A few days ago, The Straits Times wrote that public servants’s computers will be cut off from Internet access.
Singapore public servants’ computers to have no Internet access from May next year
All computers used officially by public servants in Singapore will be cut off from the Internet from May next year, in an unprecedented move to tighten security.
A memo is going out to all government agencies, ministries and statutory boards here about the Internet blockade a year from now, The Straits Times has learnt.
This news generated a huge buzz, with many interesting memes from SGAG to ridicule the policy. IDA came out to clarify about facts and myths here. And even PM Lee talked about the necessity of this measure.
I am extremely concerned with the announcement of the policy. First of all, the title from above is extremely misleading. There will be no Internet from the public servants’s work terminal. This does not mean that the public service will have zero access to the Internet. There is no doubt that it has generated inconvenience, but every ministry, stat board and agency affected will be looking for possible solution to minimize the impact from this new measure. Some possible solutions includes allowing Internet surfing through personal devices using the WiFi services provided by the agency, or issuing an extra device just for Internet surfing. So yes, there will be inconvenience, but public servants will still have access to the Internet.
Secondly, mitigation measures to minimize the impact of this new policy should be considered in parallel with the planning of this policy. It seems to me that this policy was rushed to roll out and not given enough thought and debate. Deriving a solution to minimize the impact should be included in the policy, or at worst as strong recommendations, and not left as a problem for individual agency to solve. This policy, which clearly showed that things are not thought through thoroughly, shows the inadequacy of IDA’s planning. Pretty disappointing if you ask me.
Thirdly, the underlying rationale for this move was not conveyed well. The media highlighted the move was inevitable with security in mind. They did not emphasize the real motivation behind the decision to cut off Internet from work terminals. I have mentioned before that the human factor is the weakest link in most security systems. The underlying reason behind this move, I believe, is the lack of cybersecurity awareness in public servants. Public servants who has access to the Internet fall for phishing emails, click baits, unintentionally downloading malware into their work terminals. In worse cases, sending classified information to their personal emails to complete at home. As long as their work terminals, which contains classified information, is connected to the Internet, it provides an access point for attackers. On top of that, the Government Enterprise Network links the public service together. This is why attacking through a single terminal in an agency may give the attacker access to other agencies. Thus, IDA decided to cut the Internet from everyone. This is also the reason why teachers, who fortunately do not use the Government Enterprise Network, are spared from this policy.
Cyber threats are to be taken very seriously, and no effort should be spared in ensuring the security of our systems. However, this does not mean that the efficiency of day to day operations should be compromised. Security experts often have to design security measures while ensuring systems are still able to operate efficiently. For example, if WhatsApp implements a security measure but each message takes 3 minutes to be sent out, I’m sure there will be no more users in a month. At first glance, it seems that this policy will greatly impede the efficiency of the public service. It remains to be seen how they propose to reduce the impact of this.