Summary of Initiatives to Help Organisations Enhance Cybersecurity

      The Cyber Security Agency of Singapore (CSA), Enterprise Singapore and Infocomm Media Development Authority (IMDA) have refreshed the cybersecurity categories of the Pre-approved Solutions on the SMEs Go Digital programme, to align to the measures in the Cyber Essentials mark. The refresh was announced by Mr Tan Kiat How, Senior Minister of State for Digital Development and Information and for National Development, at the Singapore International Cyber Week (SICW) 2024.

2      The SMEs Go Digital programme, first launched in 2017, aims to help Small and Medium-sized Enterprises (SMEs) adopt digital technologies and build stronger capabilities to seize growth opportunities in the digital economy. As part of the programme, IMDA partners the Infocomm Media (ICM) industry to identify and pre-approve a range of digital solutions suitable for mass adoption by broad based SMEs. Through pre-approval, SMEs can have access to ready and affordable solutions that are proven to deliver productivity gains and compliant with required industry standards. An example is the cybersecurity categories of solutions which were previously organised based on the following solution types – Managed Detection Response, Unified Threat Management, Endpoint Protection Platform and Enterprise Data Loss Prevention. 

3      The Cyber Essentials mark, launched in 2022, is a cybersecurity certification that helps SMEs prioritise the measures needed to safeguard their systems and operations from common cyber-attacks. The Cyber Essentials mark is organised along five categories of measures i.e. “Assets”, “Secure/Protect”, “Update”, “Backup” and “Respond”. 

4      The solution categories that are pre-approved are those where solutions are tailored or appropriate for SMEs, and fall under two Cyber Essentials measures: “Secure/Protect” and “Backup”. The cybersecurity solution categories under Pre-approved Solutions on the SMEs Go Digital programme have thus been refreshed for alignment to these two Cyber Essentials measures. “Backup” and “Integrated anti-malware, firewall and backup” are new pre-approved solution categories that have been introduced as part of this refresh.

5      The alignment simplifies the selection process of cybersecurity solutions for SMEs, as they can now adopt the appropriate solutions based on the gaps highlighted in their Cyber Essentials certification journey. SMEs can select standalone cybersecurity solutions, or integrated packages if they require support with multiple aspects of cyber hygiene. 

6     The agencies are working to pre-approve ICM vendors to offer standalone and integrated packages and to transit the existing pre-approved solutions to the refreshed solution categories.    

7      The refresh of the cybersecurity categories in Pre-approved Solutions on the SMEs Go Digital programme covers the technology aspect, while the existing Chief Information Security Officer-as-a-Service (CISO-aaS) scheme, launched in 2023 to develop cybersecurity health plans with funding support for SMEs, covers the people and process aspects¹. Together, these two schemes support SMEs in building a holistic cybersecurity defence to protect themselves from malicious cyber-attacks which can cause financial loss and disrupt business operations. 

Mutual Recognition of Cyber Trust and Cloud Security Alliance STAR Certification

8      At SICW 2024, SMS Tan also announced the mutual recognition of the Cyber Trust mark with the Cloud Security Alliance’s Security, Trust, Assurance and Risk (STAR) Level 2 certification. The agreement was reached after a systematic comparison of the requirements and controls of both standards to identify areas of alignment. Mutual recognition is beneficial as it simplifies the path for organisations to achieve the Cyber Trust mark, as well as potentially reducing the time and effort to undergo multiple certification processes and audits. It also helps to expand Singapore’s reputation as a trusted digital hub with key international players recognising its schemes.

9      Under this agreement, should CSA-appointed Certification Bodies (CB) perform Cyber Trust audits for organisations who are already certified with STAR Level 2, they need not review all their practices and measures from scratch due to the cross-mapping and mutual acceptance already in place between both certifications. This reduces their time and effort in attaining the certification. Likewise, Cloud Security Alliance-appointed CBs can do the same for organisations already certified with Cyber Trust. CBs can refer to the published cross-mapping in the Cloud Security Companion Guide for Cyber Trust on CSA’s website to check the common requirements of the STAR and Cyber Trust certification. 

Two More Key Cloud Providers Developed Cloud Security Companion Guides

10      CSA and the Cloud Security Alliance had launched two Cloud Security Companion Guides to support Cyber Essentials and Cyber Trust in 2023. Amazon Web Service, Google Cloud and Microsoft had developed provider-specific guides that are specific to their service offerings, and help organisations subscribed to them to more easily align to the measures in Cyber Essentials and Cyber Trust.

11      Since then, CSA has worked with Alibaba Cloud on their Cloud Security Companion Guides for Cyber Essentials, which was launched in Feb 2024. CSA has also worked with Huawei Cloud on their Cloud Security Companion Guide Cyber Trust, which was just launched at GovWare 2024. With the addition of these two cloud providers, the top five key cloud service providers in the market now all have companion guides for Cyber Essentials and/or Cyber Trust.

¹ “People”, “Process” and “Technology” are integral pillars of cybersecurity. “People” refers to educating people on cyber threats, as well as having sufficient cybersecurity experts in an organisation. “Process” refers to knowing the approach to handling and preventing security incidents. “Technology” acts as the protective shield and can detect and mitigate risks.  

About the Cyber Security Agency of Singapore 

Established in 2015, the Cyber Security Agency of Singapore (CSA) seeks to keep Singapore’s cyberspace safe and secure to underpin our Nation Security, power a Digital Economy and protect our Digital Way of Life. It maintains an oversight of national cybersecurity functions and works with sector leads to protect Singapore’s Critical Information Infrastructure. CSA also engages with various stakeholders to heighten cybersecurity awareness, build a vibrant cybersecurity ecosystem supported by a robust workforce, pursue international partnerships and drive regional cybersecurity capacity building programmes.

CSA is part of the Prime Minister’s Office and is managed by the Ministry of Digital Development and Information. For more news and information, please visit www.csa.gov.sg.