Measures to Improve Telecom Network Resilience Given Recent Service Disruptions

13 Mr Ong Teng Koon asked the Minister for Communications and Information (a) what is the cause of Singtel's broadband Internet service disruption on 3 December 2016; and (b) what can the Ministry do to strengthen and protect critical infrastructure, such as the telecommunication network, from major disruptions.

14 Mr Zaqy Mohamad asked the Minister for Communications and Information (a) what is the Ministry's assessment of the resiliency of Singapore's broadband networks given the service disruptions by our Internet service providers (ISPs) in recent months; (b) how does the network availability of Singapore's ISPs compare internationally; and (c) whether there are measures that the Ministry is planning to improve the resiliency of our networks.

The Minister for Communications and Information (Assoc Prof Dr Yaacob Ibrahim): Madam, can I take Question Nos 13 and 14 together?

Mdm Speaker: Yes, please.

Assoc Prof Dr Yaacob Ibrahim: Thank you, Madam. Happy New year to you. Mdm Speaker, I thank Mr Ong Teng Koon and Mr Zaqy Mohamad for their questions. Over the past three months, both Singtel and StarHub have suffered service disruptions. The Infocommunications Media Development Authority (IMDA) is investigating the Singtel disruption on 3 December 2016 and will provide more details soon.

Preliminary findings so far suggest that the disruption was caused by a technical issue that affected SingNet's Dynamic Host Configuration Protocol (DHCP) server. The DHCP server assigns IP addresses to end-users' modems, so that the end-user can connect to the Internet. Unfortunately, SingNet's DHCP server encountered problems assigning IP addresses to its broadband customers' modems. As a result, these customers could not obtain or renew their IP addresses in order to connect to the Internet. IMDA and the Cyber Security Agency (CSA) are also investigating the October 2016 incidents affecting StarHub subscribers. More details will be shared in the Prime Minister's response to another question later.

Apart from determining the cause of the SingNet disruption, IMDA's investigation will also review: (a) whether the incident could have been avoided; (b) whether all necessary actions had been taken by Singtel to restore services expeditiously; and (c) the measures to ensure that such incidents do not happen again.

My Ministry and IMDA take a serious view of all service difficulty incidents, as they inconvenience consumers and businesses. We continuously review measures to enhance the resilience of Singapore's key telecommunication networks and services. For example, IMDA regularly reviews and updates the Telecom Service Resiliency Code. The Code was most recently revised three months ago to strengthen the resilience of our fixed and mobile broadband networks, given how pervasive they are today.

IMDA had also issued a Code of Practice for Telecommunication Infrastructure Resilience Audit − also known as the Mobile Audit Framework − in 2015. This Code of Practice requires mobile operators to conduct regular audits on key aspects of their networks and infrastructure, such as network designs, technical processes, business continuity plans and associated infrastructure and facilities. IMDA has conducted an audit on the mobile operators' networks and has found that they are generally compliant with the audit controls. IMDA will continue to finetune the audit controls to cater for technology developments. IMDA will be issuing a similar Audit Framework for fixed-line networks in 2017.

While direct comparisons are not possible due to differences in methodologies and network designs, our studies show that our networks are generally as resilient as our international counterparts. In fact, few jurisdictions besides Singapore actively track ISPs' network availability and, those that do, typically set a threshold lower than ours. Nevertheless, over the past year, SingNet and StarHub have exceeded IMDA's Quality of Service (QoS) standard of more than 99.9% fixed-line broadband network availability. IMDA will continue to update the QoS framework to ensure that operators continue to provide good quality of service to consumers and business users.

Madam, we cannot completely eliminate service outages, especially with the increasing complexity of technologies and networks. Instead, we expect operators to plan and design resilient networks, and put in place measures to ensure speedy recovery in the event of a disruption. This will minimise inconvenience to end-users should such disruptions occur.

Mdm Speaker: Mr Ong Teng Koon.

Mr Ong Teng Koon (Marsiling-Yew Tee): Mdm Speaker, I thank the Minister for shedding light on this matter of public interest. Will he also assure us that this disruption was not due to any form of cyber attacks and that the Ministry is fully capable of dealing with any form of cyberattacks?

Assoc Prof Dr Yaacob Ibrahim: Madam, on the particular incident, we have no reason to believe there was a cyberattack, but we will continue to monitor the situation. As to whether or not we have the ability to deal with cyberattacks in future, we will have to continue to build up our defences. This is something which CSA is committed to and we will work with all the sector leads to ensure that they have put in place programmes, and more importantly, mitigation efforts to deal with any disruption that occur.

Mdm Speaker: Mr Zaqy Mohamad.

Mr Zaqy Mohamad (Chua Chu Kang): The Minister mentioned about our benchmark are not available against international operators, but within Singapore's context where we are moving towards a smart nation and more connected services, are we still expecting 99.9% as the benchmark or could we be more resilient than that? Certainly, what is also important is the amount of time it takes to get services back to normal. Does the Ministry plan to enhance standards in that respect?

On that earlier clarification on cybersecurity, if I recall the StarHub incident, there were also DDoS attacks where they took over certain devices on the network. I am quite surprised that this could happen on our public networks. What measures could be put in place to ensure that security is not compromised in the future?

Assoc Prof Dr Yaacob Ibrahim: Madam, on the incident, as mentioned in my reply, this will be responded to later, when we reach the Parliamentary Question that had been put to the Prime Minister. Certainly, we will continue to monitor the situation.

Attacks, as the Member rightly pointed out, can come from the most innocent of devices, in this case, the Internet of Things devices that happened in America. CSA is on top of the situation. At the end of the day, it is something in which we are mindful where we need everyone within the value chain − the businesses and even consumers like ourselves − to put in place some cyber hygiene practices at home and in our workplaces. We will work closely with the industry and industry associations to ensure that all our businesses understand what needs to be done. We will work with the major operators who provide the service to the small companies so that they understand what needs to be done. So, it is an on-going effort. As the CSA Chief Executive Mr David Koh mentioned, cybersecurity is a team sport. Everybody has to play their part.

On the first question as to whether or not 99.9% is too high, this is something we have just started. We have to continue to monitor the situation. I agree with the Member that the most important thing is how we can resolve the disruption as quickly as possible. We have impressed upon the telecommunications companies and the ISPs that this is something that we want them to put in place quickly and ahead of time. As for the recent incident of Singtel, we are still investigating but we knew that they worked very hard to put in place additional resources so that they can deal with the demands of the customers.

It is very difficult for us to determine ahead what exactly they need to do because the networks are becoming very complex and technology is developing very rapidly. The ability for the engineers and the experts to deal with the situation will depend on the complexity of the situation. But IMDA works closely with them to understand every incident, what we can learn from it and how we can use that as a learning experience to improve the resiliency of our network. That is something we will continue to do.

Mr Zaqy Mohamad: Mdm Speaker, just a correction. The Minister mentioned my question about 99.9% being too high and should be lower. It is actually the opposite; I meant it is too low.

Assoc Prof Dr Yaacob Ibrahim: Thanks. We will continue to review.