Governments in Asia should follow Singapore’s controversial policy of disconnecting email systems from the internet, a CEO of a global cybersecurity company has told GovInsider.
“If a government network is able to create some isolated networks I think it’s the smart thing”, Udi Mokady, CEO of CyberArk said. “With regards to what Singapore is doing, I actually think it lands well.”
“Every basic book in cybersecurity talks about [how] the best way is if you can disconnect,” said Mokady, a former Israeli intelligence operative. “It’s not always possible – you have to do that without causing damage – but military networks are disconnected, you don’t open them up to the internet”.
He stressed that efforts must be made to ensure that service delivery channels still operate seamlessly online, but advised isolating systems to learn from errors made in the United States.
Citing the case of the US Office of Personnel Management having its HR records hacked, he said that “the damage is just endless – on top of 20 million records of employees they stole 5 million records of fingerprints. That’s something you can’t change.”
“You want to put various layers of isolation if you can, and so if the Singapore Government is able to segment networks but also provide the service to its citizens – I think it’s a good step.”
Mokady also suggested that government agencies should be cautious about public cloud, using a hybrid approach to secure their data.
“I think probably the right way is a hybrid approach that you still keep the most critical assets in a private cloud. If I look at the banks and the financial institutions and how they’re raising cloud right now, it’s probably the equivalent. They’re taking the less classified elements and seeing if they can put them outside and testing the water”.