Second Minister for Defence Ong Ye Kung stated during Parliament on Monday (3 April) that as ongoing initiatives are put into place to strengthen cyber systems, MINDEF/SAF will develop better assessment tools, data analytics and content scanning engines to enhance their response to cyber-attacks, as well as review the storage of personal data on Internet systems to minimise risks of cyber theft.

This is in response to questions filed by Dr Lim Wee Kiak and Mr Vikram Nair, MP for Sembawang GRC.

Dr Lim asked the Minister for Defence in the past three years, from which countries did most of the cyber-attacks on the Ministry’s military data systems originated, how long did it take the Ministry to detect the breach of its system in the February 2017 attack, and what steps have been taken to strengthen the Ministry’s IT systems.

While Mr Vikram asked the Minister for Defence if he can be provided with an update on the Ministry’s investigations into the cyber-attack on its IT system that took place in February 2017, whether the perpetrators have been uncovered, and what steps may be taken to prevent or minimise the risk from such attacks in future.

The Ministry of Defence (MINDEF) announced on 28 February that it detected a breach in its I-net system (I-net) earlier this month, which revealed that basic personal data, comprising NRIC numbers, telephone numbers, and dates of birth of 854 servicemen and employees were stolen.

Mr Ong stated that because computer systems are designed to facilitate connectivity, they are inherently vulnerable to cyber-attackers from any location motivated by mischief, criminal theft or national interest, at varying levels of sophistication.

“This is a global phenomenon,” he said.

Mr Ong pointed to Symantec, a global cybersecurity company, which recently reported more than 430 million new pieces of malware in just one year.

MINDEF and the Singapore Armed Forces (SAF) systems are no different, and on a daily level, experience hundreds of thousands of cyber intrusion attempts ranging from simple probes to sophisticated cyber-espionage efforts.

“The latter include covert attacks by highly skilled operators who mask or obfuscate their actions by routing through multiple countries to hide their real point of origin,” Mr Ong said.

According to the Minister, MINDEF/SAF adopts a multi-layered, risk-based approach to the cyber defence which balances between connectivity and speed on one hand and security on the other.

He said, “On one extreme are networks which contain sensitive military information, which is physically separated from the Internet and further protected with encryption and access controls.”

“On the other extreme are systems, such as I-net, aimed to facilitate connectivity and ease of use with limited security features which require some personal information of users for access,” he added.

Mr Ong stressed that the I-net system contains no classified information and is designed to allow NSmen on In-Camp Training to access the Internet in camps for civilian work and personal matters. However, across all MINDEF/SAF networks, multiple sensors, intrusion detection systems and firewalls are placed at critical nodes to detect intrusion attempts and activities.

He then noted that computer systems globally are updated consistently with new applications, adding that each new change can potentially introduce vulnerabilities.

It takes about 120 days, on average, for industry players to develop a patch in which cyber attackers exploit this window of vulnerability by evading the most commonly used commercial sensors and anti-virus signatures.

According to Mr Ong, industry reports cite an average of about 150 days, or five months, before a breach is discovered in any computer system.

“For example, the hacking into the US Government’s Office of Personnel Management began in November 2013, but was only discovered in March 2014. That is about a four-month lapse. This breach resulted in the loss of up to 18 million personal data records,” he said.

“More recently, hackers breached the email servers of the Democratic National Committee in mid-2015, and this was detected only in April 2016, almost a year later and by which time, all of their emails and chats had been stolen,” he added.

The breach of MINDEF’s I-net system was detected on 1 February 2017 and the affected server was taken offline. Forensic investigations on the I-net system showed that the breach had occurred weeks before detection.

The Minister said that the modus operandi was consistent with a covert attack, with means used to mask the perpetrator’s actions and intent. Investigations are still ongoing but findings will be kept confidential for security reasons.

Mr Lim then asked as there are many cyber attack, what are the measures taken by MINDEF and whether the Government investigating and prosecuting the perpetrators, and how many investigations lead to successful prosecutions.

Mr Ong then said that if the perpetrators can be identified and are locally situated, the Government will be sure to take them through the process of law.

“But often they are also not,” he said.

However, the Minister said that apart from law enforcement, there are also other efforts to safeguard the data, such as by using technologies.

“The system architecture is important which is why MINDEF separating the i-net from the more confidential system has helped a great deal,” he said.

Then he also pointed that human factors are also important, saying that this is usually the weakest link.

“I think a lot more education is needed because we can have more sophisticated anti-cyber defence system but you don’t have the discipline – you bug external device into your office network and you can be infected,” he said.

NCMP Dennis Tan Lip Fong asked supplementary questions whether the Ministry has identified the perpetrator behind the recent attack and whether the hackers will be able to make use of the personal information that they have obtained at the time for future hackings or cyber crimes and if so, whether the Minister has taken actions to mitigate the issue.

Mr Ong said that since the concern is security issue, he would rather not commented on how the Government has identified the perpetrator and who it can be or who is the person behind the attack.

He also added that the informations obtained were basic. Therefore, there is no possibility for the hacker to use it in the future.

Subscribe
Notify of
0 Comments
Inline Feedbacks
View all comments
You May Also Like

承认恶作剧踩坏他人拐杖 前高级警曹长被判囚四个月又两周

前高级警曹长在四马路观音堂前踩坏“鹦鹉叔”曾国原的拐杖,今日(7月26日)被判四个月又两周的监刑。他表示不满刑法,要求上诉。 46岁的前高级警曹长谢进平(译音)分别面对一项恶作剧和两项提供假资料的罪名,他原本不认罪,但是随着案子审讯后,昨日在法官做出裁决之前承认恶作剧的罪名。 他是于2016年10月31日,在四马路观音堂前调查“卖纸巾”乞讨的“鹦鹉叔”曾国原时,在同事和民众的面前踩坏后者价值28元的拐杖。他随后因为此事件而被要求调查时,更对警方提供了假资料。 控方认为,被告在提供资料时毫不犹豫地对后辈撒谎,对一名资深警员而言实在是不可取,不但严重影响我国警察部队的声誉,也诋毁了我国司法权威。 “被告在事发的两周后才承认撒谎,浪费了警力物力,而且他自始至终都知道自己在提供假资料。” 被告的代表律师表示,被告此次犯案只是一时冲动,也不会有重犯的可能,他也愿意赔偿损失,所以希望法官能够从轻发落。 律师之前也求情说被告之前在警队效劳了25年,尽心尽力奉献国家,甚至自己生病了也不知道,随后中风也长期接受治疗。 法官下判时指出被告的作为,以一名资深警员而言是非常严重的罪行,因此同意根据控方的立场下判。 然而被告在听闻判决后表示不满,通过代表律师提出要求上诉。 他目前以1万5000元保释外审。

Latest MOM data: Number of PMETs losing their jobs continues to climb

The latest labour report from the Ministry of Manpower’s (MOM) revealed that…

The aftermath of 5 days, and still taking wrong steps

By Ghui A week after the Parliamentary White Paper on population was…

The battle for 2016 starts now

Yong Yang I woke up this morning with mixed feelings. While I’m…