Brunel professor: Singapore internet block isn’t a backwards step

Written by Vishanth Weerakkody on 30 June 2016 in Opinion
Opinion

The Singapore government has moved to prevent officials from accessing the internet on devices that have access to civilian data. Vishanth Weerakkody, professor of digital governance at Brunel University, says it is not the retrograde step some think it is.

The Singapore government will stop its public sector workers accessing the internet at work from May next year - Photo credit: Flickr, solidariat

Singapore’s decision to disconnect its civil service operational system from the internet needs to be put into context.

Among the enthusiasts for digital everything, there is a widespread underestimation of the capability of cyber-attack agencies, which range from lone hackers to well-resourced military units.

And, as data losses reported in the media illustrate, political and governmental targets are particularly juicy - quite probably the news we see is just the tip of the iceberg.


Related content

The six types of security threat
GDS trials secure Whitehall WiFi solutions


The protection of sensitive networks in governments is a constant and expensive battle between attack and defence capabilities. There is no law requiring that all systems and workers to be connected to the internet.

Given the cyber-security threat level and the cost and continuing challenges of defence, it seems reasonable for government to ask two questions.

The first is about whether you take an operational system that deals with sensitive data offline, and the second is about whether your employees need internet access in the workplace.

Singapore appears to have considered that, for its internal civil service system - presumably both sensitive and operationally critical, therefore making it a target - the balance of risk, costs and benefits makes it necessary to disconnect it from the internet.

And it must be remembered that the Singapore government has not blocked all internet access. It has said that, for someone whose job needs the internet, a second system can be made available.

This is quite feasible, and could be done using a system that would be less restrictive than the secure systems they use at the moment. Providing WiFi in public sector building for the use of staff and visitors is one way of achieving this.

Of course, this might be a real inconvenience to the staff, which will have to be factored in to the overall decision to disconnect the primary system.

But if it does not prevent them from doing their job it might be deemed better than running the risk of an attack on the sensitive data; unauthorised access to internal systems, and loss of sensitive data, can easily disrupt the role and efficient functioning of the civil service.

A smart nation?

One should not jump to the conclusion that this announcement is a move away from Singapore’s efforts to be a smart nation.

On the contrary - Singapore is only doing what smart nations do by mitigating potential risks of cyber-attacks that could compromise their critical information systems.

The country’s decision is reasonable – and, it should be noted, not unique to Singapore – some public institutions have similar blocking policies that stop people using the internet at work.

Indeed, as we see both public and private sector organisations experiencing more successful penetration attacks and data theft, it won’t be a surprise to see more governments thinking critically about what they isolate from the internet.

The crucial point here is the distinction between having an ‘air gap’ between internal systems that hold sensitive data and the internet and restricting employees’ access to the internet completely.

Hostile forces are an ever-present danger for organisations, and it is easy to imagine that, over time, the first question posed will no longer be, 'Should we take services offline?' 

Instead, it will be, ‘Why should we connect our systems to the internet?’ 

And this will be particularly true if it is not enabling a citizen-facing transaction process.

We must remember that doing that doesn’t mean stopping employees doing their shopping online at lunchtime, or even engaging in social media while at work.

Separating out the two activities could lead to safer systems – and more public trust - without having a negative effect on morale.

About the author

Vishanth Weerakkody is professor of digital governance and director of the business life programme at Brunel University.

Share this page

Tags

Categories

CONTRIBUTIONS FROM READERS

Please login to post a comment or register for a free account.

Comments

G H (not verified)

Submitted on 26 July, 2016 - 06:29
It clearly is a backwards step. https://governmenttechnology.blog.gov.uk/2015/12/08/security-says-no/

Related Articles

Can the GDS innovation strategy deliver a lasting legacy for government?
14 August 2019

Government's new Innovation Strategy set out ambitious proposals to update processes, eliminate ageing kit, and embrace emerging technologies. PublicTechnology caught up with...

Tech firms should join a coalition of the willing to support interoperability for police IT
30 August 2019

Jessica Russell of techUK believes increased collaboration between the emergency services and technology partners could deliver improved public-safety outcomes

Government badly needs a new message on encryption
1 August 2019
The new home secretary is the latest politician to put forward proposals that are disproportionate and disingenuous, believes PublicTechnology editor Sam Trendall

Related Sponsored Articles

The age of virtualisation
17 September 2019

After more than 20 years of stability, networks are going through a period of dramatic transformation. BT looks beyond the hype at the real benefits of virtualisation.

Digital Transformation: Connecting and protecting with perfect predictability
10 September 2019

How can you stay ahead in the fast-paced world of digital technology? BT describes how it's a matter of focus... 

How to stay ahead of a changing threat landscape
3 September 2019

The security threat landscape is confusing and changing rapidly – there’s so much out there, how do you understand where the true risks are? BT offers insight from their own experience

The cyber security skills challenge: Hiring for tomorrow
27 August 2019

Organisations must alter their approach to cyber security recruitment in order to combat the global shortage of security professionals, writes BT