Singapore has held emergency meetings with critical information infrastructure (CII) sectors to prepare them for potential threats stemming from the Log4j vulnerability. The country’s cybersecurity agency has issued alerts on the Apache Java logging library flaw and is “closely monitoring” developments.
The first alert had gone out on Dec 14, with Singapore’s Cyber Security Agency (CSA) warning that the “critical vulnerability”, when exploited successfully, could allow attackers to gain full control of affected servers. It noted that there was only a short window to deploy mitigation measures and organisations should do so quickly.
It said alerts were sent out to CII sector leads and businesses, instructing them to immediately patch their systems to the latest version. The government agency also was working with these CII representatives to roll out mitigation measures.
Singapore’s cybersecurity bill covers 11 critical information infrastructure (CII) sectors, which enables the relevant local authorities to take proactive measures to protect these CIIs. The bill outlines a regulatory framework that formalises the duties of CII providers in securing systems under their responsibility, including before and after a cybersecurity incident had occurred. These 11 “essential services” sectors include water, healthcare, energy, banking and finance, and