Following a number of high-profile breaches in the past year, such as the SingHealth data breach which saw up to 1.5 million patient records compromised, the Singapore government has been taking more stringent measures to ensure the security of its citizens’ personal data.
Back in April, a committee was formed by Singapore Prime Minister Lee Hsien Loong to conduct a comprehensive review of data security practices across the island nation’s entire public service. On Monday, the Public Sector Data Security Review Committee has announced 13 technical measures that aim to render stolen databases unusable through encryption, detect unusual data transmissions and limit users' access rights.
The Straits Times reported that in addition to the encryption of files, highly sensitive attributes of individuals, as well as the personal information of VIPs and ministers would have to be kept in separate systems with higher levels of control in place.
The 13 measures, outlined in the new Information Security Framework, will have to be complied by all the public agencies with more measures to be revealed and included in the committee’s final report by November. Additional measures will include guidelines to help the agencies train public servants on best data security practices and manage third parties that handle government data.
These will supplement current practices, including the Internet Surfing Separation (ISS), the cutting of Internet access from employee computers for all government agencies, and the disabling of USB ports from being accessed by unauthorised devices, to prevent advanced cyber attacks from infiltrating government networks.
To recap, besides the SingHealth breach in June/July 2018, the Singapore public service sector came under fire for a number of security incidents, including: