MCI response to PQs on safeguards in place after recent spate of ransomware incidents abroad

06 JUL 2021

Parliament Sitting on 6 July 2021

QUESTIONS FOR WRITTEN ANSWER

38. Mr Murali Pillai: To ask the Minister for Communications and Information following the spate of ransomware incidents abroad involving companies providing critical services, what steps are being taken in Singapore to guard against such incidents from occurring in Singapore.

39. Mr Ang Wei Neng: To ask the Minister for Communications and Information how is Singapore preparing to guard against severe ransom attacks by hackers in light of the high-profile ransom attacks in North America and other parts of the world.

Answer:

  1. Ransomware attacks are not new but recent developments are a cause for concern. 

  2. In the past, attacks tended to be isolated and sporadic, typically affecting individuals, or a handful of computers in companies. However, there has clearly been a step-change in the scale of ransomware attacks. Cybercriminal gangs have refined their tactics and now encrypt or lock up hundreds, if not thousands, of computers simultaneously. They increasingly target large companies and organisations, which they believe will pay a ransom to end the pain if operations are sufficiently disrupted and enough damage is caused. 

  3. In addition, the impact of ransomware attacks are no longer contained in the digital domain.  They now spill over into the physical realm, with real-world consequences. We have seen this globally, with the recent uptick in international ransomware attacks. In early May, the Colonial Pipeline Company operating the largest fuel pipeline in the US East Coast suffered a ransomware attack.  This prompted the company to shut down the pipeline’s operations for close to a week, affecting the supply of fuel to about 50 million customers. In mid-May, Ireland and New Zealand’s healthcare services suffered from separate ransomware attacks.  The shutdown of affected IT systems led to surgeries being postponed and outpatient services suspended, because patient records had become inaccessible. 

  4. These events are stark reminders that we must all remain vigilant against  ransomware attacks.  This includes not just public agencies delivering essential services but private organisations as well, so long as they depend on IT systems for any part of their core business.

  5. The Cyber Security Agency (or CSA) has taken proactive steps to safeguard our Critical Information Infrastructure (CII), and directed the CII sectors to raise their cybersecurity posture in view of the growing ransomware threat. These include enhancing monitoring to detect anomalous activity swiftly; backing up data regularly and keeping the backup offline; and practising incident response and business continuity plans to ensure that employees know the required responses to a ransomware attack. These are on top of existing cyber resilience measures mandated for the CII sectors under the Cybersecurity Act.  

  6. Government agencies have also heightened their monitoring for anomalous activity in their networks and systems. Business continuity measures have been reviewed and put on standby. A Whole-of-Government ICT incident management exercise involving over 30 Government agencies will be conducted in August to refresh agencies’ familiarity with procedures to handle cyber incidents, including that for ransomware. This builds on ongoing measures to raise cybersecurity awareness and competency among all public officers, such as through an annual simulated phishing exercise. 

  7. I would like to reiterate that the ransomware threat goes beyond attacks on essential services or Government agencies. It can strike any of us or our organisations, denying us access to our data or disrupting our businesses or operations. We need to do what we can to prevent breaches, but also monitor for and detect these incidents, and recover quickly from them. To this end, CSA has issued public advisories on the steps that enterprises, organisations and members of the public should take to protect themselves against the ransomware threat. Many of these are simple cyber hygiene measures, such as keeping systems and software updated and raising employees’ awareness of ransomware. Monitoring and detecting cyber intrusions swiftly and backing up data are also important to contain the impact of any ransomware attack. 

  8. CSA will continue to engage and advise enterprises, organisations and members of the public to adopt these measures, which can be easily found on CSA’s website. I would like to stress, however, that these cannot replace the stakeholders’ sense of urgency and commitment to implement the recommended measures.  It would be in their own interest to take preventive action before any ransomware attack hits them.