Singapore working to plug gaps in government IT systems
The government is in the process of introducing new tools and measures to address the many “IT vulnerabilities” highlighted in the report, including weak controls and an inadequate review process for privileged user activities.
Singapore is rolling out tools and measures to connect the many “IT vulnerabilities” highlighted in the report, including weak controls and an inadequate review process for privileged user activities. The report also emphasized the need to reduce the risks and new risks posed by the rapid rate of digital transformation amid the global epidemic.
Efforts are underway to address IT issues since last year, with automated tools taking precedence, according to a recent Public Accounts Committee report. The measures were hatched in January last year when the committee argued with the public sector that repetitive IT had expired in its 2020 report. It also pointed out the lack of good practice practices in the management of user access rights, through the entry and review of user rights that are manually done.
The committee added that the regulation of retailers and partners of foreign companies could be strengthened. “Given the increasing rate of digital integration and outsourcing of IT services in the public sector, IT-related risks such as data security and security risks will remain significant threats to government,” he noted in a report released Monday.
Efforts to fill the vacancies were led by Smart Nation and the Digital Government Group (SNDGG), which emphasized the importance of human governance, process transformation, and adherence to these new procedures, and the introduction of automation and technology tools.
The government agency said it was developing a single tool that would include the automatic use of deleting inactive user accounts, which still needs to be handled despite the introduction of a new application informing organizations of staff departures and changes in the field. The stadium has been distributed to 38 agencies since October 2019.
The construction of the currently integrated tool is intended to be completed by the end of 2021, after which agencies will have to integrate all existing systems with one platform over the next three years. This will be rolled out to high-level programs by December 2023 and all remaining programs by December 2024, according to the SNDGG.
Another tool to assist in the review of the rights of eligible users is the one set to be implemented in state-of-the-art programs in December 2022, followed by the pilot – launched last April – involving 15 government agencies. The SNDGG reported that it was “refining” adoption rules to monitor various types of logs, including operating systems, information, networks, applications, security, and the concept of improving the efficiency of the acquisition system. Utilities will be continuously increased in all sectors from January 2021.
Steps have also been taken to strengthen organizational processes, which aim to facilitate greater ownership to end IT care. In the area of data and cybersecurity, for example, an agency security officer and a senior data manager will now be required to report cybersecurity and data issues directly to the agency’s head.
Besides, all spheres of government will have access to audit and incident data to predict potential governance risks in IT systems. The first batch of agencies is expected to begin testing this in the first quarter of 2021, with shipments across the sector targeted in the second quarter.
According to the Public Accounts Committee, new procedures have been put in place across all spheres of government to provide a “more orderly and effective response” to data incidents. This includes the establishment of the Government Data Security Center Center last April as a public way to report incidents of information affecting a public agency.
From March 2021, all public bodies will be required to conduct annual cyber tests and data security data.
Going forward, the Public Accounts Committee has realized that the rapid digital transformation brought about by the COVID-19 epidemic can pose risks and risks. It said SNDGG was being investigated for those risks and how the agency was reducing them.
In response, the national strategy team said it was currently developing a comprehensive government “ICT and Smart System” program, which would include the central office, disaster risk management, and the integration of the framework and risk management for each business process.
The SNDGG identified 10 potential risks but noted that most of them were on track for ongoing efforts, which included strengthening data security frameworks and security risks as well as human risk management.
The Singapore government in February 2020 said it would invest SG $ 1 billion to strengthen its cybersecurity and data security systems, recognizing that this was important as its agencies expanded technologies such as artificial intelligence, cloud, and Internet of Things. To be used over the next three years, the funds are designed to prepare the country to deal with cyber threats as computer efforts intensify.