This has been hot news of late, that of the Singapore Government cutting off Internet access for the 100,000 or so desktop computers of its public servants. Since then, we’ve heard all sort of remarks about how our government is retreating into the dark ages before the Internet. While wanting to build a smart nation, our government seems not so smart itself.
But the Singapore government is insisting it’s the right thing to do, and it’s a necessary thing to do. Our Prime Minister has he had volunteered to not have direct Internet access. He conducts his Internet activity on a different computer than the one used for government email.
Vivian Balakishnan has also spoken about the need for cybersecurity, and how it isn’t compatible with the idea of smart nation.
Yah. Perhaps a smart nation should be a whole lot smarter about cybersecurity.
The government is so big. Is it so difficult for a malicious attacker to infiltrate the internal government network? Could the attacker not be a public servant? Could the attacker not convince a public servant to, unknowingly, facilitate his nefarious activities?
To think that cutting off the Internet will solve a cybersecurity threat seems a bit naive. There are so many other attack vectors. In fact, cutting off the Internet, or segregating the networks, may drive internal users to create more problems, and thereby increasing security risks in other areas.
Locking down the front door of your house to thwart burglars won’t work all that well. They could always come in by the windows. As a IT security practitioner, I remind people that attacks will always find another, easier, way to get in.
Consider how Stuxnet managed to penetrate the Iranian nuclear programme. They went in through USB flash drives. A segregated network didn’t help anything at all.
Now, I don’t doubt that the government of our smart nation is not so not-smart, but somehow this exercise of cutting of the Internet is coming across as not very smart.