Second Minister for Defence Ong Ye Kung stated during Parliament on Monday (3 April) that as ongoing initiatives are put into place to strengthen cyber systems, MINDEF/SAF will develop better assessment tools, data analytics and content scanning engines to enhance their response to cyber-attacks, as well as review the storage of personal data on Internet systems to minimise risks of cyber theft.
This is in response to questions filed by Dr Lim Wee Kiak and Mr Vikram Nair, MP for Sembawang GRC.
Dr Lim asked the Minister for Defence in the past three years, from which countries did most of the cyber-attacks on the Ministry’s military data systems originated, how long did it take the Ministry to detect the breach of its system in the February 2017 attack, and what steps have been taken to strengthen the Ministry’s IT systems.
While Mr Vikram asked the Minister for Defence if he can be provided with an update on the Ministry’s investigations into the cyber-attack on its IT system that took place in February 2017, whether the perpetrators have been uncovered, and what steps may be taken to prevent or minimise the risk from such attacks in future.
The Ministry of Defence (MINDEF) announced on 28 February that it detected a breach in its I-net system (I-net) earlier this month, which revealed that basic personal data, comprising NRIC numbers, telephone numbers, and dates of birth of 854 servicemen and employees were stolen.
Mr Ong stated that because computer systems are designed to facilitate connectivity, they are inherently vulnerable to cyber-attackers from any location motivated by mischief, criminal theft or national interest, at varying levels of sophistication.
“This is a global phenomenon,” he said.
Mr Ong pointed to Symantec, a global cybersecurity company, which recently reported more than 430 million new pieces of malware in just one year.
MINDEF and the Singapore Armed Forces (SAF) systems are no different, and on a daily level, experience hundreds of thousands of cyber intrusion attempts ranging from simple probes to sophisticated cyber-espionage efforts.
“The latter include covert attacks by highly skilled operators who mask or obfuscate their actions by routing through multiple countries to hide their real point of origin,” Mr Ong said.
According to the Minister, MINDEF/SAF adopts a multi-layered, risk-based approach to the cyber defence which balances between connectivity and speed on one hand and security on the other.
He said, “On one extreme are networks which contain sensitive military information, which is physically separated from the Internet and further protected with encryption and access controls.”
“On the other extreme are systems, such as I-net, aimed to facilitate connectivity and ease of use with limited security features which require some personal information of users for access,” he added.
Mr Ong stressed that the I-net system contains no classified information and is designed to allow NSmen on In-Camp Training to access the Internet in camps for civilian work and personal matters. However, across all MINDEF/SAF networks, multiple sensors, intrusion detection systems and firewalls are placed at critical nodes to detect intrusion attempts and activities.
He then noted that computer systems globally are updated consistently with new applications, adding that each new change can potentially introduce vulnerabilities.
It takes about 120 days, on average, for industry players to develop a patch in which cyber attackers exploit this window of vulnerability by evading the most commonly used commercial sensors and anti-virus signatures.
According to Mr Ong, industry reports cite an average of about 150 days, or five months, before a breach is discovered in any computer system.
“For example, the hacking into the US Government’s Office of Personnel Management began in November 2013, but was only discovered in March 2014. That is about a four-month lapse. This breach resulted in the loss of up to 18 million personal data records,” he said.
“More recently, hackers breached the email servers of the Democratic National Committee in mid-2015, and this was detected only in April 2016, almost a year later and by which time, all of their emails and chats had been stolen,” he added.
The breach of MINDEF’s I-net system was detected on 1 February 2017 and the affected server was taken offline. Forensic investigations on the I-net system showed that the breach had occurred weeks before detection.
The Minister said that the modus operandi was consistent with a covert attack, with means used to mask the perpetrator’s actions and intent. Investigations are still ongoing but findings will be kept confidential for security reasons.
Mr Lim then asked as there are many cyber attack, what are the measures taken by MINDEF and whether the Government investigating and prosecuting the perpetrators, and how many investigations lead to successful prosecutions.
Mr Ong then said that if the perpetrators can be identified and are locally situated, the Government will be sure to take them through the process of law.
“But often they are also not,” he said.
However, the Minister said that apart from law enforcement, there are also other efforts to safeguard the data, such as by using technologies.
“The system architecture is important which is why MINDEF separating the i-net from the more confidential system has helped a great deal,” he said.
Then he also pointed that human factors are also important, saying that this is usually the weakest link.
“I think a lot more education is needed because we can have more sophisticated anti-cyber defence system but you don’t have the discipline – you bug external device into your office network and you can be infected,” he said.
NCMP Dennis Tan Lip Fong asked supplementary questions whether the Ministry has identified the perpetrator behind the recent attack and whether the hackers will be able to make use of the personal information that they have obtained at the time for future hackings or cyber crimes and if so, whether the Minister has taken actions to mitigate the issue.
Mr Ong said that since the concern is security issue, he would rather not commented on how the Government has identified the perpetrator and who it can be or who is the person behind the attack.
He also added that the informations obtained were basic. Therefore, there is no possibility for the hacker to use it in the future.