Why It Matters

SingPass must be more reliable

The two outages that hit SingPass and CorpPass last Thursday and Friday, which were traced to a server fault, could not have come at a worse time.

Singapore is in the midst of developing its national digital identity (NDI) system, a phone app that will be layered on SingPass.

With more than 3.3 million registered users using SingPass to securely access 57 million e-government transactions, including income tax and Housing Board loan records, reliability is critical. More so with the immediacy of a phone app.

But the outages over the two days dragged on for 10 hours and caused the longest breakdown since SingPass was set up in 2003.

Some Malaysian workers had to return home as their work permit could not be processed. Companies risked fines because they could not file their employees' Central Provident Fund contributions on time.

Experts have raised concerns that the authentication systems are not robust enough and could potentially dent the public's trust in the NDI system, a key Smart Nation project.

The episode will remind users of the government-backed universal security token dubbed OneKey, which has failed to supplant the clutter of tokens issued by individual banks since its launch in 2011. The major banks hereprefer their own in-house technology, citing security and other commercial concerns.

 
 

As critical infrastructure, SingPass and CorpPass must operate like other critical banking or telecommunications systems that deliver essential services.

Processes must be tightened and vendors held responsible for any lapses.

There must be sufficient resilience and redundancy in the NDI system - and, by extension, SingPass - to convince the private sector and the public to use it.

A version of this article appeared in the print edition of The Straits Times on February 15, 2018, with the headline 'SingPass must be more reliable'. Print Edition | Subscribe