Backup plans in place for government websites, says Smart Nation group in wake of global Internet outage
Screenshot of the Singapore Government website.
SINGAPORE: Government websites can restore their services if their content delivery network (CDN) providers fail, the Smart Nation and Digital Government Group (SNDGG) said on Monday evening (Jun 14).
CDN providers typically operate data centres around the world and host copies of organisations' websites on their servers for faster loading of webpages, improving users' web surfing experience.
These providers include cloud-based services like Amazon Web Services, Akamai, Cloudflare and Fastly.
READ: Websites back online after Fastly-linked glitch takes down Internet
The issue grabbed headlines after a Fastly-linked glitch took down thousands of government, news and social media websites across the globe on Jun 8.
High-traffic sites including Reddit, Amazon, CNN, PayPal, Spotify, Al Jazeera Media Network and the New York Times went down, according to outage tracking website Downdetector.com.
The United Kingdom's gov.uk domain was also hit, with users unable to book COVID-19 tests through government websites, according to The Guardian.
Fastly said on Jun 9 that the hour-long outage was caused by a software bug triggered when one of its customers changed their settings.
The outage raised questions about the resilience of the Internet with major websites relying on just a few CDN providers in the world.
In response to queries from CNA, SNDGG said the Government uses various CDN providers that are "globally recognised with proven track records".
They are selected based on factors like network size and distribution, as well as their ability to mitigate security risks, SNDGG said.
"Procedures are in place to restore services for such situations including redirecting traffic to government servers for prolonged outages," a spokesperson said.
HOW PREPARED ARE SINGAPORE GOVERNMENT WEBSITES?
Mr Feixiang He, adversary intelligence research lead at the cybersecurity firm Group-IB, said Singapore government websites have a "healthy level" of disaster recovery capabilities, backed by infrastructure diversification.
For instance, he pointed to how the Ministry of Health's (MOH) public-facing web applications and related infrastructure rely on both local and overseas providers, including Amazon, Google and Genesis Singapore.
"Most servers are located in Singapore, Australia and the US," he added. "It is worth noticing that besides cloud, MOH also hosts various web applications on its on-premises servers.
READ: Fastly blames software bug for major global Internet outage
Mr Jon Ng, Asia-Pacific and Japan head of cloud security engineering at Check Point Software Technologies, "strongly" advised organisations against putting all their eggs in one basket.
"With the Internet becoming an increasingly critical part of business operations, a multi-provider strategy will provide increased resiliency and help protect against provider outages," he said.
Mr Tim Mackey, principal security strategist at the Synopsys Cybersecurity Research Centre, said organisations must be prepared for an outage to happen at any point.
"Contingency planning allows a business to pre-define important elements of a response such as who is in charge, how communication of the incident occurs, and whether additional tasks are required of IT teams to limit the impact of the incident," he said.
A TARGET FOR CYBERATTACKS
This is important as CDN providers represent critical infrastructure that has been targeted by cyber attackers, said Mr Ashutosh Rana, senior security consultant at the Synopsys Software Integrity Group.
"One of the reasons why websites use these providers is because they believe that they have robust security defences," he said.
"While the widespread perception is that they have become too big to fail, if they fail, it will have significant impact. And that makes them a lucrative target for cyber attackers."
READ: Commentary: What if another widespread Internet outage happens?
The fact that organisations are moving their activity onto the cloud has led to a rise in cloud security issues, said Mr Yeo Siang Tiong, Southeast Asia general manager at Kaspersky.
"We’ve seen recently in Singapore where companies in the airlines, telecommunications and furniture industry have been victim of data breaches due to their vendors’ servers being compromised," he said.
According to Kaspersky figures, about 4.5 million cyberthreat incidents in Singapore in the first quarter of this year were caused by servers hosted in Singapore.
"It is clear that threat actors are stepping up their activity, and when we examine the recent flurry of cyberattacks in Singapore against the country’s threat landscape, we expect supply chain attacks to feature more prominently," Mr Yeo added.
Mr He said CDN providers face two major risks: distributed denial-of-service (DDoS) and supply chain attacks.
A DDoS attack involves an attempt to disrupt the normal traffic of a targeted server, service or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic.
A supply chain attack happens when hackers slip malicious code into a provider's software or hardware. By compromising a single supplier, hackers can distribute this malicious code across an entire supply chain.
READ: ‘No indication’ that SolarWinds hack adversely affected Singapore, says Iswaran
This was seen in last year's SolarWinds attack, when Russian hackers gained access to computer systems belonging to multiple US government departments by compromising the infrastructure of SolarWinds, a company that produces a network and applications monitoring platform.
These examples mean CDN providers have an "enormous" responsibility to ensure a high level of cybersecurity through regular audits and penetration tests, Mr He said.
"Such activities as red teaming, in which real-life attacks with the use of present-day instruments are simulated, can test how a company will defend against cybersecurity incidents," he added.
To improve the resiliency of government websites, SNDGG said it requires agencies to protect their Internet-facing websites, including supporting infrastructure, against DDoS attacks.
"For more critical websites, especially those that are required to perform high volume and time-sensitive transactions, we mitigate information and communications technology risks by ensuring that the systems have high resiliency designs," the spokesperson said.
WHY SO FEW CDN PROVIDERS?
Given the critical nature of CDN operations, some have questioned why there were so few such providers in the world.
This is because implementing scalable and resilient data centres is "incredibly expensive", said Mr Mackey.
"Teams at major providers like Akamai, Cloudflare and Fastly have created operational run books and automation to detect potential attacks which limit the scope of damage should anything go awry," he said.
"This skill level is one reason why outages at cloud providers are sufficiently rare as to be worthy of media coverage."
Mr Jonathan Knudsen, senior security strategist at the Synopsys Software Integrity Group, said it is "perhaps surprising" that widespread Internet failures are not more common given the amount of traffic flowing through every second.
"It is just a fact of life that the world has concentrated on a few large cloud providers," he added.
"The important thing is that they take security seriously and adjust their processes and policies in response to outages or security incidents."
