Table of contents exchange of letters with the minister executive summary



Download 5.91 Mb.
View original pdf
Page319/329
Date27.11.2023
Size5.91 Mb.
#62728
1   ...   315   316   317   318   319   320   321   322   ...   329
Report of the COI into the Cyber Attack on SingHealth 10 Jan 2019




COI Report – Part VII
Page 408 of 425

50 RECOMMENDATION
#15:
COMPETENCE
OF
COMPUTER
SECURITY
INCIDENT
RESPONSE
PERSONNEL MUST BE SIGNIFICANTLY IMPROVED
#RESPONSE PEOPLE DEVELOPMENT
1185. While IHiS does appear to have some in-house capability for dealing with cyber threats, the evidence shows that insufficient emphasis was placed on ensuring that security personnel were adequately trained and equipped to perform their functions effectively and competently. Although the IR-SOP does provide fora Security Incident Response Team (“SIRT”), a Computer Emergency Response Team (“CERT”), and a Security Incident Response Manager
(“SIRM”), the reality was that the CERT was almost untrained, poorly equipped, and badly led, as the SIRM was unsure of his role and functions. This section elaborates on how these shortcomings should be addressed. The key point is that security personnel must betaken seriously, and cannot simply be left to languish in obscurity without adequate training and support, both managerial and material.
50.1 The Computer Emergency Response Team must be well trained
to more effectively respond to security incidents
1186. When computer security incidents occur, it is critical for an organisation to have an effective way to respond. Organisations which are adequately resourced establish in-house CERTs
116
, who act as first-responders to security incidents, when the need arises. Failure of these teams to quickly and effectively respond to security incidents can have far-reaching effects.
116
CERTs are also sometimes called Computer Security Incident Response Teams (“CSIRTs”).



COI Report – Part VII
Page 409 of 425

1187. Composition of the CERT. The SingHealth CERT was formed in March
2018 and comprised three people a) Benjamin b) Zac and c)
Azzlan.
1188. Out of the three members of the CERT, only Benjamin had been with IHiS fora significant period of time – Zac and Azzlan only joined IHiS in April and February 2018 respectively. The only training conducted for the CERT was a half-day course conducted by an external consultant on the use of forensic software. Benjamin had gone for one incident response course (“Hacker Tools,
Techniques and Incident Handlingby SANS Institute, but had not otherwise received any formal incident response training. Zac and Azzlan did not receive any formal training for their roles. Furthermore, there was no reporting hierarchy within the CERT, and there were no proper procedures for assigning cases to members of the CERT.
1189. Deficiencies in CERT training. Vivek observed that the following deficiencies with the CERT’s training contributed to IHiS’ failure to mount a proper response to the Cyber Attack a) The team was provided training on how to use certain tools. However, this was only a half-day training. These tools are very complex and advanced, and half a day is not enough to understand even the basic features of one of the two tools. Therefore, it is impossible that the CERT could have been adequately trained to use these two tools.



Download 5.91 Mb.

Share with your friends:
1   ...   315   316   317   318   319   320   321   322   ...   329




The database is protected by copyright ©ininet.org 2024
send message

    Main page