More stringent measures needed to protect research work: University dons

SINGAPORE — While cyber-security experts said on Friday (May 12) that it is no surprise that Singapore is increasingly a target for hackers, university professors called for more stringent measures to protect research work, including how such materials are stored.

A professor involved in research said that while rules are in place to secure the personal information of university students, or their grades, there are currently no proper rules on how researchers should store their work or research.

“They (the university authorities) only step in where there might be areas of ethical concern, for instance, information on people. But there are no rules, on for instance, setting passwords on our work,” said the professor, who could not be named as he was not authorised to speak on the university’s internal processes.

However, when it comes to information that the Government might give to researchers, more stringent processes are in place, he said.

For instance, the Department of Statistics requires researchers to go down to its premises to access its data, instead of transferring the information to third parties.

Associate law professor Eugene Tan of the Singapore Management University called for measures at universities and other organisations to be beefed up.

“It could be industrial espionage. Each successful attack is a stark reminder that a multi-stakeholder approach is needed to counter this clear and present danger. Counter-measures will have to be consistently beefed up to thwart deliberate and opportunistic attacks,” he said.

Cyber security experts said that it is no surprise that Singapore is increasingly a target, with its status as a commercial hub.

Mr Nick Savvides, security advocate, Symantec (Asia Pacific and Japan) said: “Singapore is a very sophisticated market, with much technology and business. So (the attackers) go where the money is, the information is. They are very financially motivated.”

“The attacks on NUS and NTU show that hackers are no longer just targeting the usual suspects in Singapore; such as financial institutions, Government and critical infrastructure. Establishments such as universities hold valuable personal data, including intellectual property that can bring about financial gain,” said Mr Bill Taylor-Mountford, vice president of LogRhythm (Asia Pacific & Japan).

Mr Tok Yee Ching, an executive member of the Association of Information Security Professionals, noted that NUS and NTU could be considered “juicy targets” as they are top universities, with established research work.

The experts urged companies to start building up their offensive capabilities in countering attacks, instead of simply focusing on defensive techniques. For instance, they could attempt “advanced persistent threat” (APT) attacks on their own systems to check for any vulnerabilities. APT attacks involve a variety of intelligence-gathering techniques and can remain undetected for a prolonged period, and are aimed at stealing confidential information.