Public services won't be hit by move to secure systems
Public servants will still be able to respond to citizens' queries and e-services will continue to work as normal
Sign up now: Get ST's newsletters delivered to your inbox
PM Lee, speaking yesterday at the end of a visit to Myanmar, highlighted how cyber security is a problem that Singapore has been trying to tackle since the days of the floppy disks. He said Internet surfing is "the easiest way by which somebody can plant something" into the system, and that people have done so.
PHOTO: LIANHE ZAOBAO
Follow topic:
Government e-services will not be affected and public servants will still be able to respond to queries from citizens.
This was the assurance given by Mr David Koh, chief executive of Singapore's Cyber Security Agency, as he addressed concerns yesterday that such services could be impacted following a decision to delink Web surfing from public servants' work computers from next May.
After The Straits Times reported on Wednesday that 100,000 computers used by the public service will no longer have direct access to the Internet from next May, to keep government e-mail systems and shared documents safe, an online debate ensued, with some asking if such a measure was a step too far.
Civil servants will have to connect to the Web using a separate computer system. They will also be able to surf the Web via personal mobile devices, and non-sensitive e-mail can be forwarded to personal accounts.
Explaining why e-services will continue to work as normal, Mr Koh said: "The transactions go through a secure system to connect to the government networks."
He also spoke at length about why the Internet lockdown is necessary. Singapore is under constant attack by cyber criminals, gangs, "hacktivists" and even state actors. So it is crucial to hive off Internet surfing to other machines that do not have access to the Government's internal networks and systems.
Over the past year, he said, there were 16 attacks against government networks that made it past firewall systems provided by vendors. The malware was eventually detected and extracted with no damage done.
In 2014, there was a security breach of the Ministry of Foreign Affairs' IT system. Steps were taken to isolate the affected devices and the networks were strengthened following the discovery.
There was also a series of attacks in 2009 in the run-up to the Asia- Pacific Economic Cooperation meetings held in Singapore, targeting the organising committee members and delegates.
"As public servants, we have a duty and responsibility to protect the Government's and citizens' information and data," said Mr Koh, adding that the Internet-surfing separation "will significantly reduce the attack surface and make it harder for attackers to exploit our systems".
Prime Minister Lee Hsien Loong, addressing the issue yesterday at the end of a visit to Myanmar, highlighted how cyber security is a problem Singapore has been trying to tackle since the days of the floppy disks in the 1970s.
"I remember in the early days, we scratched our heads because it reached a point where people were having floppy disks, and the floppy disks were getting smaller," he said.
"What do you do? We said, well let's try and control all our floppy disks so none of them disappear. Then, somebody brings one in, takes one out - you don't know what happened. So you say, you must not bring in any floppy disks to work."
But that was very hard to enforce, he added.
Then came thumbdrives, which could easily be placed in pockets, again involving some vulnerability.
The latest challenge is the Internet. "It's very convenient to have it all (e-mail and the Internet) on the same computer," said PM Lee.
But "Internet surfing is the easiest way by which somebody can plant something into your system". He added that people have planted things into the system.
He also noted that the more serious threats will come from outside Singapore, saying: "Within Singapore, if someone is determined to do this, chances are I will be able to find out and I can visit him in real life, and not just in cyberspace."
Infocomm Development Authority (IDA) managing director Jacqueline Poh acknowledged that civil servants may face initial adjustment issues. But IDA, the agency executing the policy, will explore workarounds to keep up productivity, she added.
The move to separate Internet access from work e-mail is increasingly being adopted around the world, said security specialist Sean Duca of Palo Alto Networks Asia-Pacific.
The delinking "has become a common practice by private- and public-sector organisations worldwide to mitigate cyber risks," he said.
