I've seen this happen in a lot of industrial networks as well. At the end of the day the work needs to get done. If internet access is necessary for that, then somebody will plug in a mobile router or phone to this "isolated" network. This is especially common when remote vendors and support teams need access to this network to troubleshoot issues.
So now instead of centrally designed and managed IT infrastructure and remote access, you have something like a Teamviewer service enabling remote access through these rogue gateways.
The proper way to do this is to have 2 machines, one connects to intranet and one connect to internet. The one connect to intranet won't accept any external devices, completely unable to connect to internet or even copy data out using thumbdrive. If cost is an issue, VM could work (but riskier).
There will usually be a one-way file copy service (with AV scanner) that you can use to transfer files to the secure network. No access to cloud services is very much a feature, not a bug, as these measures are implemented for security.
The purpose of security is to help the business get its job done without disruption. If security were a goal in itself, you could just shut all the servers down and go home.
If a "security" measure is causing disruption to the business, it's not doing its job.
It's a spectrum. Business would be a lot easier for DBAs if there were no firewalls between PCI (credit card) data and their applications, but we do it because it mitigates risk.
DBAs as in database admins? I'm talking about the business goals of the company as a whole, not for individual employees / departments. The reason you want to mitigate risk is because you want the company to get its business done (i.e., you want customers to be willing to give you money).
I don't think there's any spectrum here. Good security is what helps the company's business goals. Bad security (which isn't really security) hurts it. Sometimes there are legitimate questions about whether to optimize for short-term or long-term goals, but that's no different for every other business decision a company makes.
i don't know whether this is true or not... maybe hongyi can comment here ;)
but a lot of personal data in Singapore is wonderfully linked up across almost all government departments in the country. all government services can be accessed through a single log-in: taxes, property, immigration, CPF (a plan similar to the 401(k)), healthcare and insurance, etc. are all on the same system.
this might mean only one point of failure in any of the civil departments is needed to gain access to a lot of details about a person living in Singapore, resident or not. afaik, few other countries have integration as tight as this, so a failure somewhere could be contained. I suspect it is more vulnerable here.
Problem is, since everything accessible via this single log-in is by definition open to the public Internet (because otherwise citizens can't use it), cutting government bureaucrats off the net does precisely nothing to reduce this attack surface or secure this data.
you might get personal details of a single person by going through the public internet, but find your way onto a civil servant's machine and you might get personal details of everyone in Singapore.
guessing it's probably going to be like how you access microdata in the US.
That public website is pulling the data from somewhere, yes? So if you can hack into that, you can likely extract all the data.
I suspect this is more about the Singaporean government being paranoid about internal gov't docs leaking out, which airgapping would go some way to preventing. This is, after all, the country that tried journalists for revealing a deep dark secret: GDP growth figures. http://www.nytimes.com/1993/10/22/news/22iht-sing_0.html
(Yes, that's 1993. But still.)
unauthorized dissemination of economic data is a serious offense in many countries. in the states, you can go to prison for it.
in this Singapore case, the journalists and the official involved were fined. no jail. lucky them. the official involved is now our deputy PM and chairman of the central bank, after holding various ministerial positions in the last few decades.
they were not hidden. they were released ahead of time. the uncanny accuracy of an expectation article a month before the official release led to the opening of the case
Yeah, but hacking into some random entry level public servant's desktop (and then using that to get to the mainframe) is probably a lot easier than hacking directly into the mainframe (or racks in a DC, who knows) that actually stores the data. The latter may take technical chops if singapore IT has their security together, but the former can be done by just spear phishing, leaving usb keys on the street, etc
We had this debate when the new just broke a few months ago and many people simply assumed that public servants cannot surf Internet during work. This is not true, and it was pointed in the article as well:
> Public servants would still be able to surf the web but only on separate personal or agency-issued devices.
Which, for budgetary reasons I'm sure, will probably end up rationed and shared. For The Powers That Be, this will mean less machines to track for potential dissent-related activities, activities which will likely self-curtail anyway because of reduced privacy while using such machines; but that's just an unfortunate side-effect, I'm sure.
My company did the same thing recently, the general consensus seems to be that it was entirely security driven. Old internet is locked down to a bunch of whitelisted sites (before this it used a blacklisted gaming/nsfw sites) and they put in a new private wifi you can do mostly whatever you want on and they setup some terminals for people without their own devices.
EM shielding, audio isolation, light tight, and physically secure (including guards to put everyone through a metal detector), supply chain security. Any one of them imposes costs, and EM shielding most of all. (Will, a culture of fear and anxiety might be more expensive, but we already live with that.)
It is too expensive for almost everyone. I think we will collectively settle for pretending nothing is wrong.
You've essentially rattled off the US Government SCIF specifications (which are public and a fascinating read).
Also non-conductive ductwork and plumbing at the edges of the SCIF and careful selection/programming of the phone system to make sure an attacker can't remotely set a phone off hook and use it as a microphone.
Mostly right. SCIF phones are always press to talk with speakerphone disabled. Typically they are very simple POTS phones, with high roll-off lowpass filters where they exit.
Having a smart PABX which can transparently route cell calls to internal numbers is very important to making SCIFs functional.
It was interesting to read that Hillary Clinton had problems at State because her staff couldn't access their phones in the office - primarily SMS or BBM I think.
The "no Internet" thing really just means, our Internet access will be on a separate PC from where we usually do our work, not that we have no Internet access at all. People constantly joke that they don't know how we're going to do our work without Internet, and it gets tiresome after a while.
Many Indian outsourcing companies do that as well. Employees can only access internet and few technical sites from their own computer but to access Gmail they have to login into a separate computer.
This is done in "secure sites" in the militeraly all over the world. the site itself doesnt have internet but some provide connections through a completely seperated series of thin clients outside of the network
I know of software developers in banks that does not have internet access at their work pc. But they do have Internet access on another pc. They also must give in their phones as they clock in...
Is this 2 PCs on every desk? Or one Internet-connected PC, which you need a good reason to get in line for at some other part of the office on some other floor?
Won't this basically cut off a lot of small/medium public-cloud companies from doing business with Singapore public agencies? All sorts of networking trickery will be required to enable such services, which will be unfeasible for "appointment reminder"-size businesses.
Curious, I did a reverse lookup on the IP and found it to belong to a Singapore government agency. (It seems to be a generic verizon IP now - is there an easy way to see the history of whois records?)
Given the timing of the release of the slide and the new policy, it's plausible that the two are related.
40 comments
[ 1.7 ms ] story [ 90.9 ms ] threadI guess they'll find out how proper their network is and how much they were relying on external "shadow IT". :)
It's mentioned at the end some Japanese companies tried it and failed; not encouraging, but perhaps different circumstances.
So now instead of centrally designed and managed IT infrastructure and remote access, you have something like a Teamviewer service enabling remote access through these rogue gateways.
If a "security" measure is causing disruption to the business, it's not doing its job.
I don't think there's any spectrum here. Good security is what helps the company's business goals. Bad security (which isn't really security) hurts it. Sometimes there are legitimate questions about whether to optimize for short-term or long-term goals, but that's no different for every other business decision a company makes.
That normally covers all high security work, but 99% of the work of a government is communicating with the public, on both directions.
If service is required for work - it should on corporate network.
Plus how will government internet services be able to access data on the Intranet and vice versa.
I suspect at some point the will end up with computers connected to both networks and those will need to be constantly monitored and kept secure.
At the end of the day if they offer any internet based services to their citizens that data needs to make its way back to the Intranet somehow.
but a lot of personal data in Singapore is wonderfully linked up across almost all government departments in the country. all government services can be accessed through a single log-in: taxes, property, immigration, CPF (a plan similar to the 401(k)), healthcare and insurance, etc. are all on the same system.
this might mean only one point of failure in any of the civil departments is needed to gain access to a lot of details about a person living in Singapore, resident or not. afaik, few other countries have integration as tight as this, so a failure somewhere could be contained. I suspect it is more vulnerable here.
guessing it's probably going to be like how you access microdata in the US.
I suspect this is more about the Singaporean government being paranoid about internal gov't docs leaking out, which airgapping would go some way to preventing. This is, after all, the country that tried journalists for revealing a deep dark secret: GDP growth figures. http://www.nytimes.com/1993/10/22/news/22iht-sing_0.html (Yes, that's 1993. But still.)
in this Singapore case, the journalists and the official involved were fined. no jail. lucky them. the official involved is now our deputy PM and chairman of the central bank, after holding various ministerial positions in the last few decades.
We're talking about GDP growth figures. Those can be under an embargo, but these should NOT be hidden. Pointing at others isn't needed.
We had this debate when the new just broke a few months ago and many people simply assumed that public servants cannot surf Internet during work. This is not true, and it was pointed in the article as well:
> Public servants would still be able to surf the web but only on separate personal or agency-issued devices.
Which, for budgetary reasons I'm sure, will probably end up rationed and shared. For The Powers That Be, this will mean less machines to track for potential dissent-related activities, activities which will likely self-curtail anyway because of reduced privacy while using such machines; but that's just an unfortunate side-effect, I'm sure.
Just to be far away from hackers who stole three-letter-agency spying tools...
It is too expensive for almost everyone. I think we will collectively settle for pretending nothing is wrong.
Also non-conductive ductwork and plumbing at the edges of the SCIF and careful selection/programming of the phone system to make sure an attacker can't remotely set a phone off hook and use it as a microphone.
Having a smart PABX which can transparently route cell calls to internal numbers is very important to making SCIFs functional.
It was interesting to read that Hillary Clinton had problems at State because her staff couldn't access their phones in the office - primarily SMS or BBM I think.
[–]erisestarrs 38 points 3 hours ago
The "no Internet" thing really just means, our Internet access will be on a separate PC from where we usually do our work, not that we have no Internet access at all. People constantly joke that they don't know how we're going to do our work without Internet, and it gets tiresome after a while.
– https://www.reddit.com/r/singapore/comments/4zb4iv/govt_empl...
The pay must be good.
One of the slides (this one here:https://www.documentcloud.org/documents/3031643-CNO-Course-E... - see slide 9) has an ip address on it.
Curious, I did a reverse lookup on the IP and found it to belong to a Singapore government agency. (It seems to be a generic verizon IP now - is there an easy way to see the history of whois records?)
Given the timing of the release of the slide and the new policy, it's plausible that the two are related.