Some people can sympathise with the Government's dilemma in having to protect information assets amid Singapore's push towards information and communications technology advancement ("Delinking Net access a necessary evil" by Miss Tan E-Jynn; June 16).
However, the weakness of the wide-ranging move to delink Internet access from most public servants' work computers didn't escape others ("Online access an integral part of work today" by Mr Rajasegaran Ramasamy; June 9).
First, some public servants need Internet access in their course of work, and some don't. Public servants should be better profiled such that only those who don't require the Internet get access delinked from their work computers. This can be done quite easily with today's technologies.
Second, blocking Internet access primarily aims to stop external hackers from coming into the network. But what about rogue users from within the organisation?
Besides planting malware on their computers, insiders can transfer data out of government offices by plugging in their USB keys or taking photos of documents with their camera phones. What is being done to prevent such data leaks?
Options the Government should instead consider are:
- Redesign its network to have different zones of varying security levels, and put in place the right monitoring tools to keep track of activities throughout the network.
- Have proper identity and access management. Internal and external users should be accurately mapped to the information they can access based on their roles and responsibilities.
- Implement strong security policies that are rigorously enforced 24/7.
In the longer term, the Government should establish a task force comprising public and private organisations to find ways to combat cyber threats.
Some companies already work with Nato, Interpol and other government agencies to exchange threat information and repel sophisticated hackers. There are also partnerships with managed security service providers such as Singtel and StarHub to protect organisations here.
Lastly, like other government initiatives, citizens' buy-in is paramount. The Government must take steps to educate the public that it is in their interest to abide by the additional security measures put in place to safeguard their data and privacy.
George Chang
