Brunel professor: Singapore internet block isn’t a backwards step

Written by Vishanth Weerakkody on 30 June 2016 in Opinion

The Singapore government has moved to prevent officials from accessing the internet on devices that have access to civilian data. Vishanth Weerakkody, professor of digital governance at Brunel University, says it is not the retrograde step some think it is.

The Singapore government will stop its public sector workers accessing the internet at work from May next year - Photo credit: Flickr, solidariat

Singapore’s decision to disconnect its civil service operational system from the internet needs to be put into context.

Among the enthusiasts for digital everything, there is a widespread underestimation of the capability of cyber-attack agencies, which range from lone hackers to well-resourced military units.

And, as data losses reported in the media illustrate, political and governmental targets are particularly juicy - quite probably the news we see is just the tip of the iceberg.

Related content

The six types of security threat
GDS trials secure Whitehall WiFi solutions

The protection of sensitive networks in governments is a constant and expensive battle between attack and defence capabilities. There is no law requiring that all systems and workers to be connected to the internet.

Given the cyber-security threat level and the cost and continuing challenges of defence, it seems reasonable for government to ask two questions.

The first is about whether you take an operational system that deals with sensitive data offline, and the second is about whether your employees need internet access in the workplace.

Singapore appears to have considered that, for its internal civil service system - presumably both sensitive and operationally critical, therefore making it a target - the balance of risk, costs and benefits makes it necessary to disconnect it from the internet.

And it must be remembered that the Singapore government has not blocked all internet access. It has said that, for someone whose job needs the internet, a second system can be made available.

This is quite feasible, and could be done using a system that would be less restrictive than the secure systems they use at the moment. Providing WiFi in public sector building for the use of staff and visitors is one way of achieving this.

Of course, this might be a real inconvenience to the staff, which will have to be factored in to the overall decision to disconnect the primary system.

But if it does not prevent them from doing their job it might be deemed better than running the risk of an attack on the sensitive data; unauthorised access to internal systems, and loss of sensitive data, can easily disrupt the role and efficient functioning of the civil service.

A smart nation?

One should not jump to the conclusion that this announcement is a move away from Singapore’s efforts to be a smart nation.

On the contrary - Singapore is only doing what smart nations do by mitigating potential risks of cyber-attacks that could compromise their critical information systems.

The country’s decision is reasonable – and, it should be noted, not unique to Singapore – some public institutions have similar blocking policies that stop people using the internet at work.

Indeed, as we see both public and private sector organisations experiencing more successful penetration attacks and data theft, it won’t be a surprise to see more governments thinking critically about what they isolate from the internet.

The crucial point here is the distinction between having an ‘air gap’ between internal systems that hold sensitive data and the internet and restricting employees’ access to the internet completely.

Hostile forces are an ever-present danger for organisations, and it is easy to imagine that, over time, the first question posed will no longer be, 'Should we take services offline?' 

Instead, it will be, ‘Why should we connect our systems to the internet?’ 

And this will be particularly true if it is not enabling a citizen-facing transaction process.

We must remember that doing that doesn’t mean stopping employees doing their shopping online at lunchtime, or even engaging in social media while at work.

Separating out the two activities could lead to safer systems – and more public trust - without having a negative effect on morale.

About the author

Vishanth Weerakkody is professor of digital governance and director of the business life programme at Brunel University.

Share this page




Please login to post a comment or register for a free account.


G H (not verified)

Submitted on 26 July, 2016 - 06:29
It clearly is a backwards step.

Related Articles

Interview: CDDO chief Lee Devlin on the ‘move from being disruptive to collaborative’
23 May 2023

In the first of a series of exclusive interviews, the head of government’s ‘Digital HQ’ talks to PublicTechnology about the Central Digital and Data Office’s work to unlock £8bn...

WhatsApp and private email banned for government use at higher security tiers
13 April 2023

Officials are warned that, if they choose to use non-corporate channels, they must 'be prepared to defend your choices'

Digital minister: ‘It’s important to the government that the British public has confidence in how we use their data’
23 May 2023

In a piece written for PublicTechnology, parliamentary secretary Alex Burghart discusses progress with One Login and the significance of legislative changes

HMRC finds strong support for online Child Benefit claims – but ‘digital by default’ would cause problems for one in five users
17 May 2023

Department publishes findings of study conducted ahead of planned digitisation initiative

Related Sponsored Articles

Proactive defence: A new take on cyber security
16 May 2023

The traditional reactive approach to cybersecurity, which involves responding to attacks after they have occurred, is no longer sufficient. Murielle Gonzalez reports on a webinar looking at...