Singapore can't be a Smart Nation if systems are vulnerable: CSA chief

Singapore can't be a Smart Nation if systems are vulnerable: CSA chief

"As public servants, we have a duty and responsibility to protect the Government and citizens' information and data," says Cyber Security Agency chief executive David Koh.

File of a person browsing the internet

SINGAPORE: From 2015 till today, there have been 16 waves of targeted cyberattacks surfaced to the Cyber Security Agency (CSA), and this is one of the reasons why the Government has decided to separate Internet access for the work computers of public officers.

These 16 attacks had escaped detection of perimeter defences such as firewalls and antivirus software, but were stopped and did no damage. The main modus operandi for these attacks was through phishing emails that were customised with content that the recipient might possibly be interested and that they might click on to activate the malware within, Channel NewsAsia understands.

Restriction of Internet access can thus stop the entry of malware, and the exit of pilfered data - said to be the first and last step for cyberattackers.

"Singapore is under constant attack on the cyber front," said Mr David Koh, chief executive of the CSA. "We are a prime target for cyber criminals, gangs, hacktivists and even state actors."

He added: "As public servants, we have a duty and responsibility to protect the Government and citizens' information and data."

Mr Koh said that it was crucial to prevent breaches, and to raise cyber defences.

"This move of Internet surfing separation will significantly reduce the cyber attack surface and make it harder for attackers to exploit our systems," Mr Koh said.

"Cyber security is a key enabler for Smart Nation. We can't be a Smart Nation that is trusted and resilient if our systems are open and vulnerable," he added.

Meanwhile, other ministries have already taken the lead - for example, the Ministry of Trade of Industry has been on a programme to separate Internet surfing since 2010. Prime Minister Lee Hsien Loong himself has said that he has been part of the programme since the start of the year.

One public servant who has been part of the programme said that while there were initial inconveniences - such as being unable to access URLs from work emails - there are workarounds, such as sending the URL to one's personal email.

The Infocomm Development Agency of Singapore (IDA) also reiterated that public servants will continue to have access to Internet surfing - just that it will not be on the same device used to access the Government's internal networks.

"We are not alone in enacting such policies to safeguard critical Government and citizen data," said IDA managing director Jacqueline Poh. "We acknowledge there will be some initial adjustment issues and are committed to working with our staff to develop alternatives so that they may continue working productively."

Several cyber security professionals voiced their support for the Government's move.

"This is a welcome move towards securing our Government network against information leakages," said Singapore infocomm Technology Federation Security and Governance Chapter Chairperson Tammie Tham. "This is a common practice in defence organisations around the world whereby classified networks are air-gapped. and different machines are assigned and used by users based on data classification."

Association of Banks in Singapore director Ong-Ang Ai Boon said that it "fully supports all efforts to strengthen cyber security and to raise awareness of risks".

Additionally, Mr Sean Duca, vice-president and Chief Security Officer, Asia-Pacific, Palo Alto Networks, said that "taking such proactive measures to protect critical information can help mitigate cyberattacks".

Source: CNA/av