SINGAPORE (Aug 20): By now, there is no question whether cyberattacks are a global scourge. And Singapore has not been immune: Both private companies and public-sector organisations here have been attacked.
Nevertheless, it was still a rude shock when SingHealth, the largest healthcare organisation here, said on July 20 that 1.5 million patients’ data — including that of Prime Minister Lee Hsien Loong and several other ministers — had been accessed by attackers with “sophisticated” means. More worryingly, authorities have indicated that the attackers are not merely individuals working out of a basement, but rather organised parties linked to, or backed by, states. Singapore authorities have declined to name the perpetrators.
Separately, cybersecurity firm FireEye has said hackers, likely to be Chinese, have targeted Cambodian electoral agencies ahead of elections last month, and may be targeting companies and state agencies in Malaysia and other Southeast Asian countries.
Singapore, which tries to maintain cordial relations with all in the name of trade and business, may need to continue to be discreet. However, the murky cyberworld is a new dimension where rules, even if they exist, are not necessarily followed.
Attacks by alleged state actors, using methods similar to those experienced by public agencies here, have been documented elsewhere. In 2015, the US Office of Data Management was hit. The following year, Japan’s Defence Ministry and Self-Defense Forces’ internal communications network was hacked. Australia’s F-35 fighter and P8 surveillance aircraft data was stolen by Chinese hackers. “All sorts of countries are getting involved,” says Tony Uren, visiting fellow at the Australian Strategic Policy Institute (ASPI).
“In fact, every country likely has a cyber agency in some form or another, which has support from the government. These state actors have an official ‘Licence to Hack’, which means that they have ‘support’ from a government to disrupt or compromise target governments, organisations or individuals to gain access to valuable data or intelligence,” says Shahnawaz Backer, a security specialist covering Asia-Pacific, China and Japan at cybersecurity firm F5 Networks. “However, most countries will deny that such activities are being carried out — [it’s] very much similar to spying.”
The World Economic Forum has named cyberattacks and cyberwarfare as the top cause of disruption in the coming five years, ahead of natural disasters and extreme weather. “In the worst-case scenario, attackers could trigger a breakdown in the systems that keep societies functioning,” said WEF’s Global Risks Report 2018.
Why are there more cyberattacks? What is the motivation? ASPI’s Uren believes one reason is that nation states see cyberattacks as a cheap and effective way to access information, versus traditional means of recruiting human agents, for instance. Another motivation is to influence events, Uren says, such as Russia’s alleged meddling in the 2016 US presidential election.
SingHealth’s attackers have similar motivations as those who target US entities: They aim to advance their own business and strategic interests, says Chong Ja Ian of the National University of Singapore.
Since Sept 11, 2001, threats to security have increasingly become non-conventional, far different from the battles between the armies of two or more states. Similarly, cyberthreats have to be seen as the “new normal” today, says Graham Ong-Webb of Nanyang Technological University.
“It is something we have to mitigate and reduce the impact of whenever it happens,” says Ong-Webb, who is a research fellow at NTU’s S. Rajaratnam School of International Studies. “The SingHealth breach is not going to be the last incident, but this is not a reflection of poor cybersecurity in Singapore, although we need to make a significant improvement.”
Chong also points out that one of the key reasons why such attacks are carried out is to disrupt trust between different segments of society — the compact between people and their government, for example. “The degree to which there is less transparency, this can more easily encourage speculation and conspiracy theories to come about,” he says.
At the crux is building “trust” among people. The delay in disclosing the attack on SingHealth has not helped in fostering confidence. Chong urges the authorities to at least explain to citizens why they are unable to present more information, including who the potential perpetrators might be at this point. International ties are not built and maintained by just government officials, but ordinary people doing business or making friends, too.
This article first appeared in issue of The Edge Singapore (Issue 844, week of Aug 20)