June 28, 2017

19
PSI
CONNECT WITH US
 
 
Tags Posts tagged with "internet"

internet

Cyber attack

by Bertha Henson

I’M WRITING to you now because you’re the only one whose physical address I have. I only have email addresses for all my other friends. I’m sorry if you find it difficult to read my handwriting. I am so used to typing that I am not sure how to hold a pen. So I am using a pencil, so that I can erase ugly writing easily and, thank goodness, I still have a rubber from my Primary School days.

First, I hope that things are fine on your farm. Rearing chickens and growing vegetables don’t require the Internet right? Or are you logged in to that giant brain which is now in a coma? I feel envious of you. At least, you deal with real worms and not those which make you WannaCry. You know what I’m talking about right? Some NSA fellow in the US lost some spying software and now some jokers are holding a lot of people to ransom.

The Middle Ground needs your support to continue serving up credible, balanced and independent news. Help us make a difference by being our patron! Thanks!

I’ve been somewhat paralysed over the past few weeks and hopefully, by the time you read this (if nothing goes wrong with flight controls and air traffic), this time of stasis is over. In any case, I am using carbon paper while writing so that I can post a duplicate letter by sea-mail.

Right now, I’m re-learning everything, like what to do with my hands and fingers now that my cell phone is useless. I have taken to pen twirling and using one of those Fidget gadgets that’s become so popular.

Do you know how terrible it is to live without Google? I can’t answer queries in class as quickly as before or finish my assignments on time. I actually had to go to the library to do research. You should see us there…like monks in medieval times copying out notes. Lectures were even almost cancelled because the passes that get us into the lecture halls couldn’t work. We had to call the firefighters to break down the door. It was the first time I saw someone wield an axe in front of me.

Everything has changed.

My grandmother got sick and decided to see the sinseh instead of going to hospital. She’s worried that the hospital will prescribe the wrong medicines now that its system is down. So she had some needles poked into her and we managed to find a traditional Chinese medicine shop to buy the herbs and whatnots to brew her medicine at home.

My father says things are crazy in his office because he can’t get access to his files on the computer. He stopped storing hard copy versions a long time ago. All his old paper documents had been shredded to comply with the Personal Data Protection Act.

The good thing is that the worm hasn’t burrowed itself into the train system so we’re all still travelling from Point A to Point B. Except that sometimes, the doors at Point B can’t open. Our train operator made it clear it was a signalling problem and had nothing to with the malware although those of us stuck on board really wanna cry.

I can still reach my friends through the landline and watch free-to-air TV. My father bought a transistor radio as well because he said that’s the most reliable communication system we have. I think he’s paranoid.

He doesn’t want us to touch anything electronic or technological because he’s afraid of cross-infection. He wants to buy patches but they’re only available via the Internet, which of course, has died here. By patches, I mean a software that upgrades the computer system, defending it from cyber attacks. Think of it as a band-aid for a cut wound. He wants to buy plenty because the wound is still bleeding. I told him to also get bandages, in case he gets into an accident in his driverless car.

My mother says hi and wants to know how you keep uncooked food fresh when you have no refrigerator. I told her you kill your food or harvest your food every other day. She didn’t know, because she never went on a school exchange programme like I have.

The good thing is that I am getting more sunshine – and rain. I meet my friends more often and visit relatives in their home even though it’s not Chinese New Year. That because I can’t stay cooped up in my room staring at my blank computer. I am actually getting used to talking again. Having face-to-face conversations is such an exciting experience, especially when there’s no ring tone to disturb the flow.

I have to stop here because I have to recite the anthem of the Smart Nation. I think you are wise to stick with Mother Nature, even though we’re slowly killing her. But, at least, she can’t die overnight.

Sincerely,

Your Internet-savvy friend

 

Featured image by Sean Chong.

If you like this article, Like The Middle Ground‘s Facebook Page as well!

For breaking news, you can talk to us via email.

 

skillsfuture_300x250

 

by -
0 0

by Ian De Cotta

THE past week has been open season for Singapore journalists and, in particular, sports writers. Commentaries on Quah Zheng Wen’s silence after two of his swims at the Rio Olympics hit a raw nerve among many Singaporeans who then vented their anger on social media and socio-political sites.

Full disclosure: I contributed to the firestorm with a commentary on my website.

I don’t want to discuss the merits of the commentaries. The Middle Ground’s editor, Bertha Henson, has already done this here. What I want to touch on is the racist diatribe that has been surfacing on some Facebook groups and online forums, without owners and moderators filtering them out.

A socio-political Web page, The Independent, not only allowed it to fester on its comment box, but even carried a story on August 12 with a provocative headline, ‘Veteran Indian journalist’s unfair criticism of Singapore swimmer draws fire’. More than 12 hours later it dropped ‘Indian’ from the headline and all readers’ comments, some of which were racist, after a few readers protested.

Singaporeans have a right to vent their anger and the Internet has given them the space to do so. It cannot be stopped and must not. But many do not bother about the responsibility that comes with this freedom.

The result is that characters of personalities, organisations and businesses have been maligned or assassinated.

But it has to stop when this breaches race and religion. If many of the heated responses to the commentaries are a measure, I fear we are at a stage where this protection, guaranteed in The Pledge and Constitution, is losing its power.

For one, calling an Indian journalist or person the derogatory ah bu neh neh has become acceptable. It is used with impunity on the Hardware Zone’s forum section where participants truncate it to ‘abnn’ (sic). This may be a trifle matter to some, but it stings for those in minority communities.

I was a boy during the 1965 race riots in Singapore and still remember the anger and killing rage of a racially broken society. My Eurasian dad, who could be mistaken for a Malay, and Chinese mum were in a desperate situation that endangered their lives.

We feared for family and friends then and again during the May 13, 1969 riots in Malaysia when tensions spilt into Singapore for seven days. My family and I have faced racial abuse and are familiar with the fear of walking the streets during those turbulent times and the period it took to heal wounds in the ensuing years.

So, when I read racist comments on Internet forums, I ask where is Singapore today in its quest for racial harmony?

Did we miss something along the way? Didn’t parents in the last couple of decades teach their children about the sanctity of a person’s dignity regardless of race and religion? Has teaching this become cursory in schools?

How widespread is racism in our cyberspace? Because if it goes unchecked, it will surely manifest in real life. What must be done to nip the problem in the bud before it takes on a life of its own?

Short of censorship, which I am personally against, there must be better policing by the G to suspend the licences of website owners if they don’t moderate debates in their forums or groups. Shut them down if racial abuses continue. Haul in guilty individuals and read them the riot act. Charge those who persist.

Young Singaporeans and those ignorant of the nation’s past must be made to understand that blood was spilt to unite Singaporeans in the name of racism.

It must never be shed again.

 

Ian De Cotta is a media consultant and former senior correspondent at TODAY.

Featured image Backlit Keyboard by Wikimedia Commons user Colin(CC BY-SA 4.0).

If you like this article, Like The Middle Ground‘s Facebook Page as well!

For breaking news, you can talk to us via email.

by Glenn Ong

“DADADA”. That was reportedly the password of Facebook’s co-founder and CEO, Mark Zuckerberg, whose Twitter and Pinterest accounts were hacked last month. The hackers claimed that they retrieved his passwords – often reused – from a massive LinkedIn password dump that took place in the same month. This was not the first time that data was leaked from LinkedIn – more than six million passwords were stolen back in 2012.

Frankly, with a password like that, “password dump” is a really flattering, generous, and face-saving reason for the success of the hacking. It implies that if not for the information leak, Mr Zuckerberg’s personal accounts would have been impenetrable. For more on data protection and end-to-end encryption, read our report here.

If even the man behind the world’s most popular social network couldn’t be bothered to devise different sophisticated passwords to secure his own accounts, it really sends a message about how seriously the rest of us should (and aren’t) treating cyber threats – you can read more about them here.

 

Why bother?

Why and how do we fall prey to cyber attacks? Gullibility, greed, and ignorance, it seems, are as big a danger to cybersecurity as crime and malice. According to a press release by the Singapore Police Force published this February:

…online commercial crimes comprising cheating involving e-commerce, credit-for-sex and internet love scam saw the largest increase of 95 per cent from 1,929 cases in 2014 to 3,759 cases in 2015

Determined hackers will study your routines and that of your friends, figure out your schedule, and tailor their approach to make it look so innocuous that you won’t notice anything amiss even after being hacked.

Others will make requests from you on social media while impersonating your friends, hoping that you will let your guard down when you see a familiar name or picture. Or, they will try time-tested methods of either promising you large sums of money (or sex) or threatening you with fake allegations and prompting you to click a link to a “government” website, where your personal and bank account details will be stolen. Why bother attacking from the front when your back is left unguarded?

 

What makes a good password?

“Password must include upper and lowercase letters, and at least one numeric character.”

Creating strong passwords is key to reducing your susceptibility to such crimes. A good password meets four criteria: complicated (vary its components, don’t use dictionary words), memorable (easy to recall), exclusive (don’t reuse), and regularly revised (at least twice a year).

A common advice is that complicated passwords should have an even spread in the variety of their compositions – meaning that they should have:

  1. Upper case letters (e.g. ABCD)
  2. Lower case letters (e.g. abcd)
  3. Numbers (e.g. 1234)
  4. Symbols (e.g. !@#$)

The above, however, is a necessary but insufficient criteria to meet. Clearly, something like “paSsw0rd!” would pass the checklist, but nobody in the right mind will use it (and yet, some do). A good variety of these letters, numbers, and symbols should be arranged in a seemingly random manner – or at the very least, it should be arranged in a way that wouldn’t be obvious or intuitive to anyone but you.

Linux password file by Christiaan Colen
Image Linux password file by Flickr user Christiaan Colen. (CC BY-SA 2.0)

But how do we create passwords that seem random but can be easily recalled? The key to this is meaning. Professor Simon Chesterman, the dean of the National University of Singapore’s Faculty of Law, wrote on Tuesday (July 19) in The Straits Times that a sufficiently complex yet memorable password can be crafted from a phrase rather than a word.

For example, think of an interesting (or eccentric) phrase like, “Wow! These 8 muffins are not enough for the 12 of us #Hungry” and take the first letter of each word to form your password (i.e. W!T8maneft12ou#H).

Prof Chesterman is not the first to suggest such a method, though – many too have been urging for people to create stronger passwords in the same way.

“You’ve Been Misled About What Makes a Good Password.”

However, there are experts who say that the above is still insufficient. A study published last October by Symantec Research, a global online security research organisation, found that numbers and upper case letters do little to deter successful hacking. Said Symantec researcher Mr Matteo Dell’Amico: “Attacks are more sophisticated now, and those best practice countermeasures are a little bit out of sync.”

He said that the idea that complicated passwords are the best rests upon the assumption that the strongest passwords are those that are unlikely to be guessed by “software that systematically tries every combination of characters”.

Checking Footprints by Adam Greig
Image Checking Footprints by Flickr user Adam Greig. (CC BY-SA 2.0)

However, researchers have found that password-guessing software has grown more complex. Instead of blindly trying every conceivable permutation, they now plow through lists of leaked passwords to determine common patterns, or to simply try the most common passwords first.

Their conclusion? The length of the password and the usage of symbols make a password stronger than upper case letters and numbers do. In other words, not all complications are equal – some matter more than others.

 

Reduce, reuse, recycle (not)

While most of us are tempted to choose the easy way out and repeat passwords across multiple accounts, we shouldn’t. Doing so makes us vulnerable to a hacker seeking to wreak havoc on every possible aspect of our lives.

Some websites have completely given up on the hope of their users having discipline, and have enforced mandatory password resets and disallowed users from reusing old passwords. The National University of Singapore, for instance, has a password policy including but not limited to:

  1. Your password cannot contain your userID or any part of your name. 
  2. You cannot re-use any of your 6 old passwords. 
  3. You cannot change your password more than once in a day.

 

Two-factor authentication (2FA)

Oftentimes, a good password is one that is reinforced by another password. By now, you would probably have grown weary of nagging reminders from SingPass asking you to set up and verify the 2FA process. No idea what that is?

According to IT security company SecurEnvoy, two-factor authentication is:

… an extra layer of security that is known as “multi factor authentication” that requires not only a password and username but also something that only, and only, that user has on them, i.e. a piece of information only they should know or have immediately to hand – such as a physical token

2FA can come in various forms, from having to key in a second, self-generated password, to using a random password-generating device for a unique one-time password (OTP) at every log-in, as banks such as DBS do.

There are drawbacks that come with 2FA, though. Physical tokens must be reissued or have their batteries replaced when they run out, and they can be easily misplaced as they are usually no larger than a credit card. The costs associated with the production and distribution of such tokens can also be prohibitive for companies to adopt. 2FA is no miracle pill either. A determined hacker may still be able to steal or gain access to your 2FA token, rendering all your efforts null.

Though if you are really such an interesting target for hackers, it’d be best if you hire armed guards to protect your information instead.

 

Want to find out more about protecting yourself on the Internet? Read the following:

  1. Malware, phishing & other cyber attacks – explained
  2. What is end-to-end encryption, and can the G circumvent it?

 

Featured image locked by Flickr user debaird(CC BY-SA 2.0)

If you like this article, like The Middle Ground‘s Facebook Page as well!

For breaking news, you can talk to us via email.

skillsfuture_300x250

by -
0 0

by Marc Bakker

THE Singapore government almost literally lit the Internet on fire last week by announcing that all civil servants would no longer be able to access the Internet from their work computers. As one might expect, the move has been almost universally panned. Most commentators have labelled this as a huge step back and I agree. If it stops there.

However, I have a feeling that this is but the first step in a longer process, which could well be a very smart and responsible move on the government’s part. I can see the torches flaring in the distance, along with the silhouette of pitchforks, but before you start flaming, hear me out for a moment.

 

Safe as banks

I used to work in banking, an institution that is known for security in both times past and present. Good security is security that takes into account digital security, physical security and human behaviour.

I was fortunate (and old) enough to have witnessed the corporate “discovery” of the Internet first-hand and I was young enough to be tasked with incorporating web-based services into our organisation. In those earlier days of the Internet, there were a lot of naysayers who preferred to stay offline. As a bank, security was always our highest priority and even back then, we all acknowledged that opening the company up to the Internet would bring with it increased security risks. Hence before we did anything, we consulted some of the world’s best security experts and what they told us was pretty mind-boggling.

First of all, I wouldn’t recommend talking to too many security experts in a row because you are at serious risk of ending up living in the desert wearing a tin foil hat. The world is a scary place. Threats are everywhere. The key to good security is to minimise the risks while still being able to provide the services you need effectively. It’s always a trade-off: security vs functionality. For the really super risk-averse the safest course of action is closing up shop and staying in bed all day – safe and stupid. That’s how the story has been spun by people who haven’t investigated the story in adequate depth, plus the lack of information from the Government’s side doesn’t help. But life is a little more complicated than that…

 

Sometimes less is more

Imagine that you had to create a secure system. What would be the biggest challenge? It always comes down to people. One of the things the security experts all agree on is that whatever security systems or processes you put in place, people will find a way to mess with them and I don’t just mean intentionally or maliciously. People will take shortcuts. Most of the progress that we’ve made as a society comes from people looking for more efficient ways to get things done with less effort (that’s how we got the electric toothbrush for example). So sure, you can build a system that is very secure, but due to the layers of restrictions, what you’ve just created is a giant puzzle for people to find (less secure) workarounds for in order to make their own lives easier. Hence the need to balance security with functionality. Incidentally, this is also why adding more layers of security, thereby adding more complexity to the system, can often counter-intuitively lead to more security issues.

Singapore is a smart nation filled with naive people, the likes of which have fallen for more than $4 million in parcel scams in the three short months of March, April and May 2016. This month alone we’ve seen two high profile scams; one involving DHL deliveries and another one involving the impersonation of police officers. On a global scale we’ve seen what is probably the biggest data leak in history with the Panama Papers and earlier this year a huge SWIFT exploit came to light.

What do all of these things have in common? Basically people. While everyone is focusing on tightening digital security, phone scams essentially hack people. You may be surprised to learn that only a small fraction of hackers actually major in computers and coding. The bulk of hackers are talented social engineers – sort of like conmen. Cybersecurity expert John McAfee of the antivirus software fame employs a team of 75 per cent social engineers and 25 per cent coders. Rather than trying to force their way into our phones and computers directly, scammers are using social engineering to just get us to hand over the information because it’s more efficient and takes less effort. In the case of the Panama Papers hack and the SWIFT exploit, both involve insiders gaining access to information and then doing nefarious things with it. According to the KPMG Singapore Fraud Survey 2014, 58% of fraud incidents were perpetrated by employees. So who exactly should we be securing ourselves against and how?

 

Oops I did it again

And for every deliberate security breach there are dozens of unintentional ones. Another older study by the Ponemon Institute found that 34% of data breaches were caused by negligent insiders. No nefarious intent, just complacency, laziness or whatever other dumb things people get up to naturally. And it’s not all digital either. A further 6% of breaches were caused by a failure to properly dispose of documents.

Be honest, have you ever written down a password or forgotten to pick up a copy from the printer or left documents on your desk before going to lunch? Congratulations! You’re a security risk! You’re also human though, so any data security process needs to take these very real human foibles into consideration. Not to mention that dealing with honest mistakes is a very different process from dealing with deliberate deception.

 

Don’t know what you got ‘til it’s gone

So back to the government’s decision to take civil service systems offline. What if restricting access to the Internet was but a first step in a longer process? If you were going to build a more secure environment, how would you strike the balance between security and functionality? How would you know whether Internet access was absolutely essential to someone’s job or not? You couldn’t just ask people. They’d just swear up and down that yes, they absolutely cannot live without the Internet. Instead, what if you just turned it all off and observed what happened? Which departments would grind to a halt? Which ones can find workable workarounds? Which departments or functions are unaffected despite the loud protests? Once you have a better grasp of the scope of the real problem, it would be much easier to refine the rules, create a workable security framework and access rights, reconnect non-essential or non-sensitive systems to the Internet based on empirical evidence instead of on the basis of speculation or on the basis of who shouts the loudest.

 

Only time will tell

So, is it taking government departments a step backwards? Maybe it is. Or maybe it’s a first step on a bigger journey to create a more secure environment that takes into account all three prongs of the security arena: the physical, the digital and the human side.

Of course this is merely speculation at this point. I’m hopeful, but I can see why others are not so optimistic. It would have been helpful to have some spokespersons to step forward and correct any misconceptions about the plan’s goals and longer term intentions. Amidst the exaggeration that we’ve given up on the Internet, is the final balance that this whole exercise is going to boil down to. Will civil servants simply live separate lives online and offline, or will we all be living in the desert wearing tin foil hats? Those are risks that we’re just going to have to take.

Alright, I’ve said my piece. Now… flame on!

 

The writer is the Marketing Director of Right Hook Communications, a boutique PR agency that pushes boundaries… and buttons.

 

Featured image Internet by Flickr user Ministerio TIC Colombia(CC BY 2.0)

If you like this article, Like The Middle Grounds Facebook Page as well!

For breaking news, you can talk to us via email.

skillsfuture_300x250

Clock showing 0830

THE current healthcare system cannot be sustained, said Minister of State for Health Chee Hong Tat. Singapore cannot simply scale up the number of hospitals and healthcare workers, so there is a need to question why certain rules or procedures are the way they are in order to become more efficient. More data is also needed to progress, especially when it comes to billing.

At the same event, geriatrician Carol Tan of The Good Life Co-operative said that greater priority needs to be placed on prevention. She also highlighted that third party administrators are damaging the quality of care and making the system inefficient by charging doctors, mainly private specialists, fees for each patient they see. These organisations represent insurers and their corporate clients to help manage claims. Mr Chee said that he did not know enough about the practice yet but that the ministry would move to curb it if it was parasitic.

The G’s computer systems cannot be linked to the Internet, but this doesn’t mean there will be no Internet for the G. That’s what Dr Vivian Balakrishnan, the lead man for Singapore’s Smart Nation initiative, said in Washington DC. In fact, Dr Balakrishnan said that cyber security is an absolutely essential part of being a smart nation. This is because of a clear and present threat of espionage and criminal activity on the Internet and people need to realise this and protect themselves, even as individuals.

That means you, reader, on the Internet right now reading this article.

The ecosystem cannot support these 400 workers so we will retrench them, says RWS. It’s because of bad debts, say some analysts, while others point to the slowdown in tourism and the gambling industry, especially from high roller clients from China in the wake of a graft crackdown. But casino rival MBS is still hiring.

The lift system in block 299A Compassvale Street cannot make it, says a resident. The latest in a spate of five lift incidents in eight months, some of which have resulted in deaths and injuries, was about how the lift stopped between the third and fourth floors, dropped down to between the second and third floors, and then had a hard landing on the first floor. Mr Zainal Sapari, who is both Pasir-Ris Punggol MP and Town Council Chairman, said that the lift was tested but no fault was found. The Town Council is checking other lifts. Residents say that the lifts have been malfunctioning regularly over the last year.

 

Featured image from TMG file. 

If you like this article, Like The Middle Ground‘s Facebook Page as well!

For breaking news, you can talk to us via email.

skillsfuture_300x250

 

by Daniel Yap and Wan Ting Koh

EVERYONE’S talking about the G’s move to restrict Internet access for people working in both ministries and agencies from next year. Is it really necessary? How bad could it get for the G to resort to such a drastic measure? How will civil and public servants be affected?

Here are 10 questions we have for the G, and how they might answer:

1. How much slower will the civil service function because of this move?

We often hear of public servants complaining that their workload is too heavy (of course, nobody complains that it is too light). It is well-known that teachers have hectic schedules. Surely these already-packed schedules will be worsened by the air-gap, no? Or will taking things offline force officers to cut down on busywork to survive?

What the G might say:

Any interruption is likely to be work-flow based and minor. If you’re fond of copying and pasting online content to your work emails, well, you can’t do that anymore. Different ministries and agencies will take the rest of the year to figure how to work around this. Some will be more affected than others. The Education Ministry, for example, has already said that it won’t be restricting its teachers from using the Internet since they use it for teaching and learning purposes.

 

2. Was there an imminent or past cyber-threat that prompted this move?

Although it is probably safe to assume Singapore is being spied on at all times, was there any incident (domestic or foreign) that prompted this decision? There must have been pros and cons weighed. How did the scales finally tip this way?

What the G might say:

Or you could argue perhaps that it was only a matter of time before the G headed down this path. Just earlier this year, South Korea claimed that North Korea had tried to hack into the email of South Korean railway workers in an attempt to control the transport system.

Luckily, it was able to block the attack by closing the employees’ email accounts. In another incident, the mobile phones of 40 national security officials in South Korea were hacked. So you might say that there have already been plenty of examples that have led to this perhaps drastic move – even if none of them happened in Singapore.

Just earlier this year, South Korea claimed that North Korea had tried to hack into the email of South Korean railway workers in an attempt to control the transport system.

3. Why apply this to ministries that may not be considered high-security?

The teaching service (although that brings to mind the “computer glitch” that delayed student ranking data recently), the Ministry of Social and Family Development, and Manpower Ministry may not be obvious high-value cyber targets. Was the decision to air-gap implemented across the board rather than calibrated based on more tailored risk/impact assessments?

What the G might say:

Well, it’s true that some ministries are not considered as high-security as others that hold, say, state secrets. But in general the G does have extremely sensitive information – about everyone, you included.

Take what happened last year in the United States for example. A total of 21.5 million people were involved in a massive breach of government computer systems which resulted in the theft of their personal information, including their social security numbers, their financial history, some fingerprints and even their health records.

While these are not state sensitive information, these are still private details that no one wants in the hands of strangers who are probably up to no good, to put it mildly.

A total of 21.5 million people were involved in a massive breach of government computer systems which resulted in the theft of their personal information, including their social security numbers, their financial history, some fingerprints and even their health records.

4. How severe would the effect of a cyber-attack on the G be, based on current systems?

The uniformed and essential services such as utilities already practise some degree of air-gapping. What risks is Singapore currently exposed to that might result in serious consequences due to a cyber attack? Most known cyber attacks these days do not have very severe consequences. What other consequences are there that we don’t hear much of?

What the G might say:

While Singapore has not been hit by major cyber attacks, it is not invulnerable to security threats. Security software firm Symantec’s Internet Security Threats reported last year that Singapore was the third most popular destination for spear-phishing, where crooks send messages through email that appear to come from a trusted source, but in fact downloads malware or viruses to victims that click on the fake link.

We can also look to instances of cyber attack in other countries to see just how bad it can get. Ukraine’s power grid was attacked by hackers in Russia, who cut off electricity to over tens of thousands of people in December last year. The hackers also flooded the call centres of the power companies to prevent customers from reporting the outage.

Ukraine’s power grid was attacked by hackers in Russia, who cut off electricity to over tens of thousands of people in December last year. The hackers also flooded the call centres of the power companies to prevent customers from reporting the outage.

5. What kinds of systems can be put in place to mitigate the negative effects of air-gapping?

We’ve heard very briefly about how workflow will change for civil servants after government computers go offline. What measures are in place to improve workflow in the new operating environment? Will Singapore develop new systems?

What the G might say:

While new systems have yet to be announced by the G, it has said that the agencies and data scientists will be coming together to decide on the possible measures to mitigate the inconveniences caused by the restrictions. Beginning from this year, the restrictions will be rolled out in phases to different groups of public and civil servants to ease them into their new workflow process.

 

6. What other cyber defence solutions were considered and rejected before deciding on this one?

Has any other technology or process been developed that can help with Singapore’s cyber security? Why were these inadequate?

What the G might say:

An alternative operating system perhaps? Why not upgrade our defences instead of doing away with the internet altogether? While this might seem intuitive, other factors come into play, such as cost. Constantly upgrading our systems to deal with evolving cyber security threats might cost up to billions of dollars, what with our sizable civil/public service sector. This would include having to constantly maintain those 100,000 computers to keep them virus-free.

Just look at how much we’ve spent on cybersecurity in the past years. In 2013, we spent $130 million on a plan to enhance the G’s cybersecurity in the face of a rising tide of global cyberattacks. Just last year, 10 per cent of the IT budget was spent on cybersecurity. This will likely rise if we were to keep upgrading our systems.

So you could say that both upgrading the system or switching to another, will cost a lot of money. Question is, which is going to be more effective in preventing a cyber attack?

 

7. What cyber-attack capabilities do our adversaries have?

What can they do? How will they do it? Who are they exactly?

What the G might say:

Well, we can’t say who for sure. Presumably people from various backgrounds would like to hack into our systems to get their hands on information that may be beneficial to them, including state and non-state actors. They might be terrorists, trying to seek state ransoms to fund their activities, as was the case with the Hollywood Presbyterian Medical Center in Los Angeles, which had to fork out US$17,000 (S$22967.85) worth of bitcoin in ransom in February this year after hackers installed a virus that encrypted their files, leaving hospital employees unable to access health records. They might be students trying to bring down systems for lulz.

They might be terrorists, trying to seek state ransoms to fund their activities, as was the case with the Hollywood Presbyterian Medical Center in Los Angeles, which had to fork out US$17,000 (S$22967.85) worth of bitcoin in ransom in February this year after hackers installed a virus that encrypted their files, leaving hospital employees unable to access health records.

8. How prone are civil servants to security breaches?

Is there complacency or ignorance among civil servants when it comes to cyber security? Would such attitudes still place our government systems at risk even with air-gapping? Stuxnet infected Iran’s nuclear program even though it was offline.

What the G might say:

Complacency could definitely be a risk-factor. But sometimes it could be as easy as surfing the wrong website or clicking a false link sent to you via email. Surfing the wrong websites might make you susceptible to malware downloads.

Cyber Security Agency of Singapore told TODAY that with the new restrictions, “the specific actions that are prohibited in this instance are actions that attackers want government employees to do, such as clicking on a link in a spear-phishing email, thereby allowing attackers to use the Internet surfing channels to exfiltrate stolen information.”

 

9. What about major contractors who handle sensitive projects for the G: Will they also be required to air gap their systems? Or do they already practise this?

NCS, for example, develops some of the software used by the military. ST’s group companies also work on high-security projects. What happens if they get attacked? Is there a need for them to conform to the same safety protocols?

What the G might say:

In general, contractors currently have their own instruction manual which they have to follow with regard to security measures. These manuals are updated periodically, and the next time they are, contractors might find themselves having to follow in the agencies’ footsteps as well.

 

10. Is this practice recommended for other industries?

If this is a good decision for the whole of the G, would that mean it is also a good practice for other industries or companies as well? Productivity loss by the G due to a cyber attack can be as bad as productivity loss from a cyber attack on the private sector. Are there real risks that Singapore’s companies and citizens face that we are unaware of?

What the G might say:

Currently for banks, telcos, and casinos, cutting off Internet access entirely is not common practice. Some banks give only some employees Internet access, all while blocking file-sharing sites, web-hosted email and pornography websites. But these companies also have a trove of personal details in their systems, so while the G can’t really tell them what to do, there may be a cause for restricting Internet access to all but those who really need it. After all, since even Hollywood studio Sony Pictures Entertainment was hacked, who’s to say companies with more sensitive information, like banks, would not be?  

 

Featured image by Natassya Diana.

If you like this article, Like The Middle Ground‘s Facebook Page as well!

For breaking news, you can talk to us via email.

skillsfuture_300x250

 

by -
0 0
Morning Call, 0830, clock

IF YOU’RE reading this on your work computer, take a moment to consider how nice it is to have access to the Internet at the office. Come May next year, that won’t be true for people in public service – and they’re not happy about that.

Response to a report yesterday (June 8) by The Straits Times that the G is planning to block the Internet from work computers has been swift and critical.

TODAY said civil and public servants described the move as “regressive” and “disruptive”. One person said it was like deciding to move out after your house gets burgled, rather than installing better security features. Another said it was the G choosing a “nuclear” option over simpler solutions.

“I feel like there are relatively simpler solutions but they just decided to use the nuclear option.”

In The Straits Times’ Forum pages, Mr Dennis Chan said the move was “at odds with the Government’s Smart Nation initiative.” Another reader, Mr Rajasegaran Ramasamy, urged the G to “carefully think through its decision and take time to make it a wise one.”

The Infocomm Development Authority (IDA) sent out a memo and circular reiterating the G’s reasons for cutting off web access at work: “As long as the Government networks are connected to the Internet, the risks of Government data being stolen and leaked will be heightened.”

“With the number of cybersecurity threats on the rise, being attacked is a given.”

The agency added that employees will still be able to send emails and access G services through the Intranet. Other computers and mobile devices can also be used as long as they are not connected to the G network.

What would you say to your boss, if you can no longer surf the Internet on your work computer?

Meanwhile, the G has responded to complaints from another group – nature lovers who want it to rethink building an MRT tunnel under the Central Catchment Nature Reserve.

Preliminary plans for the 50km Cross Island Line had shown it cutting through forests in the reserve. The Land Transport Authority (LTA) said yesterday that it would put in new measures to keep the forests safe during its tunnel tests.

These include allowing nature groups to observe the work and avoiding freshwater streams, which are sensitive environments.

Speaking of sensitive environments, at least two corporate sponsors of Pink Dot have come out to reiterate their support of the annual LGBT event despite the G saying foreign companies should not “fund, sponsor, support or influence” events held at the Speakers’ Corner. They are Google and Barclays.

“We’ve been proud supporters of Pink Dot since 2011.” – Google

JP Morgan, Apple, and Bloomberg declined comment, reported TODAY. Goldman Sachs said it was reviewing the G’s statement regarding the matter. Will they go back into the closet, so to speak? Read Daniel’s take on the controversy here.

Lawyers interviewed by TODAY said this appeared to be the first time the G is taking a stance by linking the matter of foreign funding to social causes, and that the G should make clear its definition of a “foreign corporation”.

 

Featured image by Kong Chong Yew.

If you like this article, Like The Middle Ground‘s Facebook Page as well!

For breaking news, you can talk to us via email.

skillsfuture_300x250

Watch, 08:30

CORPORATE sponsors for the annual Pink Dot event were put on the spot yesterday (June 7) when the Ministry of Home Affairs (MHA) released a statement saying “foreign entities should not fund, support or influence” events held at the Speakers’ Corner, including the gay-friendly get-together held last Saturday.

The ministry did not specify if a foreign company with a Singapore-registered arm was considered a “foreign entity”, or if it would take any action against such sponsors. Responding to the statement, a Pink Dot spokesperson said all its corporate sponsors are registered and incorporated in Singapore.

This year’s Pink Dot event attracted 18 sponsors, including Apple, Facebook and Visa for the first time. Into its eighth year this year, this is the first time the G has made such overtures to discourage its sponsors.

The ministry said the statement was made in response to media queries but netizens are pointing to an online petition that may have forced the G’s hand. Titled NO! to Foreign Intervention in Singapore’s Politics, the petition appears to take issue with American politics influencing Singapore laws.

On its Facebook page, however, several of its posts targeted news related to the Pink Dot event, the repeal of 377A, a law that criminalises homosexual acts, and same-sex marriage.

After the statement was issued, organisers of the petition posted a message, saying “Thank you MHA for hearing the voice of Singaporeans!”

Speaking of foreign companies, Tower Transit is definitely going to bid for the right to run 26 bus services out of Ang Mo Kio, Yio Chu Kang and Yishun bus interchanges. Woodlands Transport is also making a bid for the package. This is the third and last package to be put up for a bid. Singapore’s bus system is divided into 12 packages, of which nine will be operated by incumbents SBS Transit and SMRT. The winner of the bid will start operating buses on the route in early 2018.

More on foreign news – or rather news about foreigners… Singapore is offering aircraft, satellite photos of fires, and fire-fighting assistance to Indonesia as the dry season starts. This assistance package has been offered every year since 2005.

Whether the Indonesian government will take up the offer is still hazy, given the recent run-ins over the Republic’s extraterritorial Transboundary Haze Pollution Act.

From December 1, visitors to Myanmar will no longer require a visa under a new 30-day visa exemption programme. The easing of visa rules was announced yesterday on the Prime Minister’s first day of visit to Myanmar, where he met with President Htin Kyaw and State Counsellor Aung San Suu Kyi.

A last word on a different type of “foreign bodies” – all official computers used by public servants will be cut off from the Internet from May next year in an unprecedented move to prevent malware from compromising network safety.

Web surfing can still be done on employees’ personal devices, and dedicated Internet terminals will be issued to those who need them for work, said a Straits Times report.

 

Featured image from TMG file. 

If you like this article, Like The Middle Ground‘s Facebook Page as well!

For breaking news, you can talk to us via email.

skillsfuture_300x250

by -
0 525

In Singapore, there is a woman who lost more than half a million dollars in an Internet love scam and a man who paid out $74,000 for sex he never received. Criminals on the Internet are preying on the naivete and gullibility of Internet users here, raking in some $16million last year. That’s what the crime statistics for 2015 revealed even as crimes committed in the real world came down. The number of e-commerce cheating, credit-for-sex and internet love scams almost doubled to 3,759 cases last year, which makes you wonder if educating people on the use of the Internet is keeping pace with the wiring up of Singapore. It certainly does not make us sound like a Smart Nation.

Here’s another kind of cheat. Ten people, including foreigners, have tried to cheat the Taxman by claiming GST refunds that are not due to them. It amounts to $334,000 over five years. They go to counters at border checkpoints to claim refunds, which are allowed for tourists who make purchases. Trouble is, fraudsters either fake the claim or get bonafide travellers to claim the money.

Under the GST Act, those who engage another person to get a refund faces a fine up to $5,000 or, in default of payment, jail of up to six months. Making fraudulent GST refund claims attracts a penalty of three times the amount of tax refunded. There’s also a fine of up to $10,000 and jail of up to seven years.

You know by now that the stock markets are jittery. So people are back to backing gold again. The shiny metal is making a comeback as the traditional safe haven. Bullion for immediate delivery has shot up 17 per cent this year to US$1,242.16 ($SG1736.42) an ounce as of 8pm yesterday, outperforming global stock and bond markets, reported ST.

The Ministry of Education ministry has put up a NO ENTRY sign in schools, rejecting the Singapore Democratic Party’s offer to schools to hold socio-political talks. We will have more on this later.

 

 

Featured image by Chong Yew. 

If you like this article, Like The Middle Ground‘s Facebook Page as well!

For breaking news, you can talk to us via email.

 

PR

by Nurshahiylia Erdina and Wesley Gunter

HAS it died down already? Is it safe to come out now and talk about it? In the last week or two, Crab in da Bag and Lavastone Steakhouse have shown us how sometimes it’s better to not respond to negative feedback- especially when it’s for the whole world to see. And yes, that applies to your personal page too.

But on to the lessons in brand management.

Online user reviews are a dime a dozen in our online world. Such reviews can range from a simple ‘liked it, will try again!’ to a level of detail that sometimes borders on the obsessive compulsive. With great power, however, also comes great irresponsibility: smartphone-brandishing customers are also known to use social media to threaten eateries with the dreaded threat of a bad review. Sometimes this prompts a counterattack.

But first, Crab in da Bag.

1cidb

In a bid to rival Ms Joan Soon’s eye for detail, Crab in da Bag decided to cyber-stalk the customer, uncover private details of her life and post it in a passive-aggressive reply/defence. Just the kind of behaviour customers like to see from the restaurant they are thinking of patronising. Wait- is that waiter secretly taking my photo?

2cidb

There are always two sides to every story. There have and always will be customers who are unreasonably picky. On the other side of the battle-line, cases of brands mishandling customer feedback pepper the internet landscape. Readers pick sides, fire off comments, thus starting a small war.

But as far as a brand is concerned, does it matter if there are voices on your side? Most people stop and watch a brewing fight because it is a chance to gawk at two idiots, and not because they care about the reputation of your brand. This sort of engagement forgets the objective of replying to customer feedback – to make the customer feel better.

Lavastone Steakhouse’s management, however, seemed like it was only interested in how the management felt. About everything.

The eatery, which coerced customers to give five-star reviews on Facebook in exchange for a free “upsized” steak, nonetheless copped a few bad reviews. Their response? Hit back hard with personal insults, capitalised words, exclamation marks, horrible spelling and other signs of immaturity. One bad review even received four raving, rambling replies from the steakhouse, which included accusing the customer of having a “poor attitude” and “no guts”. Now that is a unique dining experience.

The result of all this publicity was that people visited their Facebook page just to give them a one-star review, without even eating there. Their rating plummeted and the management felt compelled to publish another defensive post explaining that the one-star reviews are to be disregarded.

Screen Shot 2016-01-13 at 5.41.17 PM

 

That’ll teach us to trust a public rating system.

Sometimes it helps to not fight back. Polite answers might not make it to the headlines, but there is a reason why the best customer service staff are always impeccably polite, even while kicking an unruly patron out of the establishment. Politeness helps de-escalate confrontations and keeps things under control. You can’t win over an unhappy customer by arguing with them.

But what may be the best way of all is to take things out of the public eye, where ego and public comments can really get in the way of two people trying to communicate.

8cidb

Having the matter settled through PMs, email or a direct phone line not only allows for a more tailored one-on-one approach but signals to the customer that you’re giving weight to their opinion as well. While taking things offline means that the public will not be able to see you fix things, it ensures that a more personal touch is taken (the good type, not the CCTV I-know-your-friends-and-family type). If everything goes well offline, a follow-up comment may be added that to say that everyone is happy with the outcome.

Meanwhile, Lavastone Steakhouse continues to argue with reviewers online. At least we know which Facebook page to go to when we want to watch an online fight. Please feel free to rate the verbal combat.

As the saying goes: “Let them have the gutter. You take the high road. The view is better and there is less traffic.”

 

The authors are public relations professionals at local PR agency Right Hook Communications.

Featured image by Flickr user Niuton may. CC-BY 2.0

If you like this article, Like The Middle Ground‘s Facebook Page as well!

For breaking news, you can talk to us via email.