Thursday 9 June 2016

No Internet for Singapore public servants from May 2017

PM Lee Hsien Loong: Security concerns behind move to delink Net access
Separate computers for civil servants to access Web necessary for security, he says
By Charissa Yong, In Yangon and Irene Tham, Tech Editor, The Straits Times, 10 Jun 2016

The Government's move to delink computers used by civil servants from direct access to the Internet is "absolutely necessary" to keep government data and public services secure, said Prime Minister Lee Hsien Loong yesterday.

When the move takes effect next May, civil servants can still access the Web via separate government computers dedicated to that purpose, or use their personal mobile devices. There may be some inconvenience in day-to-day operations, PM Lee noted.

However, Singapore has seen very determined cyber attacks on its IT systems in the past few years and these threats are taken "very, very" seriously, he told reporters in Yangon on the final day of his three-day official visit to Myanmar.

With the threats becoming more severe and sophisticated and the Government relying increasingly on its computer systems, he said it was time to introduce measures that require public servants to use separate computers for work e-mail and Internet access.

"Otherwise, one day you find all your NRIC numbers, addresses and income tax returns for sale on the Internet... how will the Government explain?"



He said he had been using separate computers since the start of the year and found that "it's inconvenient but it's doable".

His explanation of the reasons for the move stems from a Straits Times report on Wednesday that 100,000 public service computers will not have Net access from next May.

He said: "I read the newspaper reports; it was front page news. I was surprised. Then I saw some of the reactions. People got quite excited.

"Maybe we didn't explain it enough. But it's not to do with being liberal or not being liberal. It's about being safe and secure, and doing what is necessary."

Under the new move, Web surfing will be allowed only on an employee's personal mobile devices or specially dedicated terminals. Schools, however, will be exempted, the Infocomm Development Authority said yesterday.

Following the ST report, people have raised concerns that government e-services would be affected and public servants would not be able to respond quickly to queries from citizens.

To allay the fears, Singapore's Cyber Security Agency chief executive David Koh stressed that civil servants will continue to have access to e-mail and the Web. Government e-transactions already go through a secure system, he added.

He said that, in the past year, 16 attacks on government networks made it past the firewall systems provided by vendors. But there was no damage because the malware was detected and destroyed.

"We can't be a Smart Nation that is trusted and resilient if our systems are open and vulnerable," he added.

PM Lee said the Government had grappled with the problem of infiltration for years and has put off the solution for "as long as possible".

"We've had intrusions... So far we think the damage done or the information stolen has not been disastrous. But we cannot be sure that that will not happen."

He noted that it was a "nuisance" to work with two separate systems, but security experts convinced him it was "a very, very serious matter".

"Are we happy? I don't think so, because it will slow us down in terms of day-to-day productivity. In terms of security, safety of our systems, safety of our citizens and information concerning them, it's absolutely necessary."

Teachers, including lecturers at tertiary institutions, will not be affected by the new move.

PM Lee said: "If your school page with your school anthem gets defaced, well, it's a nuisance but it's not the end of the world. So if the schools are on a different system... it's okay, but the government part must have a secure system to work."








PM LEE ON...

THE RISKS

We've had intrusions we know, we've reported some of them publicly, serious ones. So far, we think that the damage which has been done or the information which has been stolen has not been disastrous. But we cannot be sure that will not happen. In fact, you can be pretty sure that if you have a big system, something in there is not quite right, and somewhere in that part, somebody has discovered it and may well have taken advantage of it.


THE INTERNET'S VULNERABILITY

It's very convenient to have it all on the same computer. You work, you surf, you see something relevant, you respond straightaway, copy it into an e-mail you can deal with it, or somebody sends you a link - you click on the link straightaway you can watch the YouTube video or the article. It's part of working. And yet it's a vulnerability. Because Internet surfing is the easiest way by which somebody can plant something into your system; by which way people have planted things into our system.


FINDING A SOLUTION

So what do we do? So the security people have been recommending to us, cut off. Have an e-mail system, closed; have the Internet-facing system separate. E-mails can come in, e-mails can go out, but the e-mails are all scanned. Other than e-mail, surfing off. I said, 'Do you really want to do this? It's such a nuisance to work.' But what to do? They convinced me this was a very, very serious matter. The public may not know and you don't always go around telling the public how vulnerable you are but, in fact, you are vulnerable. ''


THE MOVE TO SPLIT INTERNET ACCESS FROM WORK E-MAIL

Are we happy? I don't think so, because it will slow us down in terms of day-to-day productivity. In terms of security, safety of our systems, safety of our citizens and information concerning them - it's absolutely necessary. Otherwise one day you find all your NRIC numbers, addresses and income tax returns for sale on the Internet, one package 10 gigabytes. How will the Government explain?



A RESPONSIBLE STEP

We can't be a Smart Nation that is trusted and resilient if our systems are open and vulnerable. As public servants, we have a duty and responsibility to protect the Government'sand citizens' information and data. This move of Internet surfing separation will significantly reduce the attack surface and make it harder for attackers to exploit our systems.

- MR DAVID KOH, chief executive of Singapore's Cyber Security Agency










Public services won't be hit by move to secure systems
Public servants will still be able to respond to citizens' queries and e-services will continue to work as normal
By Irene Tham, Tech Editor, The Straits Times, 10 Jun 2016

Government e-services will not be affected and public servants will still be able to respond to queries from citizens.

This was the assurance given by Mr David Koh, chief executive of Singapore's Cyber Security Agency, as he addressed concerns yesterday that such services could be impacted following a decision to delink Web surfing from public servants' work computers from next May.

After The Straits Times reported on Wednesday that 100,000 computers used by the public service will no longer have direct access to the Internet from next May, to keep government e-mail systems and shared documents safe, an online debate ensued, with some asking if such a measure was a step too far.

Civil servants will have to connect to the Web using a separate computer system. They will also be able to surf the Web via personal mobile devices, and non-sensitive e-mail can be forwarded to personal accounts.

Explaining why e-services will continue to work as normal, Mr Koh said: "The transactions go through a secure system to connect to the government networks."

He also spoke at length about why the Internet lockdown is necessary. Singapore is under constant attack by cyber criminals, gangs, "hacktivists" and even state actors. So it is crucial to hive off Internet surfing to other machines that do not have access to the Government's internal networks and systems.

Over the past year, he said, there were 16 attacks against government networks that made it past firewall systems provided by vendors. The malware was eventually detected and extracted with no damage done.

In 2014, there was a security breach of the Ministry of Foreign Affairs' IT system. Steps were taken to isolate the affected devices and the networks were strengthened following the discovery.

There was also a series of attacks in 2009 in the run-up to the Asia- Pacific Economic Cooperation meetings held in Singapore, targeting the organising committee members and delegates.

"As public servants, we have a duty and responsibility to protect the Government's and citizens' information and data," said Mr Koh, adding that the Internet-surfing separation "will significantly reduce the attack surface and make it harder for attackers to exploit our systems".

Prime Minister Lee Hsien Loong, addressing the issue yesterday at the end of a visit to Myanmar, highlighted how cyber security is a problem Singapore has been trying to tackle since the days of the floppy disks in the 1970s.

"I remember in the early days, we scratched our heads because it reached a point where people were having floppy disks, and the floppy disks were getting smaller," he said.

"What do you do? We said, well let's try and control all our floppy disks so none of them disappear. Then, somebody brings one in, takes one out - you don't know what happened. So you say, you must not bring in any floppy disks to work."

But that was very hard to enforce, he added.

Then came thumbdrives, which could easily be placed in pockets, again involving some vulnerability.

The latest challenge is the Internet. "It's very convenient to have it all (e-mail and the Internet) on the same computer," said PM Lee.

But "Internet surfing is the easiest way by which somebody can plant something into your system". He added that people have planted things into the system.

He also noted that the more serious threats will come from outside Singapore, saying: "Within Singapore, if someone is determined to do this, chances are I will be able to find out and I can visit him in real life, and not just in cyberspace."

Infocomm Development Authority (IDA) managing director Jacqueline Poh acknowledged that civil servants may face initial adjustment issues. But IDA, the agency executing the policy, will explore workarounds to keep up productivity, she added.

The move to separate Internet access from work e-mail is increasingly being adopted around the world, said security specialist Sean Duca of Palo Alto Networks Asia-Pacific.

The delinking "has become a common practice by private- and public-sector organisations worldwide to mitigate cyber risks," he said.





Teachers at all levels not affected by new measure
The Straits Times, 10 Jun 2016

The Ministry of Education (MOE) and Infocomm Development Authority (IDA) have confirmed that the new measure will not impact teachers at all levels, including those in universities.

In a memo sent on Wednesday to its teachers, MOE said that schools are more dependent on the use of the Internet for teaching and learning. As such, they will "continue to have access to teaching and learning resources on the Internet from their computers".


PM Lee added yesterday: "If your school page with your school anthem gets defaced, well, it's a nuisance but it's not the end of the world.

"So if the schools are on a different system... it's okay, but the government part, I think, must have a secure system to work."

The network that teachers are on is also separate from the Government's main system, said Cyber Security Agency chief executive David Koh.





PM Lee Hsien Loong was 'volunteer No. 1' to test not having direct Internet access
By Charissa Yong, The Straits Times, 10 Jun 2016

The first person to volunteer not to have any direct Internet access on his work computer was Prime Minister Lee Hsien Loong.

He took on the challenge at the beginning of the year after security experts advised that it was necessary to shield the public sector's IT systems from cyber attacks.

Relating his experience yesterday to reporters in Myanmar, where he is on an official visit, PM Lee said: "It's a nuisance, it takes some getting used to, but you can do it."

Instead, he has two separate systems, one for e-mail and another for Internet browsing.

"So now if I see a link, see an article, what do I do?"

He would "go through the trouble" of copying down the link into a PDF file that he would "send to the other side" - that is, send to his work e-mail.

He would then access his work e-mail and call up the article.

If he wants to share it with his colleagues, he can forward it via e-mail on his work computer.

"I share it with my colleagues on PDF so that they don't have to go through the opposite process, send it all the way back out again and then browse for it."


PM Lee said that he decided to be "volunteer No. 1" in the new approach to fighting cyber attacks, because if he can do it, "then I think there's a chance it can work" and if he could not, then it might not be a workable option.

From next May, civil servants will no longer have direct access to the Internet from their work computers. Instead, they will have to connect to the Web using a separate computer system. They can also surf the Web using their personal mobile devices.

PM Lee, in explaining the move, noted: "We have become completely dependent on our IT systems... and we have to make sure that our system is secure. We can't get infiltrated, data cannot be stolen, somebody can't come in and wipe out your data or cause some other mischief."

He added: "We've decided to do it. Are we happy? I don't think so, because it will slow us down in terms of day-to-day productivity. In terms of security, safety of our systems, safety of our citizens and information concerning them - it's absolutely necessary.

"Otherwise one day you find all your NRIC numbers, addresses and income tax returns for sale on the Internet, one package 10 gigabytes. How will the Government explain?"

He said that other ministries, including the Ministry of Foreign Affairs and the Ministry of Defence, already operate in this way.

"For the officers who need to do Internet surfing and track what's happening in the world - MCI (Ministry of Communications and Information) particularly, but others too - they'll have two computers and they'll have to work like that," he added.





Singapore public servants' computers to have no Internet access from May next year
By Irene Tham, Tech Editor, The Straits Times, 8 Jun 2016

All computers used officially by public servants in Singapore will be cut off from the Internet from May next year, in an unprecedented move to tighten security.

A memo is going out to all government agencies, ministries and statutory boards here about the Internet blockade a year from now, The Straits Times has learnt.

There are some 100,000 computers in use by the public service and all of them will be affected.

"The Singapore Government regularly reviews our IT measures to make our network more secure," a spokesman for the Infocomm Development Authority (IDA) said when contacted.

The move is aimed at plugging potential leaks from work e-mail and shared documents amid heightened security threats.

Trials started with some employees within the IDA - the lead agency for this exercise - as early as April. Web surfing can be done only on the employees' personal tablets or mobile phones as these devices do not have access to government e-mail systems. Dedicated Internet terminals have been issued to those who need them for work.

The Straits Times understands that public servants will be allowed to forward work e-mails to their private accounts, if they need to.

It is rare even for banks, telcos and casinos - which are known to have the strictest computer-use policies - to cut off Internet access on all work terminals.

Banks give only some personnel - such as analysts, sales staff and corporate communications employees - Internet access, but file-sharing, Web-hosted e-mail and pornography websites are blocked. The fear is that staff may download malware accidentally from dodgy websites, or share sensitive documents online.

Mr Aloysius Cheang, Asia-Pacific executive vice-president of global computing security association Cloud Security Alliance, said the Government's move marks a return to the past - the 1990s - when Internet access was available only on dedicated terminals.

"In the past, it was hard for malware to extract sensitive information from within government networks," he said. "Now, it is hard to control any leak on social media or file-sharing sites."

It will take time to convince users about the new system as the Internet is ingrained in most work processes. One teacher noted that he uses it extensively to develop worksheets and test papers.









Security risks prompted Government to cut Internet access: Analysts
By Irene Tham, Tech Editor, The Straits Times, 9 Jun 2016

Some said it was a bold response to the threat of online intrusions. Others said it should have been more finely calibrated. Many of those affected directly said it will make life difficult for them.

News that all public servants in Singapore will be cut off from the Internet from May next year evoked a range of reactions on the trade-off between security and efficiency.

"Digital surveillance has prompted a rethink on how governments conduct communications," said Assistant Professor Michael Raska from the Institute of Defence and Strategic Studies at the S. Rajaratnam School of International Studies in Singapore.

Experts pointed to a number of recent incidents that underlined the dangers of government computers being infiltrated.

Hundreds of flights had to be grounded in Sweden last year, following a cyber attack on its air traffic control system. Hackers knocked a Ukraine power station offline, plunging vast areas into darkness. The Russian government itself looked at going back to typewriters after its computers were infected with spy programs.

Singapore is vulnerable, too. Security software firm Symantec's Internet Security Threats Report last year pointed out that Singapore was the third most popular destination for spear-phishing, in which crooks send messages that appear to come from a trusted source to dupe victims into downloading an infected attachment or click on a fake link.

Associate Professor Basskaran Nair from the Lee Kuan Yew School of Public Policy, National University of Singapore, said: "After almost three decades of use, it is time to pause and rethink whether everyone needs to surf on their work computers."

He noted that the Internet poses security risks that were not a critical factor a decade ago. But he asked for a more nuanced approach in which exceptions could be made for officers whose work required the use of the Internet.

As things stand, all 100,000 computers in use by the public service will be cut off from the Internet from May next year.

Web surfing is allowed but only on employees' personal mobile devices. Non-sensitive e-mail can also be forwarded to personal accounts.

Mr David Koh, chief executive of the Cyber Security Agency of Singapore, said the Government has the responsibility to protect citizens' data.

"Internet-surfing separation will prevent attackers from using the Internet to plant malware... and exfiltrate information from government computers," said Mr Koh.

"This should not be seen as a move backwards as government employees will still have Internet connectivity," he added.

Still, there were some who felt that cutting off the Internet from the work computers of public servants was too extreme.

Chief technology officer Bryce Boland of security specialist FireEye Asia-Pacific said this is a practice seen only in the highest security areas, such as utilities and defence networks.

Security software firm Fortinet Asia-Pacific's vice-president, Mr George Chang, said today's identity and access control technologies, for instance, are able to limit the information one can receive based on job scope.

Some public servants also hoped that the Government will reconsider the move.

A policy analyst at a statutory board said that it will be "a hassle" to use a separate computer or his phone to read up on academic papers and news reports for his work.

At another statutory board, an operations officer said that using a separate Internet terminal will worsen his already "stretched work schedule".

Additional reporting by Lester Hio













Some in public service criticise move to cut Internet access on work computers
By Iliyas Juanda, TODAY, 9 Jun 2016

Some in public service were up in arms over news that they would not be able to access the Internet on their work computer by May next year, saying the move was bound to affect productivity, although the Infocomm Development Authority of Singapore (IDA) has assured that there would be shared workstations allowing surfing on the Internet.

The announcement came after access to many platforms, such as web chats and cloud services, were already curtailed last month, with employees in some agencies getting a second computer for these functions.

News of the new policy, first reported by The Straits Times, was confirmed by the IDA yesterday, which said a trial is under way to “separate Internet access from the work stations of a selected group of public service officers”.

A memo sent to some staff warned: “With the number of cybersecurity threats on the rise, being attacked is a given ... As long as the Government networks are connected to the Internet, the risks of Government data being stolen and leaked will be heightened.” Employees would still be able send emails and access government network applications through the Intranet. They can also use other computers or mobile devices to surf the web as long as they are not connected to the government network.

Calling the move regressive, civil and public servants TODAY spoke to said cutting off Internet access in such a manner was also disruptive.

“It’s like saying ‘your house could get burgled, but don’t spend money upgrading security features like cameras or locks; just move out’,” said one civil servant, who did not want to be named.

Another civil servant who also wanted to remain anonymous said: “I feel like there are relatively simpler solutions but they just decided to use the nuclear option.”

A public servant said that without Internet access on personal work computers, it would be unfair to expect public servants to have to pay for their own mobile data to carry out the work.

In a comment on Facebook responding to the criticism levelled at the move, Ambassador-at-Large Bilahari Kausikan said the announcement on the move could have been clearer, but pointed out that having work computers linked to the Internet poses a “serious cybersecurity risk” to the Government’s network.

“Some departments have already done so (separate Internet access). From the experience of these departments, officers can still receive and reply to emails from the public,” he said, noting it was so in his case.

From a security standpoint, Mr Anthony Lim, a consultant at cybersecurity firm ISC2, said the move was justified. With a government network of thousands of employees, infiltration needs to start with only one employee, he noted.

Mr Bryce Boland, chief technology officer for Asia Pacific at FireEye, said: “Most malware-based attacks leverage Internet access to work correctly, so measures like this will make it harder to leverage common malware against these organisations.”

However, they noted the inconveniences of such a move. For example, communication may be affected if the network goes down. “If you have Internet, you can still rely on personal email accounts,” said Mr Lim.

Member of Parliament Zaqy Mohamad, who chairs the Government Parliamentary Committee for Communications and Information, suggested putting up a study on how productivity might be affected by the move and how it can be mitigated. “I think if you have quite a lot of knowledge workers in the public service ... what could be done is to look at whether there are other solutions,” added Mr Zaqy.

Responding to media queries, the Cyber Security Agency of Singapore (CSA), said the Government has the responsibility of protecting important data and information, including that of citizens. “Internet surfing separation will prevent attackers from using the Internet to plant malware, to access government computers and to exfiltrate information from government computers,” said CSA chief executive David Koh. “Thus, the specific actions that are prohibited in this instance are actions that attackers want government employees to do, such as clicking on a link in a spear-phishing email, thereby allowing attackers to use the Internet surfing channels to exfiltrate stolen information.”

He added: “This should not be seen as a move backwards as government employees will still have Internet connectivity.”











Internet ruling for civil servants absolutely necessary: PM
By Tan Weizhen, TODAY, 9 Jun 2016

YANGON — As “volunteer number one”, he has been working on two separate computer systems since the start of the year, revealed Prime Minister Lee Hsien Loong, who said the Government’s decision to ban Internet access on work computers is “absolutely necessary”, to fight off increasingly intense and sophisticated cyber threats.

The move was something the Government had been “thinking about for a while” and had “put off for as long as possible”, said Mr Lee, noting the need to find “the right balance” in implementing such a measure.

On Wednesday, news broke that public service officers would not be able to access the Internet from their work computers from next May.

But they would still be able to surf the Internet on separate computers or mobile devices, either belonging to the individual or provided by their organisations.


Mr Lee, who was asked about the move during an interview with Singapore media wrapping up his official visit to Myanmar on Thursday (June 9), said he had volunteered to be the first to try out this new way of working, despite some initial reluctance.

“We have become completely dependent on our IT systems, on our computers in the office, remotely, the data systems, the services to the public, and we have to make sure that our system is secure,” said Mr Lee. “We can’t get infiltrated, data cannot be stolen, somebody can’t come in and wipe out your data or cause some other mischief.”

Despite the best precautions, intruders get in “because the intruders are very often one step smarter than you, and you have to block everywhere … they just have to get in in one place and you may not know for a long time”.

“We’ve had intrusions we know, we’ve reported some of them publicly, serious ones,” Mr Lee said. “So far we think that the damage which has been done, or the information which has been stolen, has not been disastrous. But we cannot be sure that that will not happen.”

Some ministries, such as the Ministry of Defence, Ministry of Foreign Affairs and some departments in the Ministry of Home Affairs, already have staff working on two computers.

“I think it’s a recognition that the Internet is a wild, wild west and we’d better know that. Otherwise, if you go out innocently thinking that all is fine, someday, something is going to happen to you. Quite likely something is happening to you and you don’t even know it,” Mr Lee said.

He acknowledged that the new way of working took some getting used to, “but you can do it”.

“So what I have done, I have an email system, I set up another one, which is for Internet browsing, and between the two you have what people call an ‘air gap separation’, meaning, this is one system, that’s one system, they don’t talk to each other,” said Mr Lee. “And hopefully no information can jump over from one side to another or from this side to that.”

Initially, he had doubts about cutting off Internet access. “I said, ‘Do you really want to do this, it’s such a nuisance to work’. But what to do? They convinced me this was a very, very serious matter,” said Mr Lee.

He acknowledged the need to ensure the move was implemented in a balanced way. “If we make our system so secure that it becomes a bother to you, then civil servants will either stop working or find some way around it,” he said. “So we’ve got to find the right balance and we’ve got to calibrate that balance as we go along.”





Government segregating secure systems, not cutting off Internet access for civil servants: Vivian Balakrishnan
By Jeremy Au Yong, US Bureau Chief, The Straits Times, 10 Jun 2016

WASHINGTON - The move to stop Web access on computers used by public servants is not an attempt to cut off the government from the Internet, but rather to segregate secure systems from activities like browsing, said Foreign Affairs Minister and Minister-In-Charge of the Smart Nation Initiative Vivian Balakrishnan in Washington on Thursday (June 9).

Responding to a question from The Straits Times about how to reconcile the recent move with the push to be a smart nation, Dr Balakrishnan said that the plan has occasionally been misconstrued as an attempt to shut off the government from the Internet. He stressed that the civil servants do need Internet access and will continue to have it.

"What we are really doing is not cutting off Internet access because, in fact, we all need Internet access on a daily basis in order to access information, in order to transact and in order to deliver information to our citizens," he said.

"So there is no possibility of cutting off ourselves from the Internet. What we are actually doing is segregating secure e-mail systems from other activities which you conduct on the Internet like browsing and transacting… Segregation is not the same as cutting off access."

He was speaking to reporters during a three-day working visit to the US capital.


The Straits Times reported on Wednesday that 100,000 public service computers will not have Internet access from next May. Web surfing can be done on employee's personal devices and dedicated Internet terminals will be issues to those who need them for work.

Dr Balakrishnan said the step was necessary in the name of cyber security and not incompatible with the idea of smart nation.

"Cyber security is absolutely essential if we are to become a smart nation. You can't have electronic medical records, you can't have financial technology, you can't have large databases with information that could be abused or misused, you can't afford a breach of privacy. So the way I look at it, cyber security is the flip side of the coin of being a smart nation," he said.

The foreign minister warned that the threat of cybercrime needed to be heeded.

"Most people underestimate the dangers of breaches of our systems and the fact that there is a clear and present threat from espionage and criminal activity on the Internet. And the sooner people realise this and take steps, not just on the civil service but even individually to protect themselves, the better."

Prime Minister Lee Hsien Loong said on Thursday that the move was "absolutely necessary" to keep Government data secure.

He added that he "locked down" from the Internet on his work computer at the beginning of the year.

"It's a nuisance, it takes some getting used to, but you can do it."





One wrong click, and hacker is in

A whole network can be infected if a curious individual falls for a hacker's bait; a firewall can filter, at best, half of all malware
By Irene Tham, Tech Editor, The Sunday Times, 12 Jun 2016

It costs a hacker close to nothing to embed malware in a Web link or an e-mail attachment to bait unsuspecting victims. All it takes is one click by a curious individual to put an entire network in the hands of the hacker.

This is why the Singapore Government does not want to take any chances and decided to delink Web surfing from the work terminals of public servants from next May, explained security experts.

Around 100,000 government computers will be affected and public servants will instead connect to the Web using dedicated Internet machines or their personal mobile devices. The aim is to create an "air gap" between the Web and the Government's internal systems.

Check Point Software Technologies chief strategist Tony Jarvis said: "All an attacker needs to do is to trick an employee into clicking on a document or opening a file, and the malware is then able to infect the machine."

The infected machine could spread the infection across a network, compromising the confidentiality of all data. Over the past year, 16 attacks against the Singapore Government's networks made it past firewall systems. The malware was eventually detected and extracted with no data loss, said Singapore's Cyber Security Agency (CSA).

A firewall is typically the first line of defence for most systems. But CSA chief executive David Koh said that a firewall can filter, at best, half of all malware. This is because the tool only works well on known malware, and is less effective against new ones.

Most networks are also designed to have other basic protections such as antivirus, and intrusion detection and prevention systems, which work like firewalls. These tools are also unable to pick out fresh malware.

This is because hackers know how to disguise malicious programs as benign-looking installer apps, for instance, to escape detection. Hackers also frequently change a malware's distribution location. Sometimes, hackers also design malware to stop snooping temporarily when antivirus software is scanning a computer.

"This extends the life of the malware in its undetected state," said Mr Vitaly Kamluk, global research and analysis director at Kaspersky Lab Asia-Pacific.

The second line of defence is "sandboxing", which lets programs from untrusted websites or senders run only in a restricted zone in the computer so it has no ability to read data from the rest of the computer. The program will be blocked if it is determined to be malicious.

More advanced protection involves using antibot technologies, which identify malware by examining its actions. For instance, the tool catches malware when it tries to communicate with the hacker's command and control servers.

The latest sandboxing and antibot technologies are able to identify unknown malware.

The decision to use these advanced tools or to combine it with the "air gap" approach is simply a design choice. The latter is typically more common in military or banking operations, said Mr Jarvis.

But just as no approach is foolproof, air-gapped defences can also be defeated. "These computers still need software updates over the Internet from time to time," said Mr Kamluk.

One often overlooked security gap is the USB port in the computer. "All it takes is just one person to charm his or her way into an office and insert a USB drive into computers to introduce malware into the network," said Mr Gil Rapaport, security specialist at CyberArk.





Buzz over delinking govt PCs from Web

Other countries have expressed interest in Singapore's novel move and may follow suit
By Carolyn Khew, The Sunday Times, 12 Jun 2016

Probably the first country to do so, Singapore's decision to delink its government computers from the Internet could spur other nations to take a similar step.

Minister for Communications and Information Yaacob Ibrahim said yesterday that since The Straits Times reported last week that 100,000 government computers will no longer have direct access to the Web from next May, other countries have expressed interest.

"You'll be very surprised at the kind of responses I received from my counterparts. They want to know how we do it," he said. "In fact, I was seated at a dinner and one of the ambassadors said 'We were surprised that you decided to do it and we want to learn from you because we think this should be done'."

Dr Yaacob added, in response to a question from The Sunday Times: "To the best of my knowledge, given the extensiveness with which we are doing this, I think we are the first."

He was speaking on the sidelines of a dialogue he had with members of the Malay/Muslim community on SkillsFuture at Tanjong Katong Complex.


The move, reported last Wednesday, is meant to keep government e-mail systems and shared documents safe. Civil servants will still have access to the Internet, but on separate computers dedicated to that purpose or on their personal mobile devices. But teachers will be exempt, as schools deal with less sensitive information and also use the Internet for teaching and learning.

Stressing that the Government had thought long and hard about this option, Dr Yaacob said that such a step, while inconvenient, was the best way to reduce the risk of government data being compromised, especially given the number and increasing sophistication of cyber attacks.

"At the end of the day, as the custodian of data concerning our citizens and because of national interests, we have to make sure that we can protect that, right?" said Dr Yaacob. "We are constantly under attack...and the hackers are becoming more sophisticated."

Singapore's Cyber Security Agency chief executive David Koh had revealed that there were 16 attacks on government networks which made it past firewall systems provided by vendors in the past year.

A firewall is typically the first line of defence for most government and corporate systems, acting like the front gate at the porch of a building. But Mr Koh said that a firewall can filter, at best, half of all malware. This is because the tool works well only on known malware, and is ineffective against new ones.

On Thursday, Prime Minister Lee Hsien Loong said he was the first to volunteer not to have any direct Web access on his work computer.

Dr Yaacob has also voluntarily started using two separate systems - one for e-mail and the other for Internet browsing - since this month.

The Ministry of Defence, Ministry of Foreign Affairs, and Ministry of Trade and Industry (MTI) have also separated Web access from work terminals. MTI started doing so in 2010.

"I don't think they (MTI) have suffered any productivity losses, so I think it can be done. It's a matter of changing our work habits and I think that's not difficult to do," he said.

The Infocomm Development Authority of Singapore will be working with government agencies to conduct focus-group discussions and workshops to discuss the implementation of the policy.

Additional reporting by Irene Tham










* Parliament: Growing cyber threat makes de-linking govt IT systems 'necessary'

Rise in number of targeted cyber attacks on government networks, says Yaacob
By Irene Tham, Tech Editor, The Straits Times, 12 Jul 2016

Rising threats against government computer networks have made it necessary to hive off Web surfing from public servants' work computers, Minister for Communications and Information Yaacob Ibrahim said yesterday.

Dr Yaacob also told Parliament that there have been more targeted cyber attacks on government networks since a security breach of the Foreign Affairs Ministry's IT system, about which he had informed Parliament last year.

"While these attacks were successfully contained, we can expect more to follow," he said.

"The attackers are more sophisticated. New tools are being developed from the dark side. And it's also very difficult for us to keep ahead," said Dr Yaacob, who is minister-in-charge of cyber security.

Mr Alex Yam (Marsiling-Yew Tee GRC) and Mr Zaqy Mohamad (Chua Chu Kang GRC) asked whether "more elegant solutions" were considered, adding that they worry the productivity and effectiveness of public servants would be affected.

Dr Yaacob said other solutions were considered but did not elaborate.

He also said the Trade and Industry Ministry and Foreign Affairs Ministry had done the de-linking a few years ago while the Defence Ministry had implemented even more stringent requirements.

"These organisations have not become less effective as a result," he added.

An attacker can still enter the network via another agency which continues to allow Internet surfing when connected to the government network, he said.

However, the nature of some work means such de-linking might not be possible, he noted.

"We will leave this to the agencies to work together with IDA (Infocomm Development Authority) to determine exactly how they are going to proceed," he added.

The Ministry of Communications and Information said in a statement last night that IDA is working closely with agencies to put in place solutions to enable such de-linking to be implemented by May next year.

The new measure is aimed at plugging potential leaks from work e-mail and shared documents amid heightened security threats, and will affect about 100,000 public servants.

Those who need to use the Internet for work can do so at terminals specifically provided for it. Public servants can also use their personal mobile devices to access the Internet and forward non-classified e-mail from their work computers to their personal accounts.

Teachers, however, are not affected by the impending change as they are plugged into a separate internal network.

Until the new rule takes effect, workshops that include senior management and the IT unit will be held in each ministry to "find the best way forward", said Dr Yaacob.

But, he added, the Government will continue to explore options and "see whether we will review our strategies down the road".

Meanwhile, Dr Yaacob said the new measure is necessary and the right thing to do.

"The Government has a duty to do all it can to protect the data it possesses, especially since such data often contains personal information of citizens," he said, noting that existing anti-virus technology could stop only 20 to 30 per cent of malware.



Related

MCI’s reply to PQ on separating Internet surfing - 11 July 2016

No comments:

Post a Comment