MAS to mandate six cyber resilience measures for FSIs


Singapore’s chief financial regulator, MAS, has issued a prospective list of six mandated cybersecurity compliance measures aimed at boosting FSIs’ cyber resilience and guarding against cyberattacks.

While still under public consultation, MAS has proposed to elevate these criteria as “legally binding conditions”, requiring Singapore-based financial institutions to implement these measures as a baseline hygiene standard for cybersecurity.

The cyber hygiene program will delineate “a clear and common cyber security waterline for the financial industry… [ensuring] that our financial sector as a whole continues to be resilient to cyber threats,” said MAS chief cyber security officer, Tan Yeow Seng,

Among the six mandatory conditions, FSIs will be required to:

— address system security flaws in a timely manner;
— establish and implement robust security for systems;
— deploy security devices to secure system connections;
— install anti-virus software to mitigate the risk of malware infection;
— restrict the use of system administrator accounts that can modify system configurations; and
— strengthen user authentication for system administrator accounts on critical systems.

MAS stressed these measures were “aimed at enhancing the security of [financial services’] systems and networks as well as mitigating the risk of unauthorised use of system accounts with extensive access privileges.”

The public will have an opportunity to offer feedback on the proposed measures between 6 September to 5 October 2018. A copy of the public consultation paper is available on the MAS website.