SINGAPORE: Internet surfing separation “could and should have” been implemented in the public healthcare system, just as it had been done in the public sector, according to Deputy Prime Minister and Coordinating Minister for National Security Teo Chee Hean.
If those steps had been taken, the "cyber kill-chain" for the hacker would have been disrupted and the surface area exposed to the attack would have been reduced, Mr Teo added.
Mr Teo made the remarks in a speech to engineers and leaders from public agencies -including the Land Transport Authority and the Ministry of Defence - as well as representatives from several polytechnics, at thePublic Service Engineering Conference held at the Resorts World Sentosa Convention Centre on Tuesday (Jul 24).
Mr Teo also revealed how the cyberattackers entered the SingHealth Group’s database servers.
He disclosed that front-end devices at SingHealth were capable of thwarting “ordinary, run-of-the-mill” attacks. They had existing antivirus and anti-intrusion software that could keep out “many of such attempts”.
However, the Internet-linked workstations used by thousands of users from the medical and academic community provided a large “attack surface” for the “sophisticated and persistent intruder”, he said.
Mr Teo revealed that the intruders managed to circumvent security barriers in the "intermediate layer that manages and screens user requests from the outer user layer to access IT database servers".
As a result, the attacker was able to gain access into a segment of the database and obtain and exfiltrate the data to overseas servers, Mr Teo said.
Despite the sophistication of the attackers, the system had in place certain measures that limited the extent of the damage, Mr Teo said.
He noted that IT system operators were able to self-discover and report the intrusion. Government cybersecurity specialists were also able to investigate and identify the mode of intrusion to scope and contain the damage, and “check backs” with an overseas network of trusted partner agencies were conducted.
The Government is nevertheless studying if the intrusion could have been detected more quickly and prevented such a large data loss, Mr Teo said.
He also added that the SingHealth incident underscores the importance of reporting IT incidents to the Cyber Security Agency (CSA) and to comprehensive systems logs in the IT system.
Those steps allowed investigations and diagnoses to contain the intrusion, identify the mode of intrusion, the attack vector and cope out the extent of damage, he said.
Technical solutions aside, DPM Teo said that addressing public concerns and confidence to the public and users are also crucial in such incidents.
This must be done “as transparently as possible”. He said that the formation of the Committee of Inquiry demonstrated that the Government was taking the matter seriously.
The speech, which covered wide-ranging topics on "Whole of Nation" engineering and innovation solutions, also saw Mr Teo urge public service engineers to design systems and operate them to “keep out an attack” and detect intrusions in the digital age.
This is especially important as Singapore has seen an almost 10-fold increase in phishing attacks since 2016, and with a recent global surge of security incidents targeting government systems and networks.
He stressed that the SingHealth cyberattack should not hold back the country's Smart Nation and Digital Government ambitions.