There is “no indication” that either the Singapore Government’s systems or the Critical Information Infrastructure (CII) was adversely affected by the SolarWinds data breach, said Minister for Communications and Information S Iswaran in Parliament on Tuesday (2 February).
This was related to the high-profile hacking attack involving cybersecurity firm FireEye and software provider SolarWinds Corp.
Mr Iswaran was responding to questions by Members of Parliament (MP) Alex Yam and Desmond Choo on the impact of the SolarWinds breach on Singapore and the cybersecurity of the nation’s systems.
He noted that the Cyber Security Agency of Singapore (CSA) has immediately raised the national cyber threat alert level after it was alerted about the breach, adding that CSA has worked with the critical information structure sectors to check and monitor the political systems.
“There is no indication thus far that Singapore’s CII and Government systems have been adversely affected by the solar winds breach,” said the Minister.
Mr Iswaran added that the enterprises and organisations have been issued with public advisories on steps that should be taken to safeguard their systems against such cyber threat.
These steps include having full stability of their networks and detecting unusual activity in a timely manner.
In the longer term, dealing with these sophisticated cyber threats requires a fundamental shift in mindset towards a zero-trust cybersecurity posture, he added.
“This zero-trust cybersecurity posture has the notion that we should protect our networks by observing two key principles: First we should not trust any activity without first verifying it; second, ensure constant monitoring and vigilance for suspicious activities,” said Mr Iswaran.
He stressed that organisations should put in place robust response plans for cyber incidents, in the event they fall victim to a cyberattack.
Mr Iswaran added that deliberate and consistent efforts are needed to strengthen cyber defences against sophisticated threats such as the SolarWinds breach.
“Our CII, enterprises and citizens must also maintain their vigilance against cyber threats as we mitigate the risks while leveraging the opportunities of digitalization,” he said.