MOE raising schools' Web defences

Nanyang Girls’ High school students learning with the help of iPads in 2011.
Nanyang Girls’ High school students learning with the help of iPads in 2011. PHOTO: ST FILE

It is hiring a supplier to monitor webpages for breaches and conduct integrity checks

Schools are taking steps to beef up security on their websites with a new service that detects breaches.

The move comes in the wake of new measures by the Government to plug cyber defence gaps, after several website hacking incidents in the past two years.

In tender documents put up this year, the Ministry of Education (MOE) said it was looking for a Web defacement monitoring service for schools. Website defacement is an attack that changes the visual appearance of a site.


ST ILLUSTRATION: ADAM LEE

The supplier will be required to monitor the main pages of 358 school websites for any breaches for a year. It will conduct integrity checks, meant to detect any changes made to the websites, by comparing the current and previous states of files. It will also provide SMS alerts to webmasters if there is Web defacement or any unauthorised change. It will be able to gather information such as the affected website link, the time of detection and details about the intrusion.

The Straits Times understands that one firm was awarded the $24,150 tender earlier this month, although the MOE declined to comment when asked.

In the past few years, there have been attempts to bring down government websites, such as the Prime Minister's Office (PMO) and Istana's webpages in 2013. That year, the websites of 13 schools were defaced.

More recently, Credit Bureau Singapore halted its online credit-report purchase service after hackers broke into its website this year and superimposed an image on the home page.

The Government has since set up the Cyber Security Agency of Singapore, under the PMO. It oversees the cyber security of 10 critical sectors, including power, transport and telecommunications.

Cyber-security experts said that there has been a heightened awareness of cyber defence among organisations in the last few years.

Mr Matthias Chin, the founder of Banff Cyber Technologies, a local cyber-security firm, said: "In the past, it was more about preventing attacks, but recently there is more emphasis on detecting intrusions."

His firm launched a defacement monitoring and alert service three years ago, and now supplies it to about 30 companies in Singapore, Australia and the Philippines. These include government agencies, banks, telcos and higher education institutions in Singapore.

"A defaced website attracts unnecessary attention and embarrassment for the organisation, and its Web reputation can be affected," said Mr Chin. "A tracking service is a proactive measure so that the school will be the first to know, in the event of any defacement, and can fix the page before the world gets to see it."

Mr Aloysius Cheang, Asia-Pacific managing director of global computing security association Cloud Security Alliance, said the service is timely as schools rely on IT for various tasks these days, such as updating parents and online learning.

"It is possible for hackers to break into these pages if they are not properly secured. If that happens, information on students, teachers and parents could be stolen or leaked, like what happened with K Box last year." Hackers had leaked the personal details of more than 317,000 customers of the karaoke company in September last year.

A version of this article appeared in the print edition of The Straits Times on October 23, 2015, with the headline 'MOE raising schools' Web defences'. Print Edition | Subscribe