Singapore To Cut Off Internet Access For Government Workers From 2017

An anonymous reader writes: Government workers in Singapore will return to a 1990s-level of net connectivity from May of 2017, as the domestic government has decided to block internet access on all of its 100,000 office computers. The decision has been made in the interests of national security, although the Draconian policy will still permit workers to forward work mails to private email addresses as necessary. Workers' own devices will be allowed to connect to the internet normally by special terminals being provided in early trials, while intra-departmental connectivity will presumably be maintained via VPN tunneling. The move comes in the direct wake of a visit to Singapore from the U.S. Secretary of Defense Ashton Carter late last week, promoting stronger security ties with Singapore in the face of the rise of China in the region.BBC News has more details.

Good start

[T.E.D.]

You know what would be even more secure? No printers or photocopiers. If someone wants to write a document, they have to do it longhand. If someone wants a copy, they have to copy it longhand as well. That will really slow down the leakage of information!

Of course a truly secure society would get rid of writing altogether. Important secrets will be passed down using special people with trained memory (often called "bards"). They use song and rhyme to help with the large amounts of memorization required. Ever heard of anyone running off with the vital military secrets of an Amazonian or Pigmy tribe? No? That's why.

Efficient dissemination of information is for suckers.

Re:Good start

The "old engineers" use pen and paper like that because they work faster than any computer-based document or diagramming tool can handle.

It's not a problem with learning the new tools. The problem is that once they've learned the new tools, the new tools are still way fucking slower than a pen and paper.

Maybe you don't understand this, but when a true master is in the zone and cranking out top-notch work, this master can't be burdened with shitty software that doesn't work fast enough just to save a few sheets of paper.

When an experienced engineer like that costs $300/hr, it's better for him or her to be producing $10,000/hr of value using a pen and paper than it is producing just $3,000/hr of value using some shitty software. And it makes perfect sense to have the $25/hr inexperienced engineer, who'd be producing way less value than $7,000/hr, input the hand-written notes instead.

It's simple economics, and experienced engineers actually tend to understand economics and optimization far better than most managers do.

If these experienced engineers want to use pen and paper, it's because that's the optimal way of dealing with the problem. The software you're proposing is suboptimal.

Re:Good start

[tlhIngan]

The difference being that when left unattended, the photocopiers, printers, and people's fingers don't walk around under the command of someone halfway around the world, find secret documents, copy them, and mail them off to the person controlling them.

  It sounds like they're going to do what the bank which holds my mortgage has done - eliminated all direct Internet access. Essential communications is maintained via email conducted through a relay, which strips out all suspicious attachments like zip files, Word docs, etc. PDFs are allowed, but based on what my loan officer told me, it sounds like any PDF sent to them is viewable only through a special app which lets them view it, but only sends the image to their computer not the actual PDF.

Well, this is Singapore, who like a lot of countries, has a nice Great Firewall as well. (I still remember when internet was free and unfettered but there was talk of setting up the firewall... I think it was set up a year or two after I left).

Considering they want to keep contraband out of the country, I'd be surprised if they didn't already have some sort of gateway and all that - can't have illicit access to porn, for example. (Tor, they probably allow - given the penalty for drug use is death (firing squad, IIRC), well...)

Anyhow, it probably doesn't affect people as much as you think - Singapore is a very modern city-island-state and thus cellular data access is common everywhere.

Thumb drives

[justthinkit]

A spokesman added that "Thumb drives should continue to work as before."

Re:Thumb drives

[ITRambo]

Possibly the best attack vector remains in place then. Great idea.

The 90s is calling.

[Rande]

I used to have to work like this back in 1998. Internet access was severely restricted and only 1 person per division had access and you'd have to tell them what you were looking for and they'd do the search for you.

In practice, it was faster for me to walk home, search for the information I needed and walk back than to do this or reinvent the wheel when 100 people had found the same problem and had already posted a solution.

Honestly I'm more productive with internet access, even if I'm currently at work posting this while waiting for my script to finish running.

Productivity issues?

[Dunbal]

It's not going to help much if they still leave a copy of Solitaire on government workers' computers.

I predict

[rossdee]

that the Singapore Govt may have difficulty retaining skilled staff.

Re:I predict

[Zontar_Thing_From_Ve]

that the Singapore Govt may have difficulty retaining skilled staff.

Unlikely. People who take government jobs aren't doing so for the paychecks. Very few of the people who would leave over this are working for the government anyway. It will be annoying, but the workers will adapt. Those who work for the government often do so because government jobs rarely get cut so it will take a lot more than this to get people to leave. Heck, I've known of people in private industry who were told bluntly "Your job WILL end. We're moving your job to another state and you won't be kept once that happens. The only problem is that we don't know when exactly that will happen. It could be 6 months from now. It could be 12 months. It could be longer. But when that day comes, you'll be lucky if you get even a few days notice that your employment is over. Most likely you'll just show up to work and be told to pack your things and leave." And even after all of that, some people still wouldn't leave the job until they actually got sent home and the doors were permanently locked.

Re:"the Draconian policy"

[Dunbal]

Yes.

Re:"the Draconian policy"

[LichtSpektren]

Lowercase "draconian" means any (generic) kind of harsh law or treatment. Uppercase indicates that Draco himself issued this protocol.

Re:Productivity not Security

[Bing+Tsher+E]

We could hope this would spur a global reassessment of the use cases for Internet Access at the workplace. Most workplaces would function well with a whitelist of the small handful of websites a worker needs to be able to navigate to remain a productive worker.

You're at WORK.

So no os updates?

[Joe_Dragon]

So no os updates? so if some can get into the network then it will be very easy to hack the systems then?

Re:Productivity not Security

[funwithBSD]

This concerns me.

I rather have government workers looking at cat videos all day rather than harassing citizens.

Other Perspective

I work in I.T. for a small subsidiary of a massive Singaporean defense company and I really had no idea what I was getting into, the attacks from China/APTs are completely ridiculous in terms of scale and quantity. We've had everything from traditional external attacks, stolen certificates used against us to physical attacks on-site in just the last 4 years and we're comparatively tiny with only a few hundred staff serving mostly the private sector. From what I heard, it's even worse for MINDEF. This doesn't surprise me at all and frankly, it's probably a good thing for the Singaporeans.

Standard where I work

[houghi]

Where I work this is standard. Whitelisting for the PCs. And you can ask for sites to be added. This will depend on your department, function and what not.

However there are plenty of PCs available throughout the company that DO have internet access. They are on a separate network and separate Internet connection. So we do have two networks and two internet connections.

So if you do need to do search for your work, you are still able to do so. However not at your desk. If you need it all the time, you will have access all the time.

The majority of the people does NOT need Internet access all the time. Want to check your email? Do that before you start, during your lunch break, you 10 minute break in the morning or the afternoon or after work.

This is not even about wasting time, because you can do that reading a newspaper. This is about people clicking on a file and unwilling let a trojan in and we become another company on /. who was hacked, We know we are being targeted. Nothing serious till now.

GET BACK TO WORK!

[Thud457]

"The agriculture ministry is not in charge of Gundam."

Why not VDI in some capability?

[mlts]

I have seen VDI used to keep criticial infrastructure walled off, so a compromised workstation is less of an issue.

I have also worked on having individual machines, which had zero net connectivity to the outside world, patches were done by WSUS, SCCM, software was pushed out via those means or VMWare ThinApp, and the only machines that the workstations could communicate with, were a RODC, software server, and a terminal server.

The terminal server allowed people to run their Web browsers via seamless RDP to pretty much any sites they felt like (within reason -- pr0n sites were blocked due to the legalities of sexual harassment, for example). This way, all the web browsing to external sites was done on a well controlled VM, and if it got compromised, malware couldn't propagate to the internal machines. This seemed like a good compromise between allowing users to browse the web when need be, while keeping security tight.

Re:The U.S are only interested

[gtall]

Yes, pay no attention to those spanking new Chinese islands in the S. China Sea, nor to their claims to own the entire S. China Sea because their ancestors used to piss in it 2000 years ago. Also please ignore the threatening moves across the Taiwan strait, those have nothing to do China acting like a bully to get Taiwan and thus provide alleged Chinese leaders (sic) a reason for being allowed to continue to run the Chinese fascist state. And those nice Norks should not be persuaded by the Chinese to stop building nukes since the Norks are so well adjusted, the Chinese are in no way accountable for their lapdog's actions.

Re:Productivity not Security

[SumDog]

Not as a developer. I've been at places with filtering where to many sites with information I need end up in the blacklist. Rather than put in a support ticket, I often find it easier to proxy over SSH. I've only been caught doing this once at a company and that was cause some dickhead used my proxy to pump a huge file though. I stopped giving people access to my jumpbox after that. (I wasn't fired either; just given a warning. It didn't matter though -- turned in my notice for a new job a month later :-P)

The past four jobs I've worked at didn't/don't have any filtering what so ever and I haven't found my overall productivity levels have changed at all.

Re:Productivity not Security

[PrimaryConsult]

Sometimes productivity actually drops once filtering "fun" sites is implemented. Instead of 10 seconds to check facebook and 2 minutes to glance through a few news articles on a computer, it now takes 5 minutes on Facebook and 10 minutes on news sites to do the same thing on a phone.