S’pore projects on track again
Smart Nation resumes with new security policies after data breach
SINGAPORE: The Government is charging ahead with its Smart Nation projects, and has instructed all 11 critical services sectors here to cut off Internet access on work systems.
This comes after the completion of a major cybersecurity review that followed SingHealth’s massive data breach disclosed last month.
The Government had previously paused the launch of new Smart Nation projects following the cyberattack that compromised the personal data of 1.5 million SingHealth patients.
In a joint statement yesterday, the Smart Nation and Digital Government Group said it has completed its review of the public sector’s cybersecurity policies and will implement additional protection measures for critical government systems “to strengthen the ability to detect and respond quickly to cybersecurity threats”.
The Cyber Security Agency (CSA) of Singapore said it has instructed the 11 critical sectors here – including healthcare, energy, banking and telecommunications – to step up their security approach.
Among the measures to be implemented – all connections to unse- cured external networks will be removed, a process also known as Internet surfing separation.
If there are strong business or operational reasons to keep the Internet connections, these should be mediated through uni-directional gateways to prevent data leakage, said CSA.
A uni-directional gateway is a network appliance or device allowing data to travel only in one direction, to guarantee information security.
A secured informational gateway allows all data it carries to be encrypted, providing the highest level of security.
Government systems, for one, have implemented “significant measures”, including cutting off Internet access on work systems over the past three years to remove “unnecessary external connections with unsecured networks”.
“While the Government will continue to review and upgrade its security measures to guard against new threats and strengthen its infrastructure, it is not possible to completely eliminate the risk of cybersecurity attacks,” according to the joint statement.