'Correct move' for Govt to beef up security: Expert

It is the correct and natural response for any government to take steps to beef up its cyber security if it has been threatened, says an expert commenting on the Infocomm Development Authority's explanation that the extended downtime on some governme
It is the correct and natural response for any government to take steps to beef up its cyber security if it has been threatened, says an expert commenting on the Infocomm Development Authority's explanation that the extended downtime on some government websites on Nov 2, 2013, was because of a technical glitch. -- ST FILE PHOTO: ARTHUR LEE CH 

Government sites are complex and can be more difficult to patch: Expert

It is the correct and natural response for any government to take steps to beef up its cyber security if it has been threatened.

Commenting on the Infocomm Development Authority's explanation that the extended downtime on some government websites last Saturday was because of a technical glitch, and not a hack, security expert Shirley Wong said government sites are complex and can be more difficult to patch.

She noted that it would have been obvious had it been the work of hackers instead.

"It was clear it was not an attack by hackers. If it were, they would have proudly proclaimed it" said Madam Wong, the co-chairman of Cyber Security Awareness Alliance.

But she warned that vigilance must continue. "Nobody can guarantee we cannot be hacked."

Security experts said there are different types of cyber attacks that can happen.

Over the past three years, global hacking group Anonymous has been known primarily for DDoS attacks, short for distributed denial of service.

Put simply, the attacker creates a network using thousands of infected computers worldwide, which are then made to overwhelm the targeted site with a huge spike in traffic it is not designed to handle.

While such attacks may cause inconveniences for users, they do not usually result in a loss of data or information.

"Generally speaking, DDoS attacks do not affect the integrity of the core system," said Mr John Ellis, Akamai Technologies' director of enterprise security for Asia-Pacific and Japan.

Defacement of websites on the other hand can pose a more serious risk, said Mr Ginnwann Teo of security firm CheckPoint Software Technologies.

Since a server's configuration had to be altered to access a website, data loss is possible, said Mr Teo.

Experts said it will take more than one hacker to bring down a country's infrastructure - a threat made last week by someone who claimed to be part of the Anonymous group.

He demanded that the Government reconsider the regulations of the licensing framework for news sites.

"Whether they are capable of taking them down will depend on whether the mitigation tools like firewalls have been put in place to respond to the threats," said Mr Patrick Koh, network security architect of Fortinet.

derrickh@sph.com.sg