Why wasn't cyber security strategy to cut Internet rolled out?

While the Committee of Inquiry's (COI) report into the SingHealth data breach gives several reasons for Internet surfing separation (ISS) not being implemented, it says next to nothing on why such an important defence strategy, which the Government announced several years ago was not rolled out, even in phases (IHiS, SingHealth fined $1m; new cyber security steps taken; Jan 16).

The COI's report stated that prior to July 20 last year, malicious activities were still present in SingHealth's IT system, even after the implementation of preventive measures.

But after ISS was implemented on July 20, malicious activities visibly disappeared.

According to the COI's report, the Ministry of Health's (MOH) chief data adviser, Associate Professor James Yip, said that implementing ISS was not straightforward and would require the tackling of many challenges. There would also be productivity issues to deal with, such as constraints in research, education and innovation.

But after sufficient consultation with industry practitioners, employees and stakeholders, wouldn't a Goldilocks approach have been appropriate instead of waiting?

Most importantly, would implementing ISS affect or endanger patients' lives?

If not, then operational efficiency such as waiting times and queue management could have been calibrated with phased or test-bed deployment.

Why did the Health Ministry not take this approach?

Tan Kar Quan

A version of this article appeared in the print edition of The Straits Times on January 19, 2019, with the headline 'Why wasn't cyber security strategy to cut Internet rolled out?'. Print Edition | Subscribe