SINGAPORE — With the Government’s IT network constantly under siege from cyber attacks, the Ministry of Foreign Affairs’ (MFA) IT system was breached last year in one of the more recent cases, Communications and Information Minister Yaacob Ibrahim revealed today (May 11) in a written Parliamentary response.

Responding to TODAY’s queries on the MFA system breach, the Cyber Security Agency (CSA), which was established by the Government last month, said that immediate steps were taken to “isolate the affected devices and appropriate security measures were implemented to further strengthen the network”.

MFA also brought forward plans to refresh its IT equipment as an added precautionary measure to ensure the integrity of its systems, the agency added.

CSA said it would not provide further details of the breach, as revealing the operational details could “affect the continuing effectiveness of our defensive measures”.

Chua Chu Kang GRC MP Zaqy Mohamad had filed a Parliamentary question on whether there have been any cyber security incidents involving IT systems belonging to the Government.

In his response, Dr Yaacob said the Government’s IT networks are probed “all the time”. He said: “While most of these attempts are unsophisticated, we have also detected serious and advanced attacks.”

Apart from MFA system breach, he cited how, in the lead up to the Asia-Pacific Economic Cooperation (APEC) 2009 meetings held here, there were “at least seven waves of malicious email attacks which targeted members of the APEC Organising Committee and APEC delegates from various countries”, Dr Yaacob said. The email attacks were mentioned in Parliament in March 2013, during the passage of the Computer Misuse and Cybersecurity Bill.

He added that Government agencies’ cyber security practices “cannot remain static but must adapt to new and emerging modus operandi of the attackers”.

Dr Yaacob said: “Due to the nature of their operations, some agencies are unfortunately highly attractive to potential cyber attackers, and they will need to do even more to defend and protect their networks.”

He reiterated that the Government takes cyber security very seriously. “The CSA with the Infocomm Development Authority ... to ensure a high level of vigilance over the security of our Government networks and readiness to respond rapidly and appropriately to any incident,” he said.

In a recent report, cyber security solutions company FireEye said that a hacking group called APT30 has been targeting countries in Asia, with Singapore cited as a likely, but unconfirmed, target. The report said that this group shows a high level of interest in targeting sensitive data, such as that housed on government networks.

TODAY understands that there is no concrete evidence that Singapore has been attacked or that the Singapore Government was a target of APT30. In 2011, the Government launched the S$1.3 billion Standard Operating environment (SOE) system which enabled public officers to work seamlessly within and across organisational boundaries.

Mr Anthony Lim, a cybersecurity expert at ISC2, a not-for-profit association for information security professionals, said that while a standardised system improves operational efficiency, it increases the vulnerability to cyber attacks. “There is a risk that hackers, having found a possible issue with one area, might try to find the same issue in another area, and get lucky,” he said.

Mr Lim said that the breach that happened in MFA could be due to the age of a software or the equipment, such as servers or networks, which contain certain vulnerabilities. He added that organisations need to invest in cyber security and constantly keep up their protection against potential threats. “Hackers are always trying to find new ways to attack,” he said.