Brunel professor: Singapore internet block isn’t a backwards step

Written by Vishanth Weerakkody on 30 June 2016 in Opinion
Opinion

The Singapore government has moved to prevent officials from accessing the internet on devices that have access to civilian data. Vishanth Weerakkody, professor of digital governance at Brunel University, says it is not the retrograde step some think it is.

The Singapore government will stop its public sector workers accessing the internet at work from May next year - Photo credit: Flickr, solidariat

Singapore’s decision to disconnect its civil service operational system from the internet needs to be put into context.

Among the enthusiasts for digital everything, there is a widespread underestimation of the capability of cyber-attack agencies, which range from lone hackers to well-resourced military units.

And, as data losses reported in the media illustrate, political and governmental targets are particularly juicy - quite probably the news we see is just the tip of the iceberg.


Related content

The six types of security threat
GDS trials secure Whitehall WiFi solutions


The protection of sensitive networks in governments is a constant and expensive battle between attack and defence capabilities. There is no law requiring that all systems and workers to be connected to the internet.

Given the cyber-security threat level and the cost and continuing challenges of defence, it seems reasonable for government to ask two questions.

The first is about whether you take an operational system that deals with sensitive data offline, and the second is about whether your employees need internet access in the workplace.

Singapore appears to have considered that, for its internal civil service system - presumably both sensitive and operationally critical, therefore making it a target - the balance of risk, costs and benefits makes it necessary to disconnect it from the internet.

And it must be remembered that the Singapore government has not blocked all internet access. It has said that, for someone whose job needs the internet, a second system can be made available.

This is quite feasible, and could be done using a system that would be less restrictive than the secure systems they use at the moment. Providing WiFi in public sector building for the use of staff and visitors is one way of achieving this.

Of course, this might be a real inconvenience to the staff, which will have to be factored in to the overall decision to disconnect the primary system.

But if it does not prevent them from doing their job it might be deemed better than running the risk of an attack on the sensitive data; unauthorised access to internal systems, and loss of sensitive data, can easily disrupt the role and efficient functioning of the civil service.

A smart nation?

One should not jump to the conclusion that this announcement is a move away from Singapore’s efforts to be a smart nation.

On the contrary - Singapore is only doing what smart nations do by mitigating potential risks of cyber-attacks that could compromise their critical information systems.

The country’s decision is reasonable – and, it should be noted, not unique to Singapore – some public institutions have similar blocking policies that stop people using the internet at work.

Indeed, as we see both public and private sector organisations experiencing more successful penetration attacks and data theft, it won’t be a surprise to see more governments thinking critically about what they isolate from the internet.

The crucial point here is the distinction between having an ‘air gap’ between internal systems that hold sensitive data and the internet and restricting employees’ access to the internet completely.

Hostile forces are an ever-present danger for organisations, and it is easy to imagine that, over time, the first question posed will no longer be, 'Should we take services offline?' 

Instead, it will be, ‘Why should we connect our systems to the internet?’ 

And this will be particularly true if it is not enabling a citizen-facing transaction process.

We must remember that doing that doesn’t mean stopping employees doing their shopping online at lunchtime, or even engaging in social media while at work.

Separating out the two activities could lead to safer systems – and more public trust - without having a negative effect on morale.

About the author

Vishanth Weerakkody is professor of digital governance and director of the business life programme at Brunel University.

Share this page

Tags

Categories

CONTRIBUTIONS FROM READERS

Please login to post a comment or register for a free account.

Comments

G H (not verified)

Submitted on 26 July, 2016 - 06:29
It clearly is a backwards step. https://governmenttechnology.blog.gov.uk/2015/12/08/security-says-no/

Related Articles

Conservative manifesto: five tech takeaways
9 December 2019

Rounding up the Tories’ key pledges in the area of digital and data, including a new cybercrime force and tax incentives for investments in cloud computing

Election 2019: Which party has most to say on digital, data and technology?
10 December 2019

Examining the language of each party’s manifesto reveals significant differences in the amount and focus of proposals related to technology and data policy – as well as in the wider themes of each...

Labour manifesto: five tech takeaways
26 November 2019

The free broadband plan has attracted attention, but the party has a number of other proposals for the use and regulation of technology. PublicTechnology rounds up the...

Related Sponsored Articles

Three best-practice measures in the event of a data breach
3 December 2019

To have the best chance of an effective response and a full recovery, organisations should have a robust incident response strategy in place, says BT 

How to take control of your network
26 November 2019

We hear from BT about why delivering a great customer experience depends on your network visibility 

The future of voice: how to successfully transform your legacy voice estate
19 November 2019

Organisations are increasingly having to replace their legacy voice infrastructure as traditional analogue and ISDN lines are being phased out. BT talk about how they can help the transition...

Case Study: Cryptocurrency, connectivity and the cloud
12 November 2019

BT presents findings from cryptocurrency firm Gemini on how they're providing customers with direct connectivity thanks to the Radianz network