topic Re: Cyber-security service providers must apply for a licence by Oct 11 - Singapore in Industry News

Cyber-security service providers must apply for a licence by Oct 11 - Singapore

Caute_cautim — Mon, 09 Oct 2023 10:09:28 GMT

Hi All

Well Singapore is stepping up and now licensing security service providers. A good idea or not?

What is your feelings and thoughts about this?

https://www.straitstimes.com/tech/tech-news/cyber-security-service-providers-must-apply-for-a-licence-by-oct-11

Regards

Caute_Cautim

Re: Cyber-security service providers must apply for a licence by Oct 11 - Singapore

CraginS — Thu, 14 Apr 2022 12:29:16 GMT

In the U.S. government licensing of professionals is justified by claiming the license process will have procedures to ensure the confirmed capability and responsibility of the licensed individuals. Think physicians, lawyers, and professional engineers (P.E.). However, in a great many cases, the push for licensing comes from trade organizations that are in reality moves to restrict access to the market, preserving a limite4d competition pool to the benefit of the "professionals" already in the business. ThInk licensing of hair braiders, florists, and interior designers (yes, those are all real). As for licensing of cybersecurity professionals, in one egregious case some years ago, one state in the US decreed that inforshc professionals working in forensic computer analysis had to hold licenses as private investigators. But he PI license was only available to retired law enforcement officers!

In general I am opposed to licensing of cybersecurity workers or companies, due to the abuse of free market entry so prevalent as described above. However, I am fine with establishing clear responsibilities for work int eh field.

Re: Cyber-security service providers must apply for a licence by Oct 11 - Singapore

JKWiniger — Thu, 14 Apr 2022 14:28:02 GMT

@CraginS You make some interesting points, and so that is what happened with the state licensing. I had heard about it when it was going on but don't think I ever heard what happened to it int he end.

It's a hard topic for the reasons you have mentioned and I guess a lot would come down to the exact details behind it. While I can't understand a hair braider or a florist needing to be licensed I can understand a doctor or electrician. But then again at the same time we have people who have come to the US from other countries and even though they did the same work they don't qualify for a license in the US.

When I think of a security license I think of something that would provide repercussions against people cutting corners and not doing their basic due diligence. How many issues happen because of patches not applied or things being misconfigured? But on the other hand and you mentioned what a license should be and what it could be abused to be for are two very different things.

John-

Re: Cyber-security service providers must apply for a licence by Oct 11 - Singapore

denbesten — Thu, 14 Apr 2022 20:03:57 GMT

@JKWiniger wrote:
How many issues happen because of patches not applied or things being misconfigured?

Presuming your focus is more on life-safety than economic impact. A few publicly known examples:

Bad actors increased lye to toxic levels at the Oldsmar, Florida water treatment plant
Baltimore emergency call center computer-aided-dispatch successfully attacked due to firewall misconfiguration.
Diminished care due to electronic medical records being ransomwared, resulting in an infant death.
Woman's death due to delayed treatment when Emergency Department closed due to cyberattack
Ethical Hackers take control of a Jeep Cherokee.

Life-safety has long been a huge concern with computer controlled manufacturing equipment. Oftentimes, the "is it safe to start a cycle" decision is complicated enough to require a computer. Defending that computer is an absolute prerequisite to protecting the equipment operator from loss of life or limb.