“At a minimum, it inconveniences the public, but potentially it has much graver consequences. It can damage infrastructure and endanger lives,” cautioned Prime Minister Mr Lee Hsien Loong at the opening of the ASEAN Telecommunications and Information Technology Ministers Meeting in Singapore in November.

Hacking web sites and intruding into computer systems is a crime and perpetrators will be dealt with “to the full extent of the law”, said Mr Lee.

His comments were prompted by a video, allegedly by infamous hacker group, Anonymous, which threatened to bring down many Singapore Government websites if their demands were not met by November 5th.

Though maintenance of IT systems is part of the Government’s on-going efforts to enhance security, public agencies heightened vigilance and enhanced the security of their IT systems in light of the threats by checking for vulnerabilities, software patching, testing links, and putting in Distributed Denial-of-Service (DDoS) mitigation measures.

On the declared date, unusually high Internet traffic was experienced by many government websites – indicating attempts to scan for vulnerabilities or a potential DDoS attack aimed at bringing down the sites.

Days later, the web sites of the Prime Minister’s Office and the Istana were compromised while the Singapore Art Museum discovered personal information of about 4,000 people on its online mailing list had been illegally taken from a data file on its web site and uploaded to a New Zealand-based server. Its web site had also been hacked, with unauthorised links added to one of its pages.

Though agencies responded swiftly, no site can be 100 per cent fool-proof, explained Ms Jacqueline Poh, Managing Director of the Infocomm Development Authority of Singapore (IDA) who led the operations to secure Singapore Government websites in view of the threats. “While our public agencies adhere to best practices and international guidelines and standards in cyber security, we still need to be able to quickly detect security incidents and restore or rectify services in the event of a disruption,” she added.

Security is an on-going effort

Measures are already underway to bolster the cyber security detection and analytical capabilities of the public sector. Under Singapore’s five-year National Cyber Security Masterplan, the existing Cyber Watch Centre and Threat Assessment Centre are being upgraded as part of an ongoing effort to strengthen the security and resilience of critical infocomm infrastructure (CII).

Other initiatives aimed at enhancing the protection of CII included a CII Protection Assessment Programme to identify vulnerabilities and gaps and help strengthen Singapore’s CII against complex cyber threats, and also national exercises which are conducted for critical industry sectors as well as across sectors to test their cyber security readiness.

Another area of focus for the Masterplan is to grow Singapore’s pool of infocomm security experts. In line with this, IDA is working with Singapore’s Institutes of Higher Learning to incorporate infocomm security courses and degree programmes into the curriculum. It is also working with industry partners to attract and retain such skilled professionals in Singapore.

As part of a holistic approach to cyber security, the Masterplan also aims to promote the adoption of appropriate infocomm security measures among individuals and businesses. This is being championed by the Cyber Security Awareness Alliance, which was formed in 2008 and comprises representatives from IDA and other public and private sector organisations. The Alliance organises an annual Cyber Security Awareness Day to raise infocomm security awareness and remind everyone of the need for personal and workplace responsibility in adopting simple and secure online practices.

(Updated on 13 Jan, 2014)