03 Aug 2018
The Government is lifting the pause on new ICT systems which it announced on 20 July, following the attacks on SingHealth’s system.
The Smart Nation and Digital Government Group (SNDGG) has completed its review of cybersecurity policies and will implement additional measures for critical Government systems, to strengthen the ability to detect and respond quickly to cybersecurity threats. With these additional measures, the Government will lift the pause on new systems with immediate effect (3 August 2018).
The Cyber Security Agency of Singapore has instructed the 11 Critical Information Infrastructure (CII) sectors to raise their respective level of network security in light of the recent cyber-attack on SingHealth computer systems by taking additional measures. These measures include the following:
a) Remove all connections to unsecured external networks;
b) If there are strong business or operational reasons to keep open connections, these should be mediated through uni-directional gateways (e.g. data diodes) to prevent data leakage; and
c) If two-way communication between the secured network and unsecured external network is required, a secured informational gateway has to be implemented.
The Government, which is one of the 11 CII sectors, has implemented significant measures in the last 3 years to comply with these cybersecurity guidelines. For example, Internet Surfing Separation has removed unnecessary external connections with unsecured networks.
While the Government will continue to review and upgrade its security measures to guard against new threats and strengthen its infrastructure, it is not possible to completely eliminate the risk of cybersecurity attacks. We should not allow such incidents to hold us back in building a Smart Nation and Digital Government. We need to persist in our efforts to harness the potential of the Digital Age, while building deeper expertise in cybersecurity so that we can do so confidently.