fbpx
Two key figures in the SingHealth Cyber-attack. Ms Ivy Ng, CEO of SingHealth and Mr David Koh, Head of Cyber Security Agency.

Lifting of pause on ICT systems seems too soon to be safe

According to reports, the pause on new information and communications technology (ICT) systems that had been put in place following  the SingHealth hacking has been lifted. While the Smart Nation and Digital Government Group (SNDGG) has stated that it has completed its review of cyber security policies and confirmed that additional measures for critical government systems to detect threats would be put in place, is this too much too soon?

The cyber attack happened barely 2 weeks ago and affected 1.5 million people including the Prime Minister of Singapore. With this in mind, are we really ready to pause the pause? Can the cyber security policies really be reviewed comprehensively in just a fortnight? Given Singapore's penchant for deadlines and efficiency, I hope this isn't a case of being fast for the sake of being fast at the expense of thoroughness.

The ministerial statements in relation to this massive cyber security breach have not even been heard by Parliament and yet, the pause on ICT is already lifted. Are we jumping the gun?

I note that a committee of inquiry (COI) has been put together to investigate the causes and effects of the SingHealth hack. Wouldn't it make more sense for the COI to be concluded before any pauses are lifted? Lifting the pause now gives the impression that the COI is merely a formality and "for show" only.

At the very least, shouldn't the decision to lift the pause be debated in Parliament?

This hack is not a run of the mill incident. It is suspected to be state sanctioned and affected 1.5 million people including our Prime Minister. It is no small matter! Why then are decisions being made without Parliament being consulted beforehand? Is the government placing arbitrary efficiency over due care? Is the government being dismissive? Does this not send the message to the affected 1,5 million that the breach of their data is not even worth a discussion in Parliament?

Perhaps the government is so used to making decisions without consulting Parliament made up of elected representatives, it does not appear to realise that this incident is on a scale so massive that it has affected almost one third of our population - definitely warranting collective decision as opposed to individual agencies calling the shots. The sheer numbers of people affected makes this a national issue. There needs to be accountability and consensus.

This top down approach does not work - no, not for this.