Some in public service criticise move to cut Internet access on work computers
SINGAPORE — Some in public service were up in arms over news that they would not be able to access the Internet on their work computer by May next year, saying the move was bound to affect productivity, although the Infocomm Development Authority of Singapore (IDA) has assured that there would be shared workstations allowing surfing on the Internet.
The announcement came after access to many platforms, such as web chats and cloud services, were already curtailed last month, with employees in some agencies getting a second computer for these functions.
News of the new policy, first reported by The Straits Times, was confirmed by the IDA yesterday, which said a trial is under way to “separate Internet access from the work stations of a selected group of public service officers”.
A memo sent to some staff warned: “With the number of cybersecurity threats on the rise, being attacked is a given ... As long as the Government networks are connected to the Internet, the risks of Government data being stolen and leaked will be heightened.” Employees would still be able send emails and access government network applications through the Intranet. They can also use other computers or mobile devices to surf the web as long as they are not connected to the government network.
Calling the move regressive, civil and public servants TODAY spoke to said cutting off Internet access in such a manner was also disruptive.
“It’s like saying ‘your house could get burgled, but don’t spend money upgrading security features like cameras or locks; just move out’,” said one civil servant, who did not want to be named.
Another civil servant who also wanted to remain anonymous said: “I feel like there are relatively simpler solutions but they just decided to use the nuclear option.”
A public servant said that without Internet access on personal work computers, it would be unfair to expect public servants to have to pay for their own mobile data to carry out the work.
In a comment on Facebook responding to the criticism levelled at the move, Ambassador-at-Large Bilahari Kausikan said the announcement on the move could have been clearer, but pointed out that having work computers linked to the Internet poses a “serious cybersecurity risk” to the Government’s network.
“Some departments have already done so (separate Internet access). From the experience of these departments, officers can still receive and reply to emails from the public,” he said, noting it was so in his case.
From a security standpoint, Mr Anthony Lim, a consultant at cybersecurity firm ISC2, said the move was justified. With a government network of thousands of employees, infiltration needs to start with only one employee, he noted.
Mr Bryce Boland, chief technology officer for Asia Pacific at FireEye, said: “Most malware-based attacks leverage Internet access to work correctly, so measures like this will make it harder to leverage common malware against these organisations.”
However, they noted the inconveniences of such a move. For example, communication may be affected if the network goes down. “If you have Internet, you can still rely on personal email accounts,” said Mr Lim.
Member of Parliament Zaqy Mohamad, who chairs the Government Parliamentary Committee for Communications and Information, suggested putting up a study on how productivity might be affected by the move and how it can be mitigated. “I think if you have quite a lot of knowledge workers in the public service ... what could be done is to look at whether there are other solutions,” added Mr Zaqy.
Responding to media queries, the Cyber Security Agency of Singapore (CSA), said the Government has the responsibility of protecting important data and information, including that of citizens. “Internet surfing separation will prevent attackers from using the Internet to plant malware, to access government computers and to exfiltrate information from government computers,” said CSA chief executive David Koh. “Thus, the specific actions that are prohibited in this instance are actions that attackers want government employees to do, such as clicking on a link in a spear-phishing email, thereby allowing attackers to use the Internet surfing channels to exfiltrate stolen information.”
He added: “This should not be seen as a move backwards as government employees will still have Internet connectivity.”