Cybersecurity Incidents Involving Government Websites
Ministry of Digital Development and InformationSpeakers
Summary
This question concerns whether critical Singapore sites or servers were compromised following reports of malware-infected portals and what preventative measures the public should undertake. Minister for Communications and Information Assoc Prof Dr Yaacob Ibrahim clarified that investigations into 130 reported Singapore-based servers found no critical infrastructure compromised, though some phishing and Command and Control servers were identified. He highlighted government efforts to strengthen cybersecurity through the passing of a Cybersecurity Bill and public awareness roadshows by the Cyber Security Agency and Singapore Police Force. The Infocommunications Media Development Authority will also support small and medium enterprises via the SMEs Go Digital programme to ensure electronic networks remain secure. Finally, individuals are urged to adopt basic security practices, such as changing default passwords on routers and internet-connected devices, to help create a more secure cyberspace.
Transcript
19 Mr Desmond Choo asked the Minister for Communications and Information in view of the hundreds of malware-infected sites, including Government portals (a) whether any critical Singapore sites or servers have been compromised; and (b) what are the measures that the public should undertake to prevent such incidents.
Assoc Prof Dr Yaacob Ibrahim: I believe the Member is referring to the recent report by the International Criminal Police Organization's (INTERPOL's) Global Complex for Innovation, which was developed together with the Singapore Police Force (SPF) and other partners in 2017.
INTERPOL assessed the vulnerability of servers and websites in the Association of Southeast Asian Nations (ASEAN) member states and discovered nearly 9,000 compromised servers and hundreds of malware-infected websites. This included around 130 servers and websites reported to be in Singapore. Upon further investigation by the Cyber Security Agency (CSA) and SPF, the majority of these 130 servers and websites were found to be clean. Some of the infected machines included phishing websites and Command and Control Servers – machines that were issuing commands to other compromised devices. No critical Singapore servers or websites were found to be compromised.
Cyber threats are increasing, and there are malicious actors out there who seek to harm others via cyber means. The Government is not spared from this threat, with our information technology network constantly under attack. Therefore, we cannot be complacent. The Government is strengthening our cybersecurity, including by passing a Cybersecurity Bill later this year, and raising public awareness through roadshows by CSA and SPF. The Infocommunications Media Development Authority (IMDA) will also help small and medium enterprises (SMEs) strengthen their cybersecurity under the SMEs Go Digital programme.
We urge organisations, companies and the public to work with us on this shared effort. Businesses should take advantage of the many programmes we have to strengthen cybersecurity and ensure that their electronic networks are secure against hacks. Individuals can take simple steps, such as by changing the default passwords of their routers and Internet-connected devices. More detailed information is available on the GoSafeOnline website at www.csa.gov.sg/gosafeonline run by the Cyber Security Awareness Alliance.
Together, we can create a safer and more secure cyberspace for Singapore.