The robustness or a lack thereof of a cybersecurity system should be viewed as a “key feature” of risk management, not as “an afterthought” and an issue that is exclusive to IT personnel, according to the chief executive officer of the Cyber Security Agency of Singapore (CSA).

In his testimony before the Committee of Inquiry (COI) on the final day of public hearings regarding the probe into the SingHealth cyberattacks, David Koh drew the analogy of car brakes when talking about cybersecurity, saying that one could “go fast” if one had “good brakes”.

Mr Koh, who is also the Defence Ministry’s Defence Cyber Chief, also said on Wednesday (14 Nov): “As with all high-level business risks, it should be managed at the appropriate level of leadership.”

Highlighting that the IT personnel at Integrated Health Information Systems (IHiS) was part of the service delivery team, he suggested that the IT security team should be given a clearer reporting structure that includes a direct channel to upper-level management.

He said: “Given that the core mission of the delivery group is to provide IT services to the different clusters, security-related workstreams might be overlooked in favour of service delivery objectives.”

Consequently, he proposed a “defence-in-depth” approach suggested by other experts which will see more intricate security mechanisms in place to protect what he dubbed the “crown jewels” of IHiS, namely the electronic medical records of SingHealth’s patients.

“Like a safe in a bank, privileged access to these records should have been behind locked doors, only accessible to a tightly-controlled group of people,” said Mr Koh.

“Front-end users” most susceptible to cybersecurity attacks: Mr Koh

Mr Koh added in his testimony that cybersecurity should not only be a part of the healthcare sector’s IT personnel’s concerns, but that “front-end users” such as doctors, nurses and pharmacists should also be trained to face such cyberattacks, as they are “often the weakest link in cybersecurity”.

“Cyber security is not the problem of the IT people. It is everyone’s problem. It is important for us to have similar initiatives for cyber security as we (would) in physical security,” emphasised Mr Koh.

IHiS “strategically headed in the right direction” as “gaps” are “being fixed”: Mr Koh

Despite his grievances regarding the flaws in the cybersecurity landscape in Singapore’s public healthcare system, Mr Koh acknowledged that IHiS was “strategically headed in the right direction,” and that such flaws should neither “be a sweeping indictment of the overall cyber security posture of the healthcare sector” nor “call into question the capabilities or commitment of IHiS management or staff as a whole.”

“The gaps that were found as a result of the SingHealth cyber attack were real, but they are being fixed,” assured Mr Koh.

The closing submissions for all parties involved in the cybersecurity fiasco will be heard on 30 Nov.

The COI on the SingHealth cyber attack, which was dubbed as the largest data breach in Singapore’s history, was convened on 24 Jul.

Chaired by former Chief District Judge and current member of the Public Service Commission, Mr Richard Magnus, the COI comprises four members who were tasked to probe into the cybersecurity breach against SingHealth’s patients’ records in early July, which affected the personal medical data such as the outpatient prescriptions of 1.5 million SingHealth patients, including that of Prime Minister Lee Hsien Loong.

Subscribe
Notify of
0 Comments
Inline Feedbacks
View all comments
You May Also Like

【武汉冠状病毒】马国累计确诊病例暴增至238起!

正当我国武汉冠状病毒(COVID-19)累计确诊病例已累计200例,邻国马来西亚确诊病例也急追直上,截至今日(14日)中午12时,再增加41例,已累计238名确诊病患。 根据马国卫生总监拿督诺希山的文告,这些确诊病例都与上月27日至3月1日,于吉隆坡大城堡Masjid Jamek回教堂举行的2020年大马传教士集会有关联。 上述活动有多达1万6000人出席,其中有1万4500名都是马国人。尽管马国政府呼吁出席者主动联系向当局通报,但迄今为止仅1500人现身作检测。 至于来自我国的参与者也有95人。 与此同时,马国今日有两起病例治愈出院,累计出院病例35人。 根据新加坡卫生部文告,截至昨日中午12时,迄今与上述马国宗教活动有关联的本地确诊人士多达四人(第183、187、197和199例)。

Lee Hsien Yang shares photo of late Lee Kuan Yew’s favourite carpet on his father’s fifth death anniversary

On Monday (23 March) morning, Mr Lee Hsien Yang (LHY), younger son…

环境局派定心丸 本地空气水质未受马国空气污染问题影响

邻国马来西亚柔佛州巴西古当深受空气污染事件影响,连新加坡居民也人心惶惶。我国环境局提高警惕,惟表示我国的空气素质、水质和水供都不受影响。 环境局表示,和该国柔佛州环境部保持联系,而我国海岸的挥发性有机化合物含量依旧维持在安全水平。 该局称,自上周四(20日),本地的24小时空气污染指数保持在良好水平,而一小时悬浮颗粒PM2.5浓度也持续正常。 而根据环境局官网,截至今日中午12时,新加坡北部的空气污染指数达到54,属中等水平。 我国沿岸的挥发性有机化合物(Volatile Organic Compounds)也保持在低和安全水平。 至于境内风向则是来自南和东南方向,并且预计将再维持数日。 马国柔佛州自今年3月巴西古当金金河污染事件以来,于上周四又爆发空气污染事件。 15学校受空污影响 截止昨日下午3时,马国又有15所学校爆发空气污染事件,共有75人被送到新山斑兰专科医院就医,其中有4人需要住院留医,目前情况已经稳定。 受影响的15所中小学分别包括了巴西布爹国中、巴西布爹国小、巴西布爹花园国小、丹绒布蒂里度假村国小…

M Ravi to appear in court on Wednesday to answer Criminal Defamation charge

Human Rights lawyer M Ravi will be appearing in State Court this…