Singapore Addresses Government’s IT System Loopholes

Singapore is in the course of carrying out steps and tools to resolve many “IT weaknesses”, including weak controls and insufficient review mechanism of privileged user activities, according to the latest report by the Public Accounts Committee.

Initiatives have been ongoing to fix IT gaps in the government’s system, with automation software taking center stage since last year. These steps were formulated in January 2020 due to the public sector’s frequent IT lapses in its 2020 report.

The report further emphasized the need to address emerging threats and weaknesses created by the fast speed of technological changes during the global pandemic.

Singapore Government’s IT System Loopholes

The report also highlighted the lack of good standard operating procedures in the administration of user access rights. The processes still use manual logging and analysis of privileged user activities.

“Given the increasing pace of digitalization and outsourcing of IT operations in the public sector, IT-related risks such as data security and cybersecurity risks will remain key risks for the government,” the committee stated in their published report on Monday.

The Public Accounts Committee added that it could be possible to improve controls on third-party suppliers and partners. The Smart Nation and Digital Government Group (SNDGG) led actions to close the IT system gaps.

The SNDGG emphasized the significance of human supervision, modifications in procedures, and conformity with these modern processes alongside the implementation of automation and technological solutions.

New procedures have since been set in place around the public sector to promote a “more coordinated and effective response” to data incidents, as per the Public Accounts Committee.

This includes the creation of the Government Data Security Contact Centre last April as a medium for members of the public to disclose data incidents affecting public agencies.

The SNDGG confirmed that it is actively setting up a government-wide enterprise risk management system, ‘ICT and Smart System’. This system would include a central office, risk managers, and incorporation of the structure with the enterprise risk management systems of each agency.

In February 2020, the Singapore government declared that it would allocate SG$1 billion to upgrade its cyber and data security networks. They added that this was crucial as its agencies gradually integrated technology such as cloud, artificial intelligence, and the Internet of Things.

As digital technology efforts accelerate, the funds to be invested over the next three years are intended to equip the nation to deal with cyberattacks and enhance its cybersecurity.