Shielding govt websites in cyber attacks

Shielding govt websites in cyber attacks

SINGAPORE - A consortium has won a multimillion-dollar bulk tender to tighten Singapore's defence against attacks that aim to disable government websites.

Sources said the two-year contract is worth about $15 million, and one of the requirements is that the government websites remain fully accessible and available to the public even when attacks are taking place.

The consortium comprises telecommunications firms BT and SingTel, consultants Deloitte & Touche, Singapore-based security specialist CHJ Technologies and mobile technologies supplier Evvo Labs, also based in Singapore.

Keeping a site accessible during attacks is done by providing Distributed Denial of Service (DDoS) mitigation services.

DDoS attacks work by having thousands of infected computers accessing and overwhelming a targeted site, causing a huge spike in traffic.

DDoS mitigation is a set of techniques that differentiate genuine incoming traffic from that sent by hijacked, infected browsers, so that services to genuine users will not be denied.

The tender follows last November's attempts to bring down government websites, and the defacement of the Prime Minister's Office (PMO) and Istana webpages.

An Infocomm Development Authority spokesman told The Straits Times that cyber threats have been increasing in magnitude and sophistication in recent years.

"DDoS attacks are among the top 10 threats in the current cyber-threat landscape, targeting both businesses and (the) Government," said the spokesman.

This is why it called for a bulk tender on behalf of government ministries and departments, statutory boards, organs of state and universities.

Last Nov 5, many government websites - including those that process important transactions - encountered unusual spikes in traffic as hackers sought to bring them down through DDoS attacks. But the attempts did not result in any identity thefts.

The PMO and Istana webpage attacks were caused by hackers exploiting a vulnerability known as "cross-site scripting", created when the Google search bar was not properly installed.

This vulnerability and others are addressed in the tender, which instructs contractors to provide Web application firewalls to block hackers from exploiting such vulnerabilities.

The contractors will also work with the Government's Cyber-Watch Centre - set up in 2007 to monitor critical public-sector IT installations round the clock - to counter any threat. The centre is managed by locally-based security services provider e-Cop.

itham@sph.com.sg


This article was first published on October 6, 2014.
Get a copy of The Straits Times or go to straitstimes.com for more stories.

This website is best viewed using the latest versions of web browsers.