Singapore's cybersecurity organization calls together representatives from critical information infrastructure industries for two emergency meetings, during which technical information and instructions were given to help these companies in dealing with possible threats from Log4j. The country's cybersecurity agency released alerts on the Apache Java logging library flaw and is "closely analayzing" developments.
The first alarm went out on 14 December, CSA (Cyber Security Agency) of Singapore warned "critical vulnerability," when compromised successfully, lets a hacker take full access to compromised servers. "A briefing session also was held on Friday with trade associations and chambers to highlight the severity of the Log4j vulnerability and urgency for all organizations, including small and midsize businesses (SMBs), to immediately deploy mitigation measures," reports ZD Net. It also mentioned that there was only a small window opportunity to execute mitigation actions and organizations should do it immediately.
CSA mentioned that alerts were sent out to CII sector leads and businesses, telling them to immediately update their systems with the latest security patches. The government agency was working in collaboration with these CII representatives to take out damage control measures. The cybersecurity bill of Singapore includes 11 critical information infrastructure (CII) sectors, which allows local agencies to take proactive measures to safeguard these CIIs.
The bill highlights a regulatory framework that formalises the duties of CII providers in protecting systems under their accountability, which includes both before and after cybersecurity incidents. These 11 "essential services" also include water, healthcare, energy, aviation and, banking, and finance. As of now, no Log4j related breaches have been reported, after the CSA issued an alert on December 14th. According to ZD Net, "CSA on Friday issued another update, raising the alert on the security flaw. It noted that because Log4j was widely used by software developers."