Data security and cyber security remain key risks for Government amid digitalisation push

Parliament's Public Accounts Committee warned that IT-related risks will remain a key concern. ST PHOTO: GAVIN FOO

SINGAPORE - Weaknesses in IT controls across several public agencies were flagged by Parliament's Public Accounts Committee (PAC) on Monday (Feb 8), as it warned that IT-related risks will remain a key concern amid the increasing pace of digitalisation and outsourcing of IT operations in the public sector.

In particular, the Government will have to watch out for data security and cyber security risks, the committee said in its report.

West Coast GRC MP Foo Mee Har, who chairs the PAC, said in a statement: "Given the higher incidence of cyber attacks globally, the committee noted the ongoing efforts to strengthen IT governance, data security, cybersecurity as well as human capital."

"While automation is central to addressing persistent IT lapses, automation alone is not sufficient without the accompanied agencies' leadership attention and third party IT vendors' compliance."

The PAC had highlighted inadequate oversight of the activities carried out using privileged user accounts, and insufficient controls over third party vendors and partners.

For instance, Ngee Ann Polytechnic had only reviewed six out of the 38 actions that could be performed by its privileged database accounts. But since March last year, it had strengthened its processes and monitored 32 out of 38 actions, with six remaining actions assessed to be of lower impact to IT security.

Responding to the PAC on its concerns, the Smart Nation and Digital Government Group (SNDGG) said it has introduced measures to address the lapses.

For example, it has put in place a system that would alert 38 public sector agencies about staff movement and role changes, so that the agencies can manually remove accounts that are no longer needed.

A system to automate the removal process is targeted for completion in December this year.

The SNDGG said it had also taken steps to strengthen organisational structures and processes, and raise awareness of cyber threats, including setting up the Government Data Security Unit to drive and coordinate data security efforts across the public sector.

Join ST's Telegram channel and get the latest breaking news delivered to you.