Singapore, the country that gave social engineering a good name, has come up with a sure-fire way to ensure its government computers are not hacked. It is disconnecting them from the internet.
From June 2017, the computers used by most of Singapore’s public servants will be unable to access the internet.
Some will be able to do so if it is essential to their jobs, but for most, internet access will be available only through their personal mobile devices or Internet café style PCs set up in workplaces specifically for that purpose.
Singapore is implementing a ‘Smart Nation’ strategy, which will “enable everyone and everything, everywhere, to be connected all the time in Singapore.” Unless you are a public servant.
Needless to say, the no Internet policy has met with some resistance, though dissent is not actually encouraged in the island nation.
The local newspaper The Straits Times, regarded as a government mouthpiece, says that the new policy will affect 100,000 public servants. Some PCs have already been disconnected, with the program being gradually implemented over the next 12 months.
“We have started to separate internet access from the workstations of a selected group of public service officers, and will do so for the rest of the public service officers progressively over a one-year period,” Singapore’s Infocomm Development Authority (IDA) said in a statement last month.
Prime Minister Lee Hsien Loong has defended the decision. He said he ‘delinked’ his own PC from the internet earlier this year. He is known to be keen user of technology, but has been very wary since his website was hacked in 2014.
“We have become completely dependent on our IT systems and we have to make sure we are secure. We can’t get infiltrated, data cannot be stolen, somebody can’t come in and wipe out your data or cause some other mischief,” he said.
“It will slow us down in terms of day-to-day productivity, but in terms of the security and safety of our systems, it’s absolutely necessary. Otherwise, one day you find all your NRIC (National Registration Identification Card) numbers, addresses and income tax returns for sale on the internet, one package 10 gigabytes. How will the government explain this?”
The Straits Times also quoted David Koh, chief executive of the Cyber Security Agency of Singapore, as saying the government has the responsibility to protect citizens’ data. “Internet-surfing separation will prevent attackers from using the internet to plant malware and exfiltrate information from government computers. This should not be seen as a move backwards as government employees will still have internet connectivity.”
Schools will be excluded from the ban, on the basis that their information is not overly sensitive.
The Singaporean government has said it will update its cyber security laws, with a new bill to be presented to parliament in 2017. Giving the keynote address at the 2016 Asia Pacific conference from security company RSA, Home Affairs Minister K Shanmugam announced a National Cybercrime Action Plan (NCAP).
“The plan is a coordinated effort to fight cybercrime – to take an approach to really deter, detect and disrupt cybercriminal activity and to create a safe and secure online environment in Singapore, as far as possible,” he said.
He outlined four key principles: “First, prevention. Second, a quick, strong response to cybercrime. Third, making sure that the legal framework is robust, and fourth, this cannot be done by us alone. It has got to be done in partnership, so it is a shared responsibility.”
By shared responsibility he means relationships with industry and other governments. He made special mention of Interpol’s Global Complex for Innovation (IGCI), which is based in Singapore and acts as the organisation’s global hub on cybercrime.
“It brings together law enforcement officers from around the world, and industry partners like NEC, Kaspersky, Trend Micro and Microsoft. Through IGCI, Interpol has conducted several successful global cybercrime operations.”
Mr Shanmugam did not mention the ban on Internet connectivity in government workplaces in Singapore, but it was a subject of some debate at the conference he was opening. He did speak of a “fundamental relook at cybercrime” which obviously incudes this extreme step.
Singapore is legendary for its iron first in a velvet glove. It maintains a much stronger internet censorship regime than most democracies, and rates only ‘Partly Free’ on Freedom House’s Internet Freedom Index.
The government routinely stifles dissent, online and offline, through soft techniques such as legal action rather than outright censorship. It likes to litigate opposition members of parliament into bankruptcy.
Singapore wants to be a cyber island. Its broadband penetration is high and it is promoting itself as a connected paradise. But its actions in ‘delinking’ its government’s workers from the Internet shows that the habits of state paternalism die hard.
Graeme Philipson travelled to Singapore as a guest of RSA.