Computer network breach or botnet

Singapore’s plan to protect public sector by taking it offline

Blogs
Image: Stockfresh

9 June 2016

Billy MacInnesGartner says by 2020, 60% of digital businesses will suffer major service failures due to the inability of IT security teams to manage digital risk. How’s that for a headline? It’s almost enough to make you give up on this digital stuff altogether. As is this: Survey identifies Internet of Things (IoT) security challenges for the connected enterprise.

It seems as if every time an organisation opens itself up to a new technology or way of using technology, it also makes itself vulnerable to a much wider set of security risks. That might be good news for security vendors and their channel partners, but not so much for their customers.

Faced with a rising level of security threats and risks, most of them delivered via the Internet, the government of Singapore has decided to pursue a drastic course of action to counter them. According to a report in the Straits Times, the government has decreed that from May next year (2017), all 100,000 official computers used by government agencies, ministries and statutory boards will no longer have access to the Internet.

The Straits Times reports that the move is designed to prevent leaks from work e-mail and shared documents. Public servants will be able to use their personal smartphones and tablets, which do not have access to government e-mail systems, to surf the Web. Dedicated Internet terminals will be made available for people that need to access the Web for their work. Employees will be forbidden from forwarding work e-mails to their private accounts.

In a separate report, the BBC quotes a spokesperson for Singapore’s Infocomm Development Agency who states: “We have started to separate Internet access from the work stations of a selected group of public service officers, and will do so for the rest of the public service officers progressively over a one-year period.”

As a security measure, the government’s strategy of taking its systems back to the early 1990s when the Web’s presence was negligible, is probably one of the most stringent there is. Of course, it could also reduce the productivity of those 100,000 computers when so many of today’s applications and workloads are reliant on Internet connectivity. The government of Singapore obviously believes it’s a price worth paying. Security vendors might not agree.

It’s a fascinating development because it calls into question just how many computers or work stations in any organisation really require Internet access for a person to do their job? Or, to put it another way, perhaps organisations should consider which jobs and functions can be performed productively within the organisation and more securely without having access to the Internet?

There’s no doubt it’s counter-intuitive at a time when the trend is towards allowing employees to access company networks anywhere, anytime and from any device but it does make its own kind of sense when security risks and threats are so widespread. In fact, you could argue that the Singaporean government is guilty of nothing more than taking the logical approach to try and protect itself from all those Web-borne security threats we keep hearing about. If you cut the Web out of the equation, you eliminate a lot of the risk too.

Of course, by that logic you can protect yourself from a car crash by refusing to travel by car and avoid the threat of being in a plane crash by refusing to step on an aeroplane. But while you might enjoy the journey more, it would take you a lot longer to get there. And by the time you arrived, every one else could have moved on somewhere else. Which brings us to the fear of being left behind, but that’s a part of the IT Fear handbook that we should probably leave for another day.

Read More:


Back to Top ↑

TechCentral.ie