Some agencies delinked ahead of deadline

Amid heightened cyberthreats, a "handful" of government agencies have delinked public servants' work computers from the Internet two months ahead of the deadline, said a government spokesman.

The rest of the 90 agencies are in the midst of complying with the cyber security measure, which takes full effect across the public sector in May, affecting all 143,000 civil servants.

They will need to surf the Web on separately issued laptops, or on personal mobile phones or tablets.

"We are making good progress towards the completion of Internet-surfing separation in May," a spokesman for the Government Technology Agency (GovTech), which is coordinating the move, told The Straits Times.

GovTech, the Inland Revenue Authority of Singapore (Iras), national water agency PUB and the Personal Data Protection Commission (PDPC) are among the first agencies to complete the Internet separation measure ahead of the deadline.

Employees who need to access the Internet for work - such as those in corporate communications, human resources and research roles - have been issued separate Internet devices such as Chromebooks.

The Straits Times understands that officers manning hotlines such as those at Iras and PDPC may need to guide callers through the e-services on government websites.

Clicking on such Web links can be done only on separate workstations meant for Internet surfing.

So the officers need to switch between two screens - one that allows them to access citizens' personal data and another for Web surfing - when handling public queries.

Ms Cheryl Tan, Iras' principal human resources officer, said: "We recognise the increasing threats that government agencies face. Our key concern is to ensure that the information we hold is kept confidential."

Ms Margaret Tan, PDPC's assistant director of facilitation and mediation, said: "We were initially worried that the change would affect our day-to-day work, especially since my department is public-facing."

She noted, however, that sufficient resources were given to allow PDPC officers to browse the Internet for work.

She shares an Internet workstation with two colleagues, and has sent an Excel file of all commonly referenced website addresses to her work e-mail account in her work computer, so she does not need to manually type them when replying to e-mail queries from the public.

Social media researchers at some government agencies have been issued three laptops - one for work e-mail, one for posting on government social media pages, and one for general Web surfing and research.

Earlier this year, GovTech awarded 10 companies with a tender to supply an undisclosed number of Internet-surfing and storage devices to all government agencies.

The aim is to create an "air gap" between the Web and government systems, so that malware will not find its way into critical IT systems.

The measure also means highly classified e-mail and files will not end up in unsecured Internet devices.

This comes as Singapore sees determined cyber attacks on its IT systems, one of which resulted in a recent data breach at the Ministry of Defence (Mindef).

The theft, discovered last month, of the personal data of 850 national servicemen and Mindef staff was said to be the work of hackers who exploited a vulnerability in a Mindef server.

No classified information was stolen because Mindef had already delinked classified systems from the Internet.

Check Point Software Technologies chief strategist Tony Jarvis said: "Multi-layered security is the best strategy in preventing breaches. Internet separation serves to limit the spread of the threat once it has broken through other controls."

This article was first published on March 15, 2017.
Get The New Paper for more stories.