Tuesday 14 June 2016

How IDA (& The Straits Times) blew it with the civil service Internet 'ban'

It all started last week with a report in The Straits Times headlined "Public servants' computers to have no Internet access":
All computers used officially by public servants in Singapore will be cut off from the Internet from May next year, in an unprecedented move to tighten security.

A memo is going out to all government agencies, ministries and statutory boards here about the Internet blockade a year from now, The Straits Times has learnt.

There are some 100,000 computers in use by the public service and all of them will be affected.
Note that there was no official government announcement. It's what ST "learnt" from a memo. And it doesn't even quote the memo!

But ST did get a quote from IDA:
"The Singapore Government regularly reviews our IT measures to make our network more secure," a spokesman for the Infocomm Development Authority (IDA) said when contacted.

The move is aimed at plugging potential leaks from work e-mail and shared documents amid heightened security threats.

Trials started with some employees within the IDA - the lead agency for this exercise - as early as April. Web surfing can be done only on the employees' personal tablets or mobile phones as these devices do not have access to government e-mail systems. Dedicated Internet terminals have been issued to those who need them for work.
So the IDA spokesman gave some matter-of-fact statement, probably not realising that ST is framing the move as retrograde and Luddite:
Mr Aloysius Cheang, Asia-Pacific executive vice-president of global computing security association Cloud Security Alliance, said the Government's move marks a return to the past - the 1990s - when Internet access was available only on dedicated terminals.
A return to the 90s! Do you want a flannel shirt with that?

IDA now stands for Internet Don't Access.

Because of the ST report, which triggered a wave of criticism and mockery of the Internet "ban" for public servants, the Government had to waste precious resources explaining what the move does and doesn't entail.

Even ambassador-at-large Bilahari Kausikan whacked IDA, saying "the IDA announcement was one of the worst public communications by any organisation I have ever seen; almost a perfect example of how NOT to do public communications".

But the thing is, IDA never really made a proper announcement. It was just reacting to ST learning about the "memo" and the subsequent shitstorm.

It was such a shitstorm that even the PM had to step in.

IDA never saw it coming. It probably thought it made the obviously right decision, which I agree with, except it wasn't obvious enough to many people (as explained by blogger Ian Tan).

And one of those people worked at The Straits Times and wrote the report that started the shitstorm.

As if to make up for it to IDA, ST ran this rather alarmist report on cybersecurity on Sunday:

But it was too late. By then, the damage to Singapore's Smart Nation reputation, which IDA has worked so hard to cultivate, had already been done.

You would think that for a Government that is so often accused of controlling the press, it would do a better job of controlling the press.