The Cyber Security Agency of Singapore (“CSA“) has expanded its Cyber Essentials and Cyber Trust certification marks to include coverage of cloud, artificial intelligence (“AI“), and operational technology (“OT“) security. This is in recognition of the increasing implementation of more areas of digital technology that go beyond classic cybersecurity, which leads to more digital pathways that may be exploited.
- In the expanded Cyber Essentials, organisations can find guidance on measures to protect themselves against the most common cyberattacks related to cloud, AI and OT.
- For Cyber Trust, these three new areas have been added to its assessment templates of risk and cybersecurity preparedness, as well as the treatment of risk.
For organisations that are given access to sensitive data, CSA has indicated that it is assessing the possibility of requiring them to obtain these marks before they can be licensed or bid for government contracts. The Government may also incorporate cybersecurity considerations in its procurement decisions.
The expanded Cyber Essentials and Cyber Trust provide best practices and guidance in the three new areas as follows:
- Cloud Computing: Organisations can now take reference from the expanded Cyber Essentials content to secure their cloud usage. As for Cyber Trust, organisations are guided through a list of cloud-related risk scenarios to make their own cybersecurity assessments.
- Artificial Intelligence: Organisations can take reference from the expanded Cyber Essentials content on how to utilise AI securely. As for Cyber Trust, the risk scenarios covered include the exploitation of weakness in an insecure Large Language Model and the injection of malicious content as prompts to manipulate its behaviour.
- Operational Technology: The expanded Cyber Essentials will guide organisations on how to secure their OT environment, as well as to manage OT/IT convergence securely. As for Cyber Trust, the risk scenarios covered include the infection of an organisation’s OT network via an OT vendor’s laptop or device.
Click on the following link for more information:
Disclaimer
Rajah & Tann Asia is a network of member firms with local legal practices in Cambodia, Indonesia, Lao PDR, Malaysia, Myanmar, the Philippines, Singapore, Thailand and Vietnam. Our Asian network also includes our regional office in China as well as regional desks focused on Brunei, Japan and South Asia. Member firms are independently constituted and regulated in accordance with relevant local requirements.
The contents of this publication are owned by Rajah & Tann Asia together with each of its member firms and are subject to all relevant protection (including but not limited to copyright protection) under the laws of each of the countries where the member firm operates and, through international treaties, other countries. No part of this publication may be reproduced, licensed, sold, published, transmitted, modified, adapted, publicly displayed, broadcast (including storage in any medium by electronic means whether or not transiently for any purpose save as permitted herein) without the prior written permission of Rajah & Tann Asia or its respective member firms.
Please note also that whilst the information in this publication is correct to the best of our knowledge and belief at the time of writing, it is only intended to provide a general guide to the subject matter and should not be treated as legal advice or a substitute for specific professional advice for any particular course of action as such information may not suit your specific business and operational requirements. You should seek legal advice for your specific situation. In addition, the information in this publication does not create any relationship, whether legally binding or otherwise. Rajah & Tann Asia and its member firms do not accept, and fully disclaim, responsibility for any loss or damage which may result from accessing or relying on the information in this publication.
