Security vendors given 6 months to apply for CSA license

Security vendors in Singapore have until October to apply for a license to continue providing such services. According to the Cyber Security Authority (CSA) of Singapore, failure to do so could result in a jail term not exceeding two years, or a fine of up to $50,000.

This licensing framework will cover security vendors that provide penetration testing as well as managed security operations centre (SOC) monitoring services. This will also cover companies and individuals directly providing these services, third-party vendors that support these companies, and resellers of these cybersecurity services.

With this move Singapore based SMBs looking to engage security services in the wake of recent cyberattacks on Singapore companies will have a handy list of companies to refer to.

Max Ng, the Managing Director of Gateway Law, said that the introduction of a licensing regime is a welcome change that will ensure that such cybersecurity services are only provided by reliable firms. This will make it easier for consumers and businesses to identify the appropriate service providers for such services and would help to improve the standards of cybersecurity service providers in Singapore.

The CSA has set up the Cybersecurity Services Regulation Office (CSRO) to administer and manage the licensing framework that they say is meant to help safeguard consumers’ interests, help them find a credible vendor, and improve the services provided by such vendors.

The CSA added that the services were chosen because service providers performing such services can have significant access and control over their clients’ computer systems and sensitive information. Any abuse could cause disruption to a client’s services or impact Singapore’s cybersecurity landscape.

Ng added that the increased need and demand for cybersecurity services has led to many firms offering such services in recent years.

However, consumers and businesses still have to exercise care when choosing to engage such service providers that will deal with their sensitive data and identify vulnerabilities in their systems.

The licence, which is valid for two years, will cost $500 for individuals and $1,000 for businesses. However, to support businesses due to the impact of Covid-19, the CSA said that they would be providing a one-time 50 per cent waiver of the fees for all applications lodged before April 11, 2023.

We reached out to two security firms for comments however they were unable to respond by our time of publishing. We will update this article if they respond. 

This article was first published in Hardware Zone.