Frequently Asked Questions
The Singapore Cyber Emergency Response Team (SingCERT), under the Cyber Security Agency of Singapore (CSA), facilitates the detection, resolution and prevention of cybersecurity incidents for the Singapore constituency. SingCERT achieves these objectives by:
The Singapore Cyber Emergency Response Team (SingCERT), is the national CERT in Singapore. It is the point of contact with members of the public, private businesses and international CERTs around the world. SingCERT was set up in October 1997 as a programme of the then Infocomm Development Authority of Singapore (IDA), in collaboration with the National University of Singapore, to facilitate the detection, resolution and prevention of security-related incidents on the Internet. In 1999, SingCERT become a wholly IDA-owned programme.
With the formation of the Cyber Security Agency of Singapore (CSA) in 2015 as the national body providing dedicated and centralised oversight of national cybersecurity functions, SingCERT moved over to CSA.
SingCERT is not an investigative or law enforcement agency. SingCERT does not investigate, maintain or disclose information about individual cyber-attackers or conduct criminal investigations.
Our activities focus on providing technical assistance and facilitating communications in response to computer security incidents.
If the company or user is interested in pursuing any form of investigation such as finding out the identity of the intruder or seeking legal prosecution, you may wish to contact the Technology Crime Investigation Branch, Singapore Police Force, at 6435 0000 or discuss it with your organisation's legal officer.
SingCERT does not have the legal expertise and cannot offer legal advice.
The organisation or person reporting the incident should provide the following information:
We will keep any information specific to your site confidential unless you authorise SingCERT to release that information.
SingCERT will act as a conduit to coordinate between the Informer and the System Owner(s). Where necessary and appropriate, SingCERT may put the Informer and the System Owner(s) directly in touch, or provide the Informer’s name and contact details to the System Owner(s).
SingCERT recommends that Informers work with System Owner(s) to resolve any validated vulnerability within generally 90 days to allow time for System Owner(s) to remediate the vulnerability. Informers may also work with System Owner(s) on any timeline that is agreed upon between them.
System Owner(s) should assess and verify the information regarding the suspected vulnerability, including the potential impact of exploitation. System Owner(s) should also contact the Informer if more information is required, and work with the Informer in providing a simultaneous public disclosure, if appropriate.
If the suspected vulnerability is verified, System Owner(s) should work towards developing a patch or any other mitigation measures, and ensure that product/service users are aware of the vulnerability and the appropriate mitigation measures.
We also request that System Owner(s) update SingCERT and the Informer of its assessment, findings and status on the response to the vulnerability.
The VDP contains a list of illustrative, non-exhaustive examples of actions that Informers should not take as part of their vulnerability assessment process (see para 3 of the responsible disclosure guidelines). If there is evidence that the Informer may have taken actions such as those listed, System Owner(s) may wish to report the findings to the relevant authorities for their investigations.