Government agencies to take up new cyber-security measures
13 new measures to be rolled out as part of common framework
All Government agencies will need to adhere to a common cyber security framework, beginning with 13 new measures which will be rolled out to protect the personal data of Singaporeans.
Yesterday, the Smart Nation and Digital Government Office (SNDGO) announced new technical measures to ensure data in Singapore is better protected - from the storage stage to the distribution and usage stages.
The measures will protect data from misuse in cases where it is illegitimately extracted.
They will also help ensure that only legitimate data transmissions can proceed, and tighten user access.
Measures include encryption and masking of sensitive data and personal information, as well as the segmenting of information that is more sensitive, like infectious disease statuses or even bankruptcy statuses, so as to apply extra protection.
Some measures will also serve to reduce human error, such as data loss protection and e-mail data protection.
The 13 are the first of more upcoming recommendations by the Public Sector Data Security Review Committee, which was convened by Prime Minister Lee Hsien Loong in April this year.
The committee was formed after a series of cyber-security breaches over the past year.
At the media briefing, the agency said public-sector agencies currently have insufficient policies governing third parties handling data and there are inconsistent practices in managing data access.
MOST DUE TO HUMAN ERROR
According to SNDGO, the committee had found that while the more serious data leaks had been by malicious actors, the most number of data incidents have been the result of human error, where well-meaning staff had unwittingly compromised data.
SNDGO said the committee is also carrying out in-depth inspections of key Government agencies' information technology systems in phases.
In June, it completed the first wave, which focused on agencies in the finance and healthcare sectors, which work with highly sensitive data.
The agencies are: the Ministry of Health, the Health Sciences Authority, the Health Promotion Board, the Inland Revenue Authority of Singapore, and the Central Provident Fund Board.
Cyber-security experts The New Paper spoke to said the measures are encouraging, timely and necessary, given how rapid digitisation is opening countries and systems up to cyber risks.
Mr Grant Geyer, senior vice-president (product) at security firm RSA, said: "The 13 controls seem sensible, especially because they are aligned to the value of the data, which ensures that additional measures are used when the data is most sensitive."
He said the danger with controls is that they can also limit and affect the daily workflow and efficiency of the data, so matching the sensitivity of the data to the amount of measures ensures optimal use and protection of the information.
Mr Nicholas Palmer, vice-president of international business at cyber-security firm Group-IB, said governments should start to look into how they can learn more about malicious actors, know how they work and conduct their hacks, so that they can be identified and dealt with before the strike even occurs.
Mr Geyer said: "Trust is key, and it is very important that citizens think that the government can protect their data."