Singapore nonetheless engaged on guidelines to tighten social media enforcement

Singapore nonetheless is mulling over new guidelines that can, amongst others, instruct social media platforms to disable entry to content material it deems dangerous. It won’t, nonetheless, bar the usage of hyperlinks in SMS or different messaging apps as doing so won’t eradicate the chance of somebody falling prey to phishing assaults. 

The Ministry of Communications and Data (MCI) final month mentioned it was engaged on two proposed Codes of Apply that aimed to enhance the protection of social media customers within the nation. The primary would require social media providers suppliers to undertake upstream “system-wide” processes to bolster on-line security for his or her customers, notably, the younger. 

The second Code of Apply would empower business regulator Infocomm Media Growth Authority (IMDA) to instruct social media platforms to chop entry to particular “egregious dangerous content material” that remained out there regardless of these operators’ content material moderation programs. The federal government deemed such content material to embody sexual hurt, self-harm, public safety, in addition to racial or non secular intolerance. 

The brand new enforcement framework would offer IMDA the facility to direct any social media service accessible from Singapore to dam entry to particular kinds of dangerous content material or disallow particular on-line accounts to speak such content material or interact customers within the nation. 

The ministry famous that whereas such providers had made efforts to deal with this difficulty, it was involved that on-line harms continued to prevail and that these have been compounded when amplified on social media.

MCI mentioned in a written parliamentary response this week that governments worldwide additionally have been taking a look at methods to successfully regulate social media providers. 

“As with all types of rules, non-compliance should lead to enforcement actions. MCI has studied related worldwide regulatory fashions and provisions underneath current native legal guidelines. We’ll present particulars of the enforcement framework sooner or later,” the ministry mentioned. 

Numerous measures wanted to mitigate phishing threats

Whereas it mulls over new rules for social media, Singapore has taken extra concrete steps to mitigate dangers stemming from embedded hyperlinks in SMS and different messaging platforms.

The federal government in January mentioned it was reviewing the general public sector’s use of SMS and clickable hyperlinks in interacting with the general public as a part of efforts to fight phishing scams. The transfer got here after SMS-phishing scams involving OCBC Financial institution clients, the place scammers manipulated SMS Sender ID particulars to direct victims to phishing  phishing web sites, resulted in losses of greater than SG$8.5 million. Banks then have been instructed to take away hyperlinks from e-mail or SMS messages despatched to customers.

In its parliamentary response this week, the Good Nation Digital Authorities Group (SNDGG) mentioned it had assessed the usage of hyperlinks by authorities companies and decided that eradicating them in SMS, e-mail or different messaging platforms wouldn’t eradicate the dangers of customers falling prey to phishing makes an attempt.

To higher mitigate such threats, it as an alternative would implement detection and prevention measures on the backend in addition to drive person consciousness on the right way to safeguard towards such scams from perpetuating by way of the usage of hyperlinks. 

Elaborating on the backend measures, SNDGG mentioned the federal government would use solely domains ending with “.gov.sg” when sending SMS messages with hyperlinks. Nonetheless, there have been exceptions the place authorities companies collaborated with different organisations and different web sites could possibly be used. Such websites can be listed on-line so customers may test unfamiliar web sites earlier than interacting with them.

SNDGG added that the Singapore SMS Sender ID Registry was established in March 2022 to dam SMS messages that spoofed the sender IDs of focused entities, together with authorities companies and banks. Thus far, greater than 50 organisations have signed up for the registry, with all authorities companies “progressively onboarding” as effectively. 

The federal government nonetheless was evaluating whether or not it might be essential to require all customers of alphanumeric sender IDs to take part within the registry.

Telcos additionally have been implementing capabilities of their networks to dam rip-off messages and calls, together with robocalls and anybody spoofing numbers of native authorities companies and emergency providers, mentioned SNDGG. It added that the federal government additionally carried out multi-factor authentication–including the usage of biometrics–on SingPass, which residents wanted to entry e-government providers.  

As well as, plans have been underway to launch a WhatsApp channel for the Nationwide Crime Prevention Council within the third quarter.  This is able to allow residents to extra rapidly report suspected scams and allow the federal government to “crowdsource data” and reply to rip-off web sites and messages, SNDGG mentioned. 

It added that IMDA additionally was collaborating with the Singapore Police Drive to establish and block suspected rip-off web sites. Some 12,000 suspected rip-off web sites have been blocked final yr. 

Misconfigurations most important reason behind digital financial institution service disruptions 

Scams apart, errors have been the principle reason behind disruptions to on-line banking providers over the previous yr. 

4 retail banks–Citibank Singapore, DBS Financial institution, OCBC, and United Abroad Financial institution (UOB)–reported eight interruptions to their digital banking providers since July 2021. Largely resolved inside three hours, the incidents affected a median of 12,000 clients, mentioned Tharman Shanmugaratnam, Singapore’s Senior Minister and Minister in Cost of Financial Authority of Singapore (MAS) in his parliamentary response this week.

The longest disruption, lasting 39 hours, concerned DBS in November final yr that later was attributed to a malfunction of the financial institution’s entry management servers.

Whereas one disruption was associated to an outage at a third-party cloud service supplier, Tharman mentioned the banks themselves primarily have been the basis causes of those incidents. The minister pointed to software program misconfigurations, system malfunctions, and errors that have been launched when the banks have been making system modifications. 

MAS required all banks to have the ability to recuperate programs supporting vital banking providers, equivalent to fund transfers and funds, inside 4 hours following any disruption. The full unscheduled downtime for every vital system additionally should not exceed 4 hours inside any 12-month interval.

Tharman mentioned MAS would take supervisory motion when the banks breached these necessities. 

DBS, as an illustration, was instructed to have interaction an unbiased professional to conduct a evaluation of the financial institution’s service disruption, together with the financial institution’s controls and restoration actions and preventive measures for comparable incidents in future. 

DBS additionally needed to rectify all shortcomings recognized from the evaluation and implement measures to make sure any future disruption to its digital banking providers was resolved rapidly and adequately, Tharman mentioned. 

“The latest incidents spotlight the necessity for banks to repeatedly evaluation their IT resilience technique and guarantee that there’s enough redundancy and fault tolerance constructed into their digital banking IT infrastructure,” the minister wrote. “Swift analysis and restoration of programs, coupled with sturdy enterprise continuity administration, are vital in minimising the influence of an IT disruption.”

He added that MAS launched enterprise continuity administration tips that outlined measures monetary establishments ought to make use of to maintain vital enterprise providers and minimise service disruption. With cloud adoption rising the sector’s publicity to third-party dangers, MAS additionally had highlighted such dangers as a key space for monetary establishments to give attention to in each the BCM tips in addition to its know-how threat administration tips.

RELATED COVERAGE