Singapore To Cut Off Internet Access For Government Workers From 2017

An anonymous reader writes: Government workers in Singapore will return to a 1990s-level of net connectivity from May of 2017, as the domestic government has decided to block internet access on all of its 100,000 office computers. The decision has been made in the interests of national security, although the Draconian policy will still permit workers to forward work mails to private email addresses as necessary. Workers' own devices will be allowed to connect to the internet normally by special terminals being provided in early trials, while intra-departmental connectivity will presumably be maintained via VPN tunneling. The move comes in the direct wake of a visit to Singapore from the U.S. Secretary of Defense Ashton Carter late last week, promoting stronger security ties with Singapore in the face of the rise of China in the region.BBC News has more details.

Productivity not Security

[EmagGeek]

Government workers will actually have to do their jobs now instead of sit around all day watching cat videos.

Re:Productivity not Security

[funwithBSD]

This concerns me.

I rather have government workers looking at cat videos all day rather than harassing citizens.

Why not VDI in some capability?

[mlts]

I have seen VDI used to keep criticial infrastructure walled off, so a compromised workstation is less of an issue.

I have also worked on having individual machines, which had zero net connectivity to the outside world, patches were done by WSUS, SCCM, software was pushed out via those means or VMWare ThinApp, and the only machines that the workstations could communicate with, were a RODC, software server, and a terminal server.

The terminal server allowed people to run their Web browsers via seamless RDP to pretty much any sites they felt like (within reason -- pr0n sites were blocked due to the legalities of sexual harassment, for example). This way, all the web browsing to external sites was done on a well controlled VM, and if it got compromised, malware couldn't propagate to the internal machines. This seemed like a good compromise between allowing users to browse the web when need be, while keeping security tight.

Re:Good start

[tlhIngan]

The difference being that when left unattended, the photocopiers, printers, and people's fingers don't walk around under the command of someone halfway around the world, find secret documents, copy them, and mail them off to the person controlling them.

  It sounds like they're going to do what the bank which holds my mortgage has done - eliminated all direct Internet access. Essential communications is maintained via email conducted through a relay, which strips out all suspicious attachments like zip files, Word docs, etc. PDFs are allowed, but based on what my loan officer told me, it sounds like any PDF sent to them is viewable only through a special app which lets them view it, but only sends the image to their computer not the actual PDF.

Well, this is Singapore, who like a lot of countries, has a nice Great Firewall as well. (I still remember when internet was free and unfettered but there was talk of setting up the firewall... I think it was set up a year or two after I left).

Considering they want to keep contraband out of the country, I'd be surprised if they didn't already have some sort of gateway and all that - can't have illicit access to porn, for example. (Tor, they probably allow - given the penalty for drug use is death (firing squad, IIRC), well...)

Anyhow, it probably doesn't affect people as much as you think - Singapore is a very modern city-island-state and thus cellular data access is common everywhere.