In response to the recent IT outage caused by a software update from CrowdStrike, Singapore has formed a task force to assess the incident’s impact and explore potential measures to enhance the country’s digital resilience. Minister for Digital Development and Information, Josephine Teo, announced this initiative in Parliament on August 7.

Teo acknowledged that while IT outages are not uncommon, the extent of disruption caused by what should have been a routine software update remains unclear. The task force, established by the Ministry of Digital Development and Information, will collaborate with relevant partners to gain insights into the incident and determine if additional measures are necessary to bolster Singapore’s resilience against future disruptions.

Last month, a software update from CrowdStrike resulted in a global tech outage, severely affecting businesses utilizing Microsoft Windows-based systems. In Singapore, companies such as Singapore Airlines, Singtel, and Singapore Post reported disruptions in various services, with effects felt at Changi Airport and certain Housing and Development Board (HDB) car parks.

Despite these challenges, Teo assured that government services and essential operations remained largely unaffected. For most businesses impacted, disruptions primarily affected internal staff, with customer service interruptions occurring only in a “minority of cases.” During the outage, business continuity plans were activated, allowing airlines to manually conduct ticketing and check-ins.

Teo highlighted that the Singapore Cyber Emergency Response Team quickly issued an advisory to guide affected system administrators and users on how to recover their systems manually. She noted that most affected IT systems resumed normal operations within a day.

The minister emphasized that not all disruptions can be entirely prevented, stating, “System owners should therefore have plans in place to help them recover quickly from unexpected disturbances.” The government takes a risk-based approach to ensure critical systems and essential services maintain resilience by implementing stringent requirements and robust business continuity, disaster recovery, and incident response plans.

In response to queries from People’s Action Party MP Alex Yam and Workers’ Party MP Gerald Giam about potential mandatory requirements for businesses, Teo expressed caution about imposing compulsory measures. She stated that mandating specific actions might diminish the sense of ownership among IT systems’ owners.

While acknowledging the importance of maintaining certain mandatory measures, she stressed that in most instances, it is crucial for system owners to take responsibility for their IT resilience. Teo further noted that public service systems must include redundancies for hardware and software components to ensure seamless operation during disruptions.

Regarding concerns about supply chain risks in digital infrastructure, Teo reassured that the Cybersecurity Act addresses these issues through a comprehensive threat and risk assessment for critical information infrastructures. This includes a requirement for diversity in defenses against cyber threats, ensuring that software systems remain interoperable to enhance resilience.