SingHealth cyberattack a ‘harsh reminder’ to redouble cybersecurity efforts: PM Lee

SingHealth cyberattack a ‘harsh reminder’ to redouble cybersecurity efforts: PM Lee

Prime Minister Lee Hsien Loong said the public sector will need to beef up its tech capabilities and strengthen its cyber defences at the Government Technology Agency’s first developer conference on Tuesday (Oct 2). Afifah Ariffin reports.

SINGAPORE: With the recent cyberattack on SingHealth’s database being a “harsh reminder”, Prime Minister Lee Hsien Loong said the Government is doubling down on beefing up its cyber defences while it continues on a digital transformation as part of the Smart Nation push. 

In what was described as the "most serious breach of personal data” in Singapore’s history, 1.5 million SingHealth patients’ records were accessed and copied earlier this year, with Mr Lee being among those affected. The Committee of Inquiry’s (COI) public hearings on the cyberattack are ongoing. 

READ: Commentary: Assume all organisations will be hit by cyberattacks at some point

Speaking at the Government Technology Agency’s (GovTech) first developer conference on Tuesday (Oct 2), Mr Lee said cybersecurity is a “vital prerequisite” for the country to benefit from new technology and a more connected world. 

“(The SingHealth cyberattack) was a harsh reminder that cyberspace is not a benign environment, and we have to do much better in keeping our IT systems and data safe and secure,” he added. 

While the attacker was “sophisticated, well-resourced, and determined”, the incident also revealed internal weaknesses and lapses in Singapore’s IT systems and organisations, which have to be improved. 

“We have to improve and put these right. We have to train up our people, institute robust processes, inculcate the right mindsets, and enforce accountability,” he said.

READ: SingHealth COI hearing: Former IHiS CEO dismissed staff for ethical breach, didn’t probe alleged vulnerability

Mr Lee added that cybersecurity is a “long and unending journey” as the country’s cyber defences “will never be absolutely impregnable” against such attacks. 

As such, redoubling of cybersecurity efforts will have to “continually strike the right balance between security and usability”. 

BUILDING A LEAN, AGILE DIGITAL GOVERNMENT

In his welcome address, Mr Lee also spoke at length on how the Government is re-engineering itself in line with the Smart Nation initiative.

One of its efforts include transforming how government software and applications are developed with the building of the Singapore Government Technology Stack (SGTS) – a suite of common software components used in application development. 

Comprising three standardised layers between the data and the application, the SGTS will help to deliver better public services faster and at lower costs through reusable software, said Mr Lee.

READ: Commentary: The way companies look to fend off cyberattacks needs a rethink

“First, common hosting platforms, similar to Amazon Web Services, so that all the agencies use the same set of tools and the same programming language. Second, shared middleware, such as centralised API gateways, and an automated solution for testing of web and mobile applications. And third, a library of commonly used micro-services, such as payment and authentication, so application developers can just plug and play,” he elaborated. 

Citing the wide array of Government websites that have varying quality as an example, Mr Lee said that instead of having every agency build their own website at great expense and often repeating the same coding errors and bugs, better efficiency and results can be achieved by reusing technologies. 

There can also be a central system that agencies can adapt for their use, rather than allowing every regulatory agency have its own online licensing processes or web forms, he said. 

“Forms can be pre-filled with information, and users then do not need to repeatedly give Government data that we already have,” he said, referring to the MyInfo platform launched in 2016.

The Government is also planning to migrate some of its systems onto the cloud as it revamps its existing IT infrastructure to take maximum advantage of cloud technology. 

On that, Mr Lee said a preliminary study has been done and concluded that many Government systems can exist in the commercial cloud. 

“Over the next few years, we will begin to migrate some systems onto the cloud, gain experience in this new mode of operation, and take bolder steps in light of what we learn.”

There are many benefits of doing so and with companies requiring stringent security and privacy requirements, such as banks, already using the cloud extensively, Mr Lee said “the question for the Government is not whether we do it, but to what extent we can use the cloud, and how we can overcome the problems and minimise the risks”. 

The Government will have to, for instance, decide which systems can use commercial cloud services.

For those that cannot be migrated, a Government cloud will have to be designed and built so that these systems can tap into benefits, such as efficiencies and economies of scale. 

Taken together, the SGTS, cloud and data will help the re-engineering of the Government’s digital infrastructure. 

“This will form the dev-ops and digital environment for in-house engineers and users, and will also enable greater collaboration and exchange with the private sector,” said Mr Lee.

DEVELOPING IT CAPABILITY 

Beyond that, the Government also needs to develop IT capability in all of its ministries and agencies. 

This comes as IT “can no longer be an afterthought or add-on that is grafted onto the organisation”, said Mr Lee. 

“It must be intrinsically of what we do,” he added, while stressing that agencies “cannot be totally dependent on, and hence at the mercy of, outside consultants”.

To do so will require expertise and talent at all levels. This includes forming teams with deep technical skills, such as cloud solution architects and cybersecurity specialists, as well as recruiting senior engineering leaders and tech-savvy top leadership in the public service. 

"Substantial changes" have recently been made to salary schemes to pay officers “competitively”, with further adjustments to come, said Mr Lee. But while remuneration is important, the formation of a strong engineering culture also counts in attracting talent.

“If we are successful, we will be able to attract and recruit engineers of the calibre that companies like Google, Netflix, Dropbox, Slack, and Gojek hire, whether fresh out of the university or already mid-career.

“We want talented IT professionals to consider us, just as seriously as any of one of these companies,” he said. 

To be sure, there has been some progress made, with GovTech Hive, the Government's innovation lab for digital services, now having a team of close to 300 talented engineers.

Source: CNA/sk(mn)

Bookmark