Table of contents exchange of letters with the minister executive summary



Download 5.91 Mb.
View original pdf
Page267/329
Date27.11.2023
Size5.91 Mb.
#62728
1   ...   263   264   265   266   267   268   269   270   ...   329
Report of the COI into the Cyber Attack on SingHealth 10 Jan 2019

COI Report – Part VII
Page 334 of 425

(b) Spot reports and intelligence summaries are sent to CII operators. These cover cyber attacks in other countries, so that CII operators can learn from what has happened in other countries, and take the necessary remediation or protection measures within their own systems. In 2017, around 20 spot reports and intelligence summaries were shared. c) Curated intelligence specific to a sector is sent to the particular sector. CSA may then work with that sector to ensure the necessary followup action is carried out. d)
CSA conducts presentations on the threat landscape at meetings with CISOs and management in CII sectors.
968. CSA’s distillation of threat intelligence into actionable items for CII sectors is a sensible approach. It has the twin benefits of (i) analysis by CSA of the nature of the threat and (ii) clear directions to CII sectors of how they can take steps to mitigate the threat. This is crucial, because raw threat intelligence alone cannot form the basis of a detection program, and there must be some set of event data to which the threat intelligence is applied 969. To illustrate how CSA shares threat intelligence, its actions after the
Cyber Attack are highlighted below a) Concurrent to CSA’s containment and investigation efforts, CSA provided intelligence and situation awareness to all the other CII sectors. b)
CSA instructed the CII sectors to scan for newly discovered IOCs that would be indicative of the same attacker being present in their Michael Collins, Network Security through Data Analysis, (O’Reilly Media, Inc, 2
nd
Ed, 2017) at p.


COI Report – Part VII
Page 335 of 425

networks, and advised on possible measures to mitigate a similar incident. c)
CSA called up other users of the SCM database to explain the vulnerabilities observed in the SCM database and to ask them to take immediate measures to protect themselves. d)
CSA organised a briefing for relevant stakeholders of all CII sectors and recommended that they review their protection and management of large databases. e) Following the public announcement of the Cyber Attack, CSA directed that CII sectors adopt heightened measures, in anticipation of potential opportunistic attacks on sensitive systems. f)
CSA published two advisories on protection and precautionary measures (i) a technical advisory for companies on measures to protect their systems and customers personal data and (ii) to encourage members of the public to take personal precautionary measures against scams that could arise from the theft of the personal data that had been lost in the Cyber Attack.
970. In our view, it is critical for the government, through CSA, to continue to ensure sharing of threat intelligence across the CII sectors (inline with its information management process. As Vivek noted, the attackers have the ability to move across the whole fabric of systems, the defenders must thus have visibility across the same range of systems, in order to provide an adequate defence.



Download 5.91 Mb.

Share with your friends:
1   ...   263   264   265   266   267   268   269   270   ...   329



The database is protected by copyright ©ininet.org 2024
send message
    Main page
united states
total number
vast majority
federal government
other side
next generation
supreme court
information contained
current state
executive director
national association
middle east
east coast
general assembly
private sector
same time
west coast
united kingdom
united nations
total amount
full range
highest level
soviet union
european union
national academy