RESOLVING VULNERABILITIES
Proactive efforts leading up to an event include identifying its digital footprint and cybersecurity risk areas, scanning the vendor websites and checking the commercial systems and applications used for the event, and working out cybersecurity incident escalation and reporting processes, explained Mr Heng.
Event organisers are required to resolve any vulnerabilities uncovered through these checks prior to the events, he added.
Noting that his reply applied to all such events and does not refer to any particular incident, Mr Heng emphasised the difference between the type of communication lines used.
He said that secure measures are implemented for “conferences and meetings that are organised by Singapore that are of a sensitive nature – government meetings, military meetings – where communications are sensitive”, and they differ from the open platforms used by the general public.
“Participants to international events and conferences, including those attended by military personnel and government leaders and officials do not, as a rule, expect the host country to provide secured means of communications,” said Mr Heng.
“Even if a host country is to offer such means, it is questionable whether foreign participants are comfortable using it.”
He said that foreign guests who need to transmit sensitive information will typically arrange their own secured means, such as encryption hardware or software, commercial secured or embassy lines, and other security measures.
“This is the practice of MINDEF and SAF officials when attending meetings overseas,” added Mr Heng.