Committee to review public service data security convened by PM Lee
Committee convened by PM will recommend how to improve data protection, incident response and will develop an action plan
A new committee has been convened by Prime Minister Lee Hsien Loong to review the data security practices across the entire public service, following the string of major data breaches in the past year.
The Public Sector Data Security Review Committee will look at how personal data of citizens is collected and protected by government agencies, as well as vendors and authorised third parties, the Prime Minister's Office (PMO) said in a statement yesterday.
The committee will make recommendations on how to improve data protection and incident response, and it will develop an action plan to implement them.
It will be chaired by Deputy Prime Minister and Coordinating Minister for National Security Teo Chee Hean, who is also the Minister-in-charge of Public Sector Data Governance.
He will be joined by the four ministers involved in Singapore's Smart Nation efforts - Dr Vivian Balakrishnan, Mr S. Iswaran, Mr Chan Chun Sing and Dr Janil Puthucheary - as well as private sector representatives with expertise in data security and technology.
The PMO said the committee will consult with international experts and industry professionals from the public and private sectors, and will be supported by an inter-agency task force formed by public officers across the whole of government.
It will submit its findings and recommendations to Mr Lee by Nov 30.
In its statement, the PMO said measures to safeguard sensitive data have been progressively enhanced over the years, citing Internet surfing separation among several examples.
"Nevertheless, the Government acknowledges that recent data-related incidents have underlined the urgency to strengthen data security policies and practices in the public sector," it said.
"While individual agencies are investigating and taking action on the specific incidents, this committee will undertake a comprehensive review and incorporate industry and global best practices to strengthen data security across the public sector."
Cyber-security experts welcomed the new review committee, with Associate Professor Alan Chong of the S. Rajaratnam School of International Studies telling The New Paper that it was about time.
"The series of embarrassing leaks from the Ministry of Health and its affiliated agencies shows that Singapore's cyber defences has this weak underbelly," said Prof Chong, who researches cyber-security issues.
"It is a confidence issue and it has to be addressed urgently."
He said the committee needs to look at the human resource angle and come up with a thorough report that enforces a culture of cyber hygiene across the civil service.
He added that jobs not traditionally associated with cyberrisk now are, as hackers can gain access through simple backdoors like unattended Web gateways.
"Cyber security is often not a matter of high technology," Prof Chong said.
"The biggest challenge, I think, is to change people's mindsets."
Mr Ian Hall, Asia-Pacific client services manager at tech company Synopsys, said it would be naive to think one initiative alone will be sufficient.
He said: "It is more about ensuring that security is always at the forefront and not something that is done in a reactionary manner."
Cyber-security firm Fireeye's Asia-Pacific chief technology officer Steve Ledzian lauded the move to set up the committee, calling it "refreshing".
He said: "A holistic, centralised, end-to-end review of data security practices is a great step towards reducing the risk posed by sophisticated actors."