Major cyberattack inevitable, Cyber Security chief warned in 2015

807
Koh, 2nd from right [Photo: GovInsider]
 

While he may have been criticised for recent remarks on the Singhealth data security breach, Mr David Koh had in fact warned 3 years ago that a cyberattack was inevitable.

Mr Koh, the Chief Executive of the Cyber Security Agency of Singapore (CSA), said in an interview with Channel Newsasia in 2015 that the Internet was not designed for security. Thus, he said, the onus was on the Government and and its agencies to ensure that security breaches are detected early and dealt with quickly.

He added that it was also important for the people to be informed as soon as possible when such intrusions happened.

“Our people need to be resilient. When something goes wrong, and in my professional opinion something will go wrong, then the issue is how we react to the incident,” Mr Koh said then. “If people react as if the world has stopped turning, then the problem becomes unnecessarily amplified.

“If our people are resilient enough and find manual systems to deal with the disruption, then I think that the society as a whole will continue to operate, and the impact in physical world will not be as great,” he added.

“The assurance that I will give is that we will put out information as quickly and as accurately as we can.”

The Singhealth leak, where the personal information of some 1.5m patients was compromised, is the biggest digital security failure in Singapore. 160,000 of those affected had their medical records stolen, including that of Prime Minister Lee Hsien Loong.

Deputy Prime Minister Teo Chee Hean, who oversees the entire multi-agency Smart Nation initiative, said on Tuesday that the breach could have and should have prevented by delinking computers used in the public healthcare sector from the Internet, as was done for computers used by the Public Service in 2017.

Straits Times, 25 Jul 2018

The breach is believed to have occurred through a front-end computer used by a Singhealth staff. The thousands of computers used by Singhealth provided a broad surface for the intrusion to take place, the authorities explained.

Besides compromising these front-end computers, the attack had also “circumvented security barriers at the intermediate layer that manages and screens requests to Singhealth’s database”, DPM Teo said.

Computers on the public health sector were delinked from the Internet on Monday. Staff workers will use separate computers to access the Internet.

The breach is suspected to have been carried out by foreign sources, or nation-states, security experts have said. No country has been named so far by the Singapore government. It has, in fact, not pointed its finger at anyone, for now.

But such attacks from foreign sources is not new to Singapore which has seen an increasing number of attacks and cyber threats in recent years.

In 2017, for example, the CSA warned of advanced persistent threats (APTs). These are “stealthy and continuous computer hacking processes to gain intelligence or steal information”, the Straits Times reported then.

“Late last year (2016), CSA was alerted to an APT malware infection in an unnamed government organisation’s Internet-facing computer, which had not been used to process sensitive information,” the newspaper said.

While no confidential data was leaked, the CSA noted “it was the work of a state-sponsored hacker not previously known to be active in Asia. Off-the-shelf security software could not catch the malware.”

“CSA did not identify the foreign government behind this attack, but it is not the first time Singapore was the target of an APT or foreign governments,” said the Straits Times.

And just last month (June), the CSA again warned of the increasing level of cyber threats targeting Singapore and its institutions.

Cyber threats continued to grow in frequency and impact,” the CSA said. “Notably, there was a shift from profit-motivated attacks towards those aimed at causing massive disruptions.”

In particular, the CSA highlighted the threats to the Critical Information Infrastructure (CII) sectors. The CII sectors are those responsible for delivering essential services in Singapore, and they include Government, infocomm, energy, aviation, maritime, land transport, healthcare, banking and finance, water, security and emergency, and media.

“CII sectors deliver essential services and a compromise of their systems can have a debilitating impact on Singapore’s society and economy,” the CSA said last year in a report. “CII sectors such as Banking & Finance and Government remain prime targets for cyber-attacks, because of the sensitive information held by organisations in these sectors.”

Mr Koh, who is also the Commissioner of Cybersecurity and had spent 30 years in the military, said it was “close to impossible to secure everything, 100 per cent, all of the time”, and that an attack was inevitable.

“As we continue our Smart Nation push, we have to raise our cyber hygiene and defences, especially against cyber-attackers who are getting better resourced and skilled. We need to play our part by being vigilant and adopting good cybersecurity practices to keep Singapore’s cyberspace safe and trustworthy for all.”