S’pore hit by 16 waves of online attacks since April last year

SINGAPORE — The Republic is a “prime target” for cyber criminals and has come under 16 waves of online attacks since last April, the Cyber Security Agency (CSA) said on Thursday amid growing debate about a move to unplug work stations in the public service from the Internet.

“Singapore is under constant attack on the cyber front,“ said Mr David Koh, the chief executive of the agency which provides dedicated and centralised oversight of national cyber security functions. “We are a prime target for cyber criminals, gangs, hacktivists and even state actors.”

Mr Koh spoke to reporters at a press briefing on Thursday (June 9) following news that those working in the public service would not be able to access the Internet on their work computer by May next year. This decision came after an extensive review by the Government to address growing concerns about cyber threats.

According to the CSA, Singapore has come under 16 waves of malware and phishing attacks since the agency was set up in April last year. The attacks did not cause major infections, only localised disruption. Mr Koh said public servants had a duty and responsibility to protect data and information that belonged to the government and the public.

He added: “This move of internet surfing separation will significantly reduce the attack surface and make it harder for attackers to exploit our system. We can’t be a Smart Nation that is trusted and resilient if our systems are open and vulnerable.”

At the briefing, Ms Jacqueline Poh, the managing director of the Infocomm Development Authority of Singapore (IDA) said that public servants would continue to have access to the Internet, but it will not be from the same device used to access the government’s internal networks. She stressed that Singapore was not the first to enact such a policy to safeguard critical data.

“We acknowledge that there will be some initial adjustment issues and are committed to working with our staff to develop alternatives so that they may continue working productively,” she said.

In an interview with Channel NewsAsia earlier, Mr Chai Chin Loon, the director of the cyber security group at IDA, said the threat posed by cyber attacks had reached the point for “drastic actions”. He defended the decision to restrict access, and told CNA that the Government was “not taking a step backward” and was instead adopting “a balanced approach” for securing its IT infrastructure.

He said the team behind the decision had been “working on it for a number of months” before announcing the initiative.

Earlier on Thursday, Prime Minister Lee Hsien Loong also addressed the outcry over the planned move when speaking to Singapore media in Yangon, where he had wrapped up an official visit to Myanmar.

He said the move was something the Government had been “thinking about for a while” and had “put off for as long as possible”. He also revealed that he had volunteered to be the first to try out this new way of working to try out the system.

Mr Lee said: “It takes some getting used to, but you can do it. So what I have done, I have an email system, I set up another one, which is for internet browsing, and between the two you have what people call an air gap separation, meaning, this is one system, that’s one system. They don’t talk to each other. And hopefully no information can jump over from one side to another or from this side to that.”

He also stressed the need to find “the right balance” between security and usability. “If we make our system so secure that it becomes a bother to you, then civil servants will either stop working or find some way around it,” he acknowledged, noting initially it was a nuisance. “So we’ve got to find the right balance and we’ve got to calibrate that balance as we go along.”