes valuable contributions through making responsible disclosures to enhance the security of public-facing applications and networks of service providers, leading to safer Internet user experience.
This Cyber Security Vulnerability Reporting Guide (“CSVR Guide”) is intended for Researchers to report to IMDA cyber security vulnerabilities that they have detected in the public-facing applications and networks of Telecommunications service providers such as the Internet Access, Mobile and Fixed-line voice/data service providers, Broadcast, Print (Newspaper) and Postal service providers operating in Singapore (“Relevant Organisations”).
View the CSVR Guide here.