According to a report by news agency Reuters, public sector employees in Singapore are to have their internet access revoked, as the government looks to preempt a data breach or cyber-attack.
Computers that aren’t connected to the internet aren’t as easy for criminals to attack remotely. The move should also hamper any attempts to leak sensitive data publically.
Coming into effect in May 2017, the move has already been criticised by security experts for being overly restrictive, and somewhat extreme even, given the decision hasn’t been sparked by any particular threat on the Singaporean government.
Ian Trump, security lead at LOGICnow told SCMagazineUK.com: “This “air-gapped” security technique has often been used by militaries, governments and in some cases such as nuclear power plants and dates back to the 1970s. The belief is that by controlling the physical access layer to the Internet (ie not plugging it in), there is an inherent level of security in being isolated from the source of cyber-attacks.
The ability to get into those systems may be as trivial as implanting the NSA’s software called RADON: a bi-directional host tap that allows bi-directional exploitation of denied networks using standard on-net tools. In simple terms, covertly put a piece of software onto the host which copies information between an isolated network to a non-isolated network – if the infrastructure is shared.
Ultimately, the APT game of cyber-espionage is played out in the human space. The largest vulnerability by far is carelessness, failure to establish strong physical protections, or malicious acts from an agent or saboteur. Air-Gapped targets represent the hardest systems to gain access to, however right-click-copy-right-click-paste by humans has the potential to bypass even the most isolated systems.”
Despite the lack of a particular threat, FireEye research has recently shown that companies in Southeast Asia are 80 percent more likely to be hit by an advanced cyber-attack.
This is happening while Singapore is currently engaged in a long-standing dispute over territory in the South China Sea.
Security researchers at F-Secure Labs recently uncovered a strain of malware that appeared to be targeting parties involved in the South China Sea territorial dispute.
The malware, dubbed NanHaiShu (literally translated as South Sea Rat), by F-Secure researchers, is a Remote Access Trojan that allows attackers to exfiltrate data from infected machines.
And on a more global scale, Malwarebytes recently claimed that nearly two-fifths of businesses in the US, Canada, the UK, and Germany had been hit in the last year by a ransomware attack.
The same study claimed that 80 percent of US firms that it surveyed suffered a cyber-attack of some kind in the last year, and noticed that instances of ransomware in exploit kits increased by 259 percent in the five months prior.
Chris Cooper, senior security consultant for SureCloud, points out that, “Physically disconnected networks definitely pose some significant security benefits – reducing connectivity reduces the opportunity for a hacker to exploit a network.”
“However”, Cooper went on to explain why a, “poorly-planned ‘air gap’ has the potential to cause more damage to your security posture, than add strength.”
According to Cooper the, “Key challenges include how do you apply security patches to the offline network? This can be resource-intensive without a connection back to the vendors. In addition, users finding bypasses (USB sticks, removable hard drives, bridging networks, etc.) can introduce malware and exploits which are often not governed compared to a network that is designed to be internet connected in the first place. What’s more, these devices are more likely to be used if the user feels that they cannot do their job without external resources.”
ViaSat, which provides security and communications for militaries, governments and security services including the British and US armies and NATO, and the full secure high-speed communications suite for Air Force One, advised that, “While the Singaporean government has taken an isolationist approach, many organisations are going in exactly the opposite direction. For instance, energy companies are swiftly moving from dedicated lines of communication in favour of direct contact with consumers via the internet and through smart meters. It can be argued that this increased connectivity has increased the effectiveness of the service, yet it has also opened up multiple new potential points of entry for attackers.”
Jalal Bouhdada, founder and principal ICS security consultant at Applied Risk concludes: “There is no silver bullet in security. The best defence available to businesses is diversification of security barriers and controls, whether physical or logical, and adopting zoning and proper conduits. Businesses must remove all unnecessary analogue or digital I/O interfaces, carefully monitor active interfaces and ensure the most critical systems are isolated. Unfortunately, human error is more often than not the weakest link when it comes to security, so education must remain a number one priority for organisations looking to secure their infrastructure in the long-term.”
This article originally appeared on - SC Magazine UK