By Alex Cruickshank
Sept. 16, 2016
This vendor-written piece has been edited by Executive Networks Media to eliminate product promotion, but readers should note it will likely favour the submitter's approach.
A lot has been written about Singapore's recent decision to disconnect 100,000 public sector workers' computers from the internet, starting in May 2017. Sneering disbelief from some quarters, cautious approval from others; nobody seems quite sure what to make of it.
Yes, one of the most technologically advanced nations in the world is consciously uncoupling its public sector from the internet. It's almost unprecedented. True, Russia is moving away from computer-based storage to paper and typewriters for some documents, but that's mainly to combat spying. And it's not on the same scale.
There are good reasons for Singapore's big disconnection, since Asian countries suffer a huge number of targeted attacks on their internet infrastructure. Those attacks are increasingly sophisticated in terms of both the technology employed and the psychological profiling of targets. In fact, Singapore's decision is more a question of philosophy than IT security. Actually, there are two questions:
1. Is it possible to completely secure a system that's connected to the internet?
2. If not, what are the potential consequences if such a system is compromised?
The answer to the first question is a resounding no. No operating system is exploit-free. The same applies for any mail client or web browser. Vulnerabilities may not be widely known yet, but they exist and will be discovered. In this respect, the internet is broken. Switch off your system's security updates if you disagree.
More importantly, even if it were possible to write bug-free, internet-connected software - which it isn't - there's still the problem of the user. Humans are increasingly the weakest link in the chain. So much is now known about psychological vulnerabilities that the majority of successful hacking attempts are achieved due to human failings, whether that's poor passwords, link-clicking or cleverly targeted spear-phishing.
To use an old analogy, the most dangerous component of any vehicle is the nut that holds the steering wheel. Users may not be nuts, but they are often naive about the sophistication of online attackers, and no amount of training will fix that.
Now to the second question. Before government records were computerised, everything was paper-based. Any 'hacker' who got through the security doors would have had trouble stealing more than a dozen citizens' records, unless they had a seriously large trench-coat under which to secrete the musty paper folders. But today an entire population's database - containing medical records, ID information, criminal records and countless other details - can be siphoned off undetected in the time it takes you to read this article.