SingHealth cyber attack: Pause on Smart Nation projects lifted; 11 critical sectors told to review untrusted external connections

The Government previously paused the launch of new Smart Nation projects following the cyber attack that compromised the personal data of 1.5 million SingHealth patients. ST PHOTO: SYAMIL SAPARI

SINGAPORE - Eleven critical services sectors have been asked to review connections to untrusted external networks even as the Government lifts the pause on Smart Nation projects imposed after the SingHealth data breach.

These connections include the Internet or unsecured Wi-Fi, which should be removed if there is no business need for them, said the Cyber Security Agency (CSA) on Friday (Aug 3).

It added that those who can justify the need for these connections should ensure better protection, such as by using uni-directional data diodes or secured two-way informational gateways.

A uni-directional gateway is a network appliance allowing data to travel in only one direction, to guarantee information security.

A secured Information exchange gateway is a system designed to enable the flow of information between networks while at the same time protecting an internal domain from both inbound malware threats and outbound leakage of sensitive information. This can be done by a variety of means, such as encryption and content inspection, to protect the network path to the system.

The CSA disclosed this in a joint statement with the Smart Nation and Digital Government Group (SNDGG).

The SNDGG said it has completed its review of the public sector's cyber-security policies and will implement additional protection measures for critical government systems "to strengthen the ability to detect and respond quickly to cyber-security threats".

The review was done following SingHealth's massive data breach disclosed last month that compromised the personal data of 1.5 million of its patients. The breach in June is Singapore's worst cyber attack.

The 11 affected sectors are: government, infocomm, energy, aviation, maritime, land transport, healthcare, banking and finance, water, security and emergency, and media.

The statement said Government systems have implemented "significant measures", including cutting off Internet access on work systems over the past three years to remove "unnecessary external connections with unsecured networks".

"While the Government will continue to review and upgrade its security measures to guard against new threats and strengthen its infrastructure, it is not possible to completely eliminate the risk of cyber-security attacks.

"We should not allow such incidents to hold us back in building a Smart Nation and digital Government. We need to persist in our efforts to harness the potential of the digital age, while building deeper expertise in cyber security so that we can do so confidently," both agencies said in the statement.

Correction note: The story has been updated for clarity.

Join ST's WhatsApp Channel and get the latest news and must-reads.