Comments, opinions and an occasional ramble
How safe are our online services?
Estonia’s government has been paralyzed by war (read this and this). It’s not the conventional war with tanks, missiles and guns but rather, the government was “brought down” by a cyberwar. It appears that the cyberwar resulted from a conflict with its former Soviet superior, Russia, as the origins of many of the assaults were traced to Russian computers (including state-owned computers). With many government services computerised and made available online, Estonia put itself at risk of being paralysed by cyber-assaults, which of course happened.
Reading this piece of news, I wonder if Singapore is similarly at risk. Our government has always been quick to embrace the latest forms of information technology, believing in the potential of IT to help further develop and grow Singapore. While IT indeed has made our lives much more convenient, the Estonian experience has shown that it can make us more vulnerable as well. Estonia prides itself for being a “paper-less” government, relying on technology to deliver most, if not all government services. Singapore is clearly in the same direction and league as Estonia. What happened to Estonia in the past few weeks can possibly happen to Singapore as well.
The scary part of the Estonian experience is how easily the attacks can be achieved. It appears that some of the hackers gained control of many “zombie” computers and simply used them to flood the Estonian government servers with requests, overloading the Estonian government servers, causing the system to collapse under the sheer volume. By gaining control of the computers of other people to do the job, it becomes much harder to track down the perpetrators. And, goodness know how many computers can the perpetrators gain control of? Defending such attacks is going to be tough.
I seriously do wonder what are our defense strategies against these forms of cyber-warfare. If our government services, financial institution services and other services essential to day-to-day running of the country go down, it will not only cause massive inconvenience, but it can very well cause corporations and investors to lose their confidence in Singapore. I wonder if our multi-million dollar ministers have already put up the required defenses. 
| Print article | This entry was posted by Aaron Ng on 21/05/2007 at 2:08 pm, and is filed under Perspective. Follow any responses to this post through RSS 2.0. You can leave a response or trackback from your own site. |
about 4 years ago
The “million dollars” instruction passed down is “to make the online services secured”. The ministries’ top men will tell juniors to act on it. Junior officers have to consider to do it in-house or out-source.
So, online security will depend on how many million dollars we DID NOT spend.
about 4 years ago
Use Macs or Linux for all client machines. No more zombie computers.
about 4 years ago
Aaron,
If you’re using Windows, 80-90% chance your computer is part of a zombie army waiting to be commanded. There are many forms of attack ranging from the simple TCP syn attack to loopholes in various Web servers.
What you describe in Estonia is a classic denial of service attack. One that can be prevented by simple software patches at the routers or firewall at the ISPs or end servers. I’m sure all Singapore service providers and major servers have it….we are so kiasu.
Have you travelled by air recently? …Imagine the equivalent of precautions such as 100ml only fluids in handcarry luggage…all the kiasuism applied to our cyberspace. Should be all right….problem for me is I have to go overseas this week *sigh*…leaving my favourite country and beloved govt is getting harder as I grow older.
about 4 years ago
Yeah Han, then people won’t be scotch-taping video cameras to other people’s heads. lol
about 4 years ago
Aaron,
You can’t completely prevent DoS attacks. You can alleviate some problems here and there, but as long as you are running a web service, there is no way you can get rid of them 100%. It is built into the way the web works, unfortunately.
Have you seen a server overload because of being linked to from popular sites? Have you experienced a whole lot of ‘server busy’ messages when bidding for subjects in NUS (us at NTU certainly do)? A DoS attack works on exactly the same principles. Simple as that.
Han,
*cough* *cough*… You’ve got to be kidding me. They are better than Win 95/98, definitely, but they are not immune. Apple is also tempting some serious fate with this sort of marketing.
about 4 years ago
Aaron,
Digression from your post.
This country is turning more and more into a money making machine. It has become Singapore Inc in almost every sense. A business entity where the leaders view the GDP as profits and themselves as CEO, CFO etc. That was the logic they used to justify their pay hikes. In Singapore Inc, elections are just a side show, the leaders are chosen through interviews and selection. Elections are held to show support for estate upgrading. The main Union is headed by a minister who see his job as explaining govt policy to workers and why they must swallow the bitter pill each time the economy goes into recession.
Given the above scenario, an old warrior by the name of JBJ, has stepped forward to reform the system. He was targetted and struck hard, but refused to go away and “beg for mercy on his knees”. He sees the injustice as a manifestation of the system which the PAP has tinkered with for 4 decades primarily for the purpose of consolidating their power and to implement pro-business policies at the expense of workers in favor of the chosen elites.
Aaron, you said that if you would join politics…you would do so in a “baptism of fire”.
The fire is waiting for you. Are you fired up for it?
about 4 years ago
Lucky Tan,
The baptism of fire I talked about was regarding taking part in elections to gain entry into Parliament, and not gaining entry via an application.
I’m not sure if I want to join politics yet, the reason being I’m still a student, and will be a student for many more years to come. Until I can finally say goodbye to study, it might be impossible to join politics.