IDA further clarify on its posture for the move to block internet access from civil servants’ computers.
The Singapore Government “definitely has not given up” on securing its IT infrastructure from cyberattacks, said Mr Chai Chin Loon, Director of Cyber Security Group at the Infocomm Development Authority of Singapore (IDA), on Thursday (Jan 9).
In fact, the Government is “taking a leap forward” to close off one of the bigger sources of online attacks afflicting governments today – the Internet, explained Mr Chai in an interview with Channel NewsAsia.
His comments follow news that emerged on Wednesday stating that Internet access for civil servants will be hived off from their work computers to dedicated Web-enabled PCs. Officers would still be able to surf the Internet on separate computers or mobile devices – either belonging to the individual or provided by their organisations, according to an IDA circular sent to these employees.
“I would argue that we are not taking a step backward, but adopting a balanced approach” in addressing the increasingly risky online landscape, Mr Chai said.
Elaborating, he said that by practising hardware-based access management, which helps determine the amount of Web access and on which devices, there is a “higher wall” for potential cybercriminals to step through in order to enter Government’s IT infrastructure and steal away important citizens’ data.
The IDA cybersecurity chief said while there are software offerings that offer access management, these are riskier options. “There are inherent weaknesses because of the complexity of the code; I’ve yet to see a piece of software that has no bugs in it,” he explained.
Mr Chai said the decision to hive off Internet access for civil servants is three-pronged: One is that the threat level has reached the point for “drastic actions”.
He cited the example of the 2015 breach of the US Office of Personnel Management, which resulted in the theft of Social Security numbers and other information about current and former government workers, applicants, contractors and spouses of those who underwent background checks for security clearance. The hack affected 22.1 million people, up from the initial 4.2 million when the breach was first reported.
He added that governments are constantly attacked, and for Singapore, “billions of attacks” are detected each year. Furthermore, how-to guides and sophisticated tools to commit hacks are increasingly made available online, which further exacerbates the challenge to secure one’s IT infrastructure.
“These are authoritative data, personal data that were stolen,” said Mr Chai, adding that if this happened in Singapore, “I don’t think we can survive it”.
Secondly, there is an increasing realisation within and outside of the Government that cybersecurity is not a Chief Security Officer or Chief Information Security Officer problem, but one beyond that, said the IDA executive. When a breach on Government IT infrastructure occurs, the commander – in this case, Prime Minister Lee Hsien Loong and the whole chain of command – is responsible for the incident, he said.
Lastly, it is a question of whether there are alternatives for Web surfing for civil servants. Mr Chai said with the proliferation of high-speed Internet and mobile devices, people are no longer constrained by dedicated, Web-enabled PCs. He added that for him, it is his smartphone that acts as his main Web surfing tool.
Mr Chai also took the opportunity to address the impact of the move on citizens, saying they will be “minimally impacted”. “The main impact will be on public servants and their workflow,” he added.
The news of the transition towards separating Internet access for public servants whipped up a frenzy online on Wednesday, with some of the public questioning the decision and wondering how such a move will affect e-Government services and its overall Smart Nation vision.
Prominent online personalities such as Mr Miyagi tweeted: “We’re with you, civil servants of Singapore. Oh wait, you have no internet to read this tweet”, while mrbrown made fun of the news with a picture of a lady searching the library for information and tweeted: “Our civil servants will have the Internet cut off from their computers next year. Because we Smart Nation.”
News also spread beyond Singapore, with news agencies such as the BBC, Quartz, CNN and CNBC reporting on the initiative, while tech news site ZDNet wondered if the move puts the country back into the pre-Internet era.
Channel NewsAsia understands that information about separating Internet access for public servants was prioritised for internal stakeholders, and was never meant for external media consumption, which was why only a “reactive media statement” was issued after news broke on Wednesday.
The statement said “the Government regularly reviews the country’s IT security to make the network more secure”, as well as make mention of the one-year timeline for transition.
What was not communicated was that the circular informing public servants of the transition was only approved on Tuesday, and that the year-long transition also included “change management” initiatives such as agency-led workshops and forums to address questions on processes and other impact that are specific to their line of work.
Additionally, the initial report by The Straits Times “painted the wrong viewpoint” that there will be no more Internet for public servants, said Mr Chai.
He reiterated that the aim is to separate Internet access, and the decision was not made lightly. In fact, the team behind the decision had been “working on it for a number of months” before announcing the initiative, he added.