Table of contents exchange of letters with the minister executive summary



Download 5.91 Mb.
View original pdf
Page241/329
Date27.11.2023
Size5.91 Mb.
#62728
1   ...   237   238   239   240   241   242   243   244   ...   329
Report of the COI into the Cyber Attack on SingHealth 10 Jan 2019

COI Report – Part VII
Page 296 of 425

the design of the system, so that there is afresh perspective on how an attacker would come in. Dan suggested that the red team could augment the results of the blue or white team, fora more robust solution.
857. In light of the foregoing, we recommend that a)
CSG should continue to buildup its blue or white teaming capabilities, and regularly carryout blue/white teaming on key systems and networks. b) Beyond that, IHiS should engage independent third-party service providers to periodically conduct red teaming exercises on key systems and networks. c) A clear policy on the conduct of red teaming exercises should beset out in the HITSPS.
39.5 Threat hunting must be considered
858. Many of the experts have testified that it is a matter of when, not if, the security of a system will be breached. An assume breach mentality places the focus not merely on prevention, but critically, on detection as well.
859. It is thus apposite that Dan recommended building up threat hunting capability. Threat hunting entails proactively searching through networks to hunt for and detect advanced cyber threats that evade existing security safeguards, before they manifest into major security incidents. This is recommended for high value systems on a regular basis, based on the risk management analysis of the organisation, to ensure that the systems are clean and uncompromised.
860. Dan also explained that there were not many mature offerings of such threat hunting services at this time, but overtime, commercial companies would probably buildup their own competency and offer such services. For now, CSA could fill that gap. Once threat hunting services become more commercially


COI Report – Part VII
Page 297 of 425

available, Dan’s view was that it should be done regularly, especially for critical systems.
861. Relatedly, on the issue of timing for organisations to start deploying threat hunting, Vivek cautioned that an organisation’s security setup would have to reach a certain level of maturity, which could take several years, before threat hunting would be of meaningful benefit. In his opinion, the focus areas should first be on developing threat intelligence and the Security Operations Centre, with threat hunting and cyber range exercises to follow several years down the line.
862. At the same time, however, it is encouraging that Bruce, Leong Seng and
IHiS have identified threat hunting as an area that IHiS will move into. Leong
Seng testified that IHiS was looking to setup an Advanced Security Operation Centre (“ASOC”) which would provide proactive services such as active threat hunting.
863. In light of the foregoing, we recommend that IHiS together with its ASOC evaluate the value of conducting threat hunting in the public healthcare institutions systems presently, and as soon as practicable, move to ensure that threat hunting is regularly carried out on high value systems, including CII like the SCM system, by an independent third-party service provider with the expertise to do so.


Download 5.91 Mb.

Share with your friends:
1   ...   237   238   239   240   241   242   243   244   ...   329



The database is protected by copyright ©ininet.org 2024
send message
    Main page
united states
total number
vast majority
federal government
other side
next generation
supreme court
information contained
current state
executive director
national association
middle east
east coast
general assembly
private sector
same time
west coast
united kingdom
united nations
total amount
full range
highest level
soviet union
european union
national academy