Frequently Asked Questions
This document is intended to answer the most Frequently Asked Questions (FAQs) about SingCERT. The FAQ is a dynamic document that will be updated periodically. Suggestions for additional sections are welcome -- please email them to firstname.lastname@example.org
Section A: Introduction to SingCERT
Section B: Where To Go for Information?
Section C: Incident Response
Section A: Introduction to SingCERT
What is SingCERT ?
The Singapore Computer Emergency Response Team (SingCERT) was set up in October 1997 as a programme of the Infocomm Development Authority of Singapore (IDA), in collaboration with the National University of Singapore (NUS) to facilitate the detection, resolution and prevention of security related incidents on the Internet. In 1999, SingCERT become a wholly IDA owned programme. In April 2015, SingCERT moved over to CSA.
What services does SingCERT provide ?
SingCERT provides technical assistance and coordinates responses to security compromises, identifies trends in hacking activities, and works with other security agencies to resolve computer security incidents. SingCERT also disseminates timely information and alerts on the latest violation security issues to the general public via SingCERT website and SingCERT Mailing List. Companies with interest to learn about general security issues can attend seminars and conferences organised by SingCERT. The general public can also obtain security-related information from our SingCERTs website at https://www.csa.gov.sg/singcert.
How do I contact SingCERT ?
Cyber Security Agency of Singapore
5 Maxwell Road, MND Complex, #03-00, Tower Block, Singapore 069110
Phone: (65) 6323 5052
Operating Hours: Mon-Fri 8:30am-6:00pm (GMT+8)
Please use encryption when sending sensitive information by email to SingCERT. SingCERT's public PGP key is available in the Download PGP Key page or you may email to email@example.com to request it.
Who does SingCERT serve ?
The community for which SingCERT will provide its services to is called its constituency. This would encompass the local IT industry and its users.
Section B: SingCERT's Security Resources
SingCERT maintains a website, www.csa.gov.sg/singcert, to provide security-related information to its constituency.
How to subscribe to SingCERT Mailing List ?
SingCERT maintains a mailing list for those members of its constituency who would like to receive security alerts, virus alerts, cyber security seminars and courses mailed directly to them. If you would like to be added to the SingCERT mailing list, please send email to firstname.lastname@example.org. Please type "SUBSCRIBE" on the subject line. To unsubscribe at anytime, please email to email@example.com. On the subject line, type UNSUBSCRIBE and the exact email address you gave us for the list when you subscribed. After you unsubscribe, all related information will be remove from the SingCERT database.
What presentations, workshops and seminars does SingCERT offer ?
(a) Workshops: SingCERT or CSA staff will also, from time to time, conduct security workshops to share security information and tips with its constituency.
(b) Seminars: SingCERT will organise security conferences or seminars regularly where renowned security experts will be invited to present security related talks or workshops. Information on such seminars can be found at https://www.csa.gov.sg/singcert.
Section C: Incident Response
What kind of incidents do I report to SingCERT ?
If you encountered any of the violation of security policy below, you may contact SingCERT for technical assistance.
1. Unauthorised attempts (either failed or successful) to gain unauthorized access to a system or its data
2. Unwanted disruption or denial of service
3. The unauthorized use of a system for the processing or storage of data
4. Changes to system hardware, firmware, or software characteristics without the owner's knowledge, instruction, or consent
5. email-related security issues
What kind of information should I provide to SingCERT when my site has had an intrusion ?
The organisation or person reporting the incident will need to send an email to SingCERT providing the following information:
1. Contact information including name, email addresses, telephone and fax numbers.
2. Description of the incident including supporting logs and details such as source and targeted IP addresses, time of occurrence, parties involved and other relevant information
We will keep any information specific to your site confidential unless you authorise SingCERT to release that information.
How does SingCERT handle an incident ?
SingCERT will respond to the reported incident by assigning it an incident tracking number together with SingCERT's advices and recommendations. However, due to limited resources and the growing number of incident reports, we may need to prioritise our responses to different incidents depending on its severity and impact on the Internet community. The following type of reports receive the highest priority and are considered emergencies:
1. possible life-threatening activity
2. attacks on the Internet infrastructure, such as:
3. root name servers
4. domain name servers
5. major archive sites
6. network access points (NAPs)
7. widespread automated attacks against Internet sites
8. new types of attacks or new vulnerabilities
SingCERT will not release any information about a site's involvement in an incident without the site owner's permission. In cases where intruder activities are involved, site owners will need to state clearly the law enforcement and other agencies whom they would authorise SingCERT to offer information about their involvement in an incident. SingCERT will sanitise sensitive information, such as targeted IP address, before forwarding any information to any agencies. This will enable SingCERT to put site owners in contact with the relevant agencies quickly.All incidents will be tracked and monitored by SingCERT's duty officer.
Does SingCERT work with other law enforcement agencies to track down the intruders ?
SingCERT is not an investigative or law enforcement agency. We do not investigate or maintain or disclose information about individual intruders, and we do not conduct criminal investigations. Our activities focus on providing technical assistance and facilitating communications in response to computer security incidents involving hosts on the Internet.If the company or user is interested in pursuing any type of investigation such as finding out the identity of the intruder or seeking legal prosecution, you may wish to discuss the activity with your organization's legal officer or contact the Technology Crime Investigation Branch, Singapore Police Force, at 6435 0000. SingCERT does not have legal expertise and cannot offer legal advice or opinions.