Recently, government networks in many countries have been exposed to hackers and attacks on personal computers.
On 6 March 2024, Singapore's Senior Minister of State for Communications and Information (MP) Boujli answered questions from Yeh Hon Wing and Jurong GRC MP Tan Yau Meng at Parliament session.
Click on the video below to watch the details:
The following is a translation of the Singapore Eye based on Parliamentary sources:
(Left: Yeh Hon Wing, Member of Parliament for Yio Chu Kang Single Constituency, right: Senior Minister of State, Ministry of Communications and Information, Singapore, Pu Jeli)
Hon Ip Hon Wing questioned Minister for Communications and Puje Lib:
ask
- In the past three years, has the Ministry of Communications and Information detected similar attacks on mainland government computer systems?
- How does the Department of Communications and Public Information respond to cyber attacks?
Singapore's government network was not affected by the attack. We work with departments such as the Cyber Security Agency (CSA) and GovTech to monitor critical computer systems and take action and measures to respond to cyberattacks. Given their sensitivity, we are unable to openly discuss these actions and responses.
answer
ask
These incidents are rare, so how can we train and raise the awareness of our civil servants in the face of cyber security threats?
Thank you, Mr. Yip, for your question.
When it comes to cybersecurity safeguards for our critical information infrastructure, we have to take into account various levels, and it's not just about training our civil servants, it's certainly an important component.
When it comes to securing government ICT systems, we have a multi-layered defense-in-depth system to defend against cyber threats with preventive, proactive, detective and reactive measures.
Block malicious content: We will ensure the security of browsing the web and prevent government work computers from accessing malicious content on the Internet.
Proactive Security Testing: Conduct regular security testing of government computer systems to identify and fix any potential vulnerabilities that may exist.
Real-time monitoring: Our online systems are monitored 24 hours a day by our Security Operations Center to detect cyber attacks.
Rapid response: If a suspicious or malicious cyberattack is identified, our emergency response team is ready to quickly contain any attack, investigate the incident and take necessary remedial action, and follow up on system recovery.
Cybersecurity training: It's not enough to rely on one central system to defend everything. We also conduct regular cyber security awareness training to raise cyber security awareness among our public officials. It's this layered defense and in-depth layout that protects our systems from cyber threats.
answer
(Left: Jurong GRC MP Tan Yau Meng, right: Senior Minister of State for Communications and Information, Singapore, Bojli)
Hon Chan Yau Meng questioned Minister Pujeli:
ask
The first question is whether the Minister can assure us that the government will be more broadly concerned about the potential attack surface of cyberattacks, even if these domains are not in the GOV. SG. This is because electric and utility companies do not have a GOV. SG domain names can also be a potential target for troublemakers by providing critical servers.
The second question is, can the Minister assure us that there is a continued focus on the potential risks of government networks, especially at some of the key nodes where the risk could be enormous, if they fail?
The answer to both questions is yes. When we establish the cybersecurity architecture, we have set up the interaction between systems and systems, which is also a factor that we consider when formulating the cybersecurity law, and thus define the critical information infrastructure and sensitive information infrastructure. This is also true for websites other than SG domains.
answer
The following is the full text of the congressional question:
STATE-SPONSORED CYBER ATTACKS ON SINGAPORE GOVERNMENT SYSTEMS
1 Mr Yip Hon Weng asked the Minister for Communications and Information given the recent security breaches of several foreign government computer systems (a) whether the Ministry has detected similar attacks on our Government computer systems over the past three years; and (b) how does the Ministry respond to cyber acts by state-sponsored actors.
The Senior Minister of State for Communications and Information (Dr Janil Puthucheary) (for the Minister for Communications and Information): Sir, there were recent reports that a Chinese cybersecurity firm, I-Soon, had allegedly compromised nearly 20 foreign governments. Singapore was not listed as an affected country.
The Cyber Security Agency (CSA) and GovTech work with our security agencies to monitor threats and respond to any cyberattack on our critical computer systems. Given their sensitive nature, we are unable to publicly discuss such operations and responses.
Mr Speaker: Mr Yip.
Mr Yip Hon Weng (Yio Chu Kang): Thank you, Mr Speaker. I thank the Senior Minister of State for the reply. I have a very short supplementary question. In light of this incident, how are our civil servants trained to be more aware of such cyber attacks by state-sponsored actors?
Dr Janil Puthucheary:Sir, I thank Mr Yip for his question. When it comes to the safeguards for the cybersecurity of our Critical Information Infrastructure, there are various layers and various issues that we have to think about. It is not just about the training of our civil servants. That is certainly an important component of it, but we have a multi-layer defence in-depth approach in securing our Government’s infocomm technology (ICT) systems. There are preventive, proactive, detective and reactive measures that we put in place to defend against cyber threats.
One example of a preventive measure would be the Secure Internet Surfing, blocking Government workstations from malicious content. An example of a proactive measure is putting Government digital services through security testing to discover and remediate any potential vulnerabilities that may be there. For the systems that are online, our Security Operation Centre monitors the devices and networks 24/7 to detect attacks. Should suspicious or malicious activities or payloads be detected, our Incident Response Teams are prepared to contain quickly any attack, investigate the incident, carry out the necessary remediation and follow-up actions for recovery.
Other than depending on a central system to defend everywhere – that is not going to be sufficient – we also conduct regular cybersecurity awareness training for our public officers, raising their cybersecurity posture in terms of their behaviour and how they interact with systems. It is this layered, defence-in-depth landscape that will protect our systems from cyber threats.
Mr Speaker: Dr Tan Wu Meng.
Dr Tan Wu Meng (Jurong): I thank the Senior Minister of State for the answer. I have got two supplementary questions. The first is, can the Senior Minister of State reassure us that the Government is looking at the broader potential attack surface for cyber attacks, including beyond the gov.sg domain? This is because power and utilities companies, even if not under gov.sg, may supply a critical server and thereby be a potential attack surface by troublemakers.
My second question is, can the Senior Minister of State assure us that there is ongoing attention to looking for potential convergence points of risk, your acupressure points or your shatter points, whereby those points of failure can have disproportionate risk? Is there ongoing attention to such convergences of risk as well?
Dr Janil Puthucheary: Sir, the answer to both questions is yes. That sense of looking at the systems, systems of systems and the interactions between the various components of the systems is indeed the very framework that our Cyber Security Agency takes and the Cybersecurity Act is applied to, and it is how we then derive the designation of Critical Information Infrastructure and Significant Information Infrastructure. These considerations are not only for the gov.sg domains.
CK丨Editor
Edited by CF丨
Goverment of Singapore丨来源
MCI丨Image source
1. The copyright of all works on this website that indicates the type of article as "original" belongs to Kannanyang and Singapore Eye. When reprinting and using by other media, websites or individuals, they must indicate: "Article source: Singapore Eye".
2. All works indicated on this website as "reprinted" and "compiled" are reprinted or compiled from other media, for the purpose of delivering more valuable information, and it does not mean that this official account agrees with its views and is responsible for its authenticity.