‘Fix the human’ to ensure better security, says Singapore GovTech Minister

By Joshua Chambers and Vanessa Gu

Dr Janil Puthucheary says responses and policies are vital because breaches not caused by tech failure.

Image: Ministry of Transport, Singapore

Recent cybersecurity leaks in Singapore “have all been the result of human factors,” said Senior Minister of State Dr Janil Puthucheary. The Minister-in-charge of GovTech said that a “robust” response and policy is therefore needed to tackle future cyberattacks.

In the past 12 months, three major attacks have been reported in the national press: the breach of 1.5 million healthcare records held by SingHealth in 2018, including those of Prime Minister Lee Hsien Loong; the theft of the national HIV register and partial publication online, which came to light in early 2019; and the availability of 800,000 Singaporean blood donor records online, which was discovered last month.

Speaking at the Balestier Lunch, run by the American Chamber of Commerce, Puthucheary said that in all of these cases “there was not a technological failure, it wasn't because someone failed to download the update patch, or install the wrong [operating system], or connect to the wrong wire. These are all human factors.”

“When you look at issues of cyber security, data security and data privacy around the world, one of the most difficult things to do is to fix the human,” he added. It is “probably easier to upload a patch, disconnect from [the] internet [with] surfing separation."

The Government is responding to these issues, he said, by asking: “How we can mitigate risks, how can we handle these issues, do we have the right structures and systems and processes in place?”
.
“Even if we have them right today, how are we [building] a system that will be resilient enough to the changes that will happen week-on-week, month-on-month, year-on-year”?

Government has created a committee, chaired by the Deputy Prime Minister, to review data security practices across the entire public sector, he noted, to ensure “a robust response to breaches as well as our policy implementation to shore up on the confidence”.

“Breaches - whether they have privacy, security or cyber security [elements] - will happen again,” he cautioned, echoing the Prime Minister’s comments last year that there is always a risk when systems are attacked thousands of times a day.

Government confidence should ultimately be measured by citizens’ trust in digital services and the overall security of the internet, he concluded. “The proof is in the behavior of people, which is that actually they are increasingly going online, they are increasingly engaging in these products - using a digital solution even when the counter is available and the [paper] form is available.”

This is particularly true in healthcare, he said. Artificial intelligence and new data techniques are making new treatment methods and regimens possible. “The benefits of this type of technology deployment are too great, we cannot go back,” he said.