1 minute read
Conclusion and Next Steps
Strengthening the cybersecurity and resilience of Singapore's CIIs to preserve and enable essential services is a significant priority for Singapore. Pivotal to this effort is managing the risks that arise in the extended cyber supply chain. The CII Supply Chain Programme is a blueprint for CSA, Sector Leads, CIIOs and vendors to build cybersecurity and resilience into the CII supply chain in response to an ever-evolving threat landscape and increased digitalisation. The Programme is the beginning of a journey towards a secure and resilient future for Singapore's CIIs. The initial focus of this important journey is to achieve increased visibility of the national CII cyber supply chain. The initial step is developing and deploying the CII Cyber Supply Chain Assessment Toolkit, a foundational item, to all CIIOs to collect a baseline inventory of all Tier 1 CII vendors. From this, there can be immediate action to manage national risks at a national level, with the evolution towards nth Tier visibility when Tier 1 data are ingested into an advanced data model.
The next focus is to capitalise on the Programme's momentum by deploying the Cyber Contractual Handbook to improve the collective power of CIIOs to collaborate and negotiate for improved cybersecurity requirements with CII vendors. As a follow-on activity, the Vendor Certification Programme furthers the cybersecurity requirements for vendors and shapes incentives for vendors to improve their capabilities. These initiatives cover the buy and sell sides of the CII market and can work synergistically to improve the cybersecurity and resilience of both vendors and CIIOs.
Finally, take steps towards developing national awareness and appreciation of cyber supply chain topics to improve the likelihood of success and uptake of the Programme. Implement the Cyber Supply Chain Learning Hub and disseminate content and training to senior leaders and procurement functions at CIIOs to elevate the topic of cyber supply chain resilience to an organisational imperative. Efforts in cyber supply chain education can be built on to encourage buy-in from CIIOs for other Programme initiatives. Cybersecurity and resilience in the supply chain is a collective responsibility. Success of the Programme requires a multi-stakeholder effort with active contribution to the implementation and operation of the initiatives across the national, sectoral and organisational levels. Longer term, Singapore can reach outwards to contribute its learnings internationally and contribute to building a secure and resilient international cyber supply chain.
