Information technology (IT) systems of Singapore organisations that have been affected by the recent global outage “are almost fully recovered”, according to Josephine Teo, Minister for Communications and Information and Second Minister for Home Affairs. She has also emphasised that in light of this incident, Singapore must “fortify” its digital defences during “peacetime”.
In a detailed Facebook post late last evening, minister Teo wrote: “The IT systems in Singapore organisations affected by the global outage are almost fully recovered. Yet the incident has left many of us feeling vulnerable and questioning our heavy reliance on technology for everyday activities. These feelings are completely understandable and valid.”
Teo said: “We should be concerned. The real question is what we can do about these concerns.”
Highlighting just how much the modern world relied on IT and IT-enabled services and that disconnecting was not an option, she said in the post: “It’s highly unlikely that we can withdraw or even reduce our interactions with the digital world. Digitalisation is one of those mega trends worldwide we must learn to gain mastery over. Many people get that.
“But we also dread being swept along by the inevitable and sometimes feel like we cannot avoid becoming victims.
“Is there nothing we can do? Or are there, in fact, some concrete actions we can take to prepare and protect ourselves for such events? How?”
The global IT outage, which affected Microsoft Windows-based computer systems worldwide, reportedly because of an update sent by the cyber-security company CrowdStrike, hit everything from flights to banking operations on July 19. An estimated 8.5 million devices were adversely affected.
In India, one of the leading airlines made news for its handwritten boarding passes, as computer systems were down. Singapore’s Changi International Airport, one of the busiest in the world, saw long queues of exhausted flyers. Millions of users got the ‘blue screen of death (BSOD)’ scare.
Amidst this IT outage chaos, phishing attacks began targeting affected computer users, with fraudsters claiming to be CrowdStrike representatives offering ‘tech support’.
In her Facebook post, Teo said: “Preparation for an incident like that of the last few days often begins during ‘peacetime’, when nothing is going wrong, and when we might be lulled into a sense of mistaken comfort. It is precisely when things are going reasonably well that we must take action to fortify our defences.”
Elaborating on what these digital defences would be, the minister said: “It starts with robust testing and putting in the right safeguards so that incidents are prevented in the first place. Testing and red-teaming must be prioritised and conducted across multiple levels so that appropriate safeguards can be put in place.
“It also involves planning for suitable responses when things go very wrong, such as putting in place Business Continuity Plans (BCPs), which many organisations have.”
Stressing upon the importance of BCPs to counter digital disruption, Teo said: “It is vital that we update our Business Continuity Plans and practise them regularly, stress-testing ourselves through Tabletop Exercises (TTXs).”
“In Singapore, we take TTXs seriously,” said the minister. “For instance, ‘Exercise Cyber Star’ conducted by [the Cyber Security Agency of Singapore] last September involved 11 CII Sectors, including public and private organisations from Banking and Finance, Government (including Power and Water). In addition, the agencies in charge of various sectors run their own TTX to focus on their respective domains.”
Such exercises are part of a series of cyber-security drills in Singapore. Teo said: “For the whole of government, yearly exercises are conducted. In the past 3 years, close to 100 Government agencies have exercised their crisis management responses as a team.
“These exercises are helpful in refining our emergency responses, thus building confidence in our People, Processes, and Technology.
“During each exercise, we ensure [that] our technology is up-to-date and resilient against outages. We practise our incident responses and Business Continuity Plans, so that we know what to do and who to contact during crises. Our people demonstrate their dedication and hone their knowledge and capabilities to respond under stress.”
The minister concluded with a warning: “The existence of BCPs and TTXs will not eradicate [digital] crises. In fact, they exist precisely because we know that outages will happen. It is not a matter of ‘if’, but ‘when’. Hence, we need to do as much as we can even before incidents happen, so that we can recover and prevail over the disruptions.
“Let’s continue to learn as much as possible from the [July 19] incident to strengthen our digital resilience. Only by doing so, can we emerge stronger together.”