Subterms
Image: Getty While more companies are investing in beefing up their IT security, most cybersecurity practices are still reactive in their nature, relying on software tools to identify when a breach has happened – or been attempted – and then responding accordingly. But as cyberattacks continue to increase in frequency and sophistication, it is clear […] More
Image: Getty Images/Jetta Productions Inc Content distribution network (CDN) firm Cloudflare says the botnet behind the biggest distributed denial of service (DDoS) attacks it has recorded has targeted nearly 1,000 of its customers in the past few weeks. The botnet – which Cloudflare calls Mantis and which is named after the small, razor-legged prawn – […] More
Engineer wearing a white helmet while standing in a heavy industrial factory. Getty Images/iStockphoto Critical infrastructure is increasingly targeted by cyber criminals – and while those responsible for running industrial networks know that securing operational technology (OT) and the Industrial Internet of Things (IIoT) is vital, they’re struggling, resulting in networks being left vulnerable to […] More
Singapore is looking to expand its cybersecurity labelling programme to include medical devices, specifically, those that handle sensitive data and can communicate with other systems. It also reiterates the need to safeguard operational technology (OT) systems and build up the necessary skillsets to do so. OT systems traditionally were designed as standalone infrastructures and not connected to external networks or the internet. The need for better efficiencies and functionalities, however, had driven the convergence of IT and OT systems. Remote monitoring and data sharing for insights, for instance, brought about more efficiencies, but these also came at a cost as they widened the attack surface, said David Koh, Singapore’s cybersecurity commissioner and chief executive of Cyber Security Agency (CSA). Once in a safe air-gapped operating environment, OT systems now were open to potential cyber attacks and breaches could have real-world impact, noted Koh, who was speaking at ISC2’s Secure Singapore conference held Wednesday. To mitigate such threats, he underscored the need to build up the necessary skilsets to manage the convergence of IT and OT systems. With both sides traditionally run and managed separately, these teams now would need to understand how IT systems were deployed to support essential services, such as water and power plants. Such skillsets also should encompass knowledge of business processes and interdependencies that went beyond the technical aspects, he said. Zachary Tudor, associate laboratory director of Idaho National Laboratory’s National and Homeland Security, concurred, pointing to the need for managers who understood the security risks from the convergence of IT and OT. C-suite executives also needed to be educated about the business risks and consequences of the interdependencies between the two realms, said Tudor, who also is ISC2’s board chairperson. Koh said Singapore tweaked its cybersecurity strategy in recognition of the convergence, embedding an OT security masterplan that focused on bolstering processes, infrastructures, and talent to address potential risks. Its OT Cybersecurity Competency Framework provided guidelines of cybersecurity skills and technical competencies required for OT industry sectors, which included those in critical information infrastructure (CII) markets such as water, healthcare, maritime, and energy.CSA earlier this week unveiled a scholarship programme for up to 80 qualified candidates enrolled in the Singapore University of Technology and Design’s Master of Science in Security by Design. The initiative was part of the government’s efforts to drive OT cybersecurity skills development. Plans to expand labelling scheme to healthcareKoh also pointed to the need to help the general public make more informed choices with regards to security, in particular, in purchasing Internet of Things (IoT) devices. He noted that consumers would buy such products without much awareness because the device’s security posture typically was opaque, with little information provided, and the spotlight placed instead on its features and price. CSA launched a Cybersecurity Labelling Scheme (CLS) to address this and adoption had been better than expected, with a range of manufacturers expressing interest in participating in the voluntary programme, he said. First introduced for home routers, the initiative later was expanded to include all consumer IoT devices, such as smart lights and door locks. Koh revealed that plans now were underway to further expand the CLS to medical and healthcare devices. Security was critical here as such devices could affect one’s health and potentially result in personal injury, he said. According to a CSA document detailing the pilot CLS for medical devices, such devices would fall under the scheme if they handled sensitive data such as personal identifiable information and had the ability to “collect, store, process, or transfer data”. They also would be connected to other systems and services, with the ability to communicate using wired or wireless networks either autonomously or manually. Singapore in May announced plans to set up a SG$19.5 million ($13.99 million) centre to facilitate vulnerability assessment of software and hardware products, physical hardware attacks, and security measures. The centre would work with CSA and Singapore Accreditation Council to develop relevant accreditation programmes, including IT testing programmes that facilitated initiatives such as CLS.According to CSA, as of end-April, more than 200 products had been submitted for labelling under the programme. Koh added that countries such as Germany, Australia, the US, and the UK had approached Singapore to establish mutual recognition of similar labelling and certification schemes in the respective global markets. Such bilateral recognition would reduce the need for duplicated testing, he said.Singapore and Finland last October inked an agreement to do so for each country’s IoT cybersecurity labels.RELATED COVERAGE More
Image: Zephyr_p/Shutterstock Companies are getting hacked now more than ever. According to one analysis, almost half (45%) of US companies suffered a data breach within the past year. “It’s not a matter of if you’re going to be attacked – it’s just when, and what is the next one,” Matthew Davis, the president of GDI […] More
Image: Apple Microsoft has detailed an exploit for a flaw its researchers found in macOS that could allow specially crafted codes to escape the App Sandbox and run unrestricted on the system. If you have a Mac but haven’t installed Apple’s May 16 security updates for macOS, you should now, according to the Microsoft 365 […] More
Image: Shutterstock / Branislav Nenin A few years ago Google completed its switch from an Ubuntu-based Linux desktop to Debian. Now Google has detailed how this change has led to rolling releases for Linux desktops with faster and smoother upgrades as well as faster security patching. After over 15 years with Ubuntu as the […] More
thodonal88 — Shutterstock A new survey shows that cybersecurity is the hot skill area being sought across enterprises in today’s environment. That’s where the opportunities are. Let’s face it, though — learning and gaining proficiency in cybersecurity requires hours, days, and months of study and hands-on experimentation. There are entire college majors focusing on cybersecurity. […] More
