In an article published by The Straits Times earlier this month, Finance Minister Heng Swee Keat was quoted as saying that “Singapore is positioned to support the region’s development by financing infrastructure and enterprise in Asia, including bringing in private capital”. He further stressed that Singapore’s adoption of digital technology could “improve transaction efficiency and raise financial inclusion”. These are clear statements of Singapore’s intention to lead regional countries in the stride towards digital efficacy.
Since those statements of intent, news broke on how the data of 1.5 million people including that of the Prime Minister of Singapore have been intentionally and illegally accessed. It has also come to light that data of 70,000 people in the Securities Investors’ Association (SIA) has also been hacked into without detection for 5 years. I wonder what Heng’s views on these incidences are? Are we still able to lead the charge in digital supremacy? Are we ready to be the smart nation we claim to be?
While Heng did mention the concept of “proper risk management” at the DBS Asian Insights Conference, he appeared to be talking about risk management in the context of the Asian and global financial crises of the past two decades. In focusing on investment risks, he seems to have been oblivious to the possibility of digital risks which can wreak equal or more havoc. Are our ministers digitally savvy enough to lead us into being a smart nation? Do they adequately understand the risks that come with it?
From the quotes, it is clear that our government prizes efficiency. While efficiency is important, it is short term if risks have not been adequately considered. It is concerning that the only risks he raised were those to do with investment strategy with no mention about safeguards against hacking.
As a Singaporean, it is mildly embarrassing that just days after this conference, we made international headlines with the high profile hacking of our very own Prime Minister’s data (along with that of a further 1.5 million people). We may say we are ready to lead the charge but events have clearly proven that we are anything but.
All is not lost. Singapore can learn valuable lessons from this. But will we really learn if the commission of inquiry (COI) formed to investigate the incident do not seem to be people with credentials on tech security. Also, will the Committee of Inquiry investigate how the data of 70000 people could have been stolen without detection?