新加坡擬讓公務員“斷網”
Singapore is planning to cut off web access for public servants as a defence against potential cyber attack – a move closely watched by critics who say it marks a retreat for a technologically advanced city-state that has trademarked the term “smart nation”.
新加坡計劃切斷公務員的網絡連接以防止潛在網絡攻擊。新加坡是一個科技發達的城市國家, 擁有“智慧國家”之稱。批評人士都在密切關注此舉,他們認為這對于新加坡來説是一種退步。
Some security experts say the policy, due to be in place by May, risks damaging productivity among civil servants and those working at more than four dozen statutory boards, and cutting them off from the people they serve. It may only raise slightly the defensive walls against cyber attack, they say.
該計劃預計在明年5月實施,一些安全專家認為該政策可能會降低公務員和四十多個法定機構的工作人員的效率,並且將他們與他們的服務對象隔離開來。專家説,對于網絡攻擊來説,此舉只是建了一道微不足道的防禦墻。
Ben Desjardins, director of security solutions at network security firm Radware, called it “one of the more extreme measures I can recall by a large public organisation to combat cyber security risks”. Stephen Dane, a Hong Kong-based managing director at networking company Cisco Systems, said it was “a most unusual situation” and Ramki Thurimella, chair of the computer science department at the University of Denver, called it both “unprecedented” and “a little excessive”.
瑞得韋爾網絡安全公司安全解決方案部門主管本 德雅爾丹稱此舉是他“見過的大型公共組織為對抗網絡安全問題而採取的極端手段之一。”思科係統駐香港總經理斯蒂芬 戴恩認為這是“非常少見的情況”。丹佛大學電腦科學教授拉姆基·土瑞梅拉也稱此舉“前所未有、有點過分”。
But other cyber security companies said that with the kind of threats governments face today, Singapore had little choice but to restrict internet access.
但是其他的網絡安全公司認為鑒于目前各國政府面臨的威脅,新加坡除了限制網絡使用外,別無選擇。
FireEye, a cyber security company, found that organisations in south-east Asia were 80% more likely than the global average to be hit by an advanced cyber attack.
網絡安全企業火眼公司發現,東南亞的組織機構遭遇高級網絡攻擊的概率比全球平均要高80%。
Singapore officials said no particular attack triggered the decision but noted a breach of one ministry in 2015. David Koh, chief executive of the newly formed Cyber Security Agency, said officials realised there was too much data to secure and the threat “is too real”.
新加坡官員稱該決定並非由特定攻擊事件導致,但他提到了2015年一次政府部門資訊泄露事件。大衛 戈是新成立的網絡安全機構的負責人。他説政府官員們意識到有太多的數據需要保護而威脅也“真實存在”。
Public servants would still be able to surf the web but only on separate personal or agency-issued devices.
公務員們還是可以瀏覽網頁,不過只能用自己的電腦或機構分發的設備。
Anthony James, chief marketing officer at cyber security company TrapX Security, recalled one case where an attacker was able to steal data from a law enforcement client after an employee connected his laptop to two supposedly separated networks. “Human decisions and related policy gaps are the number one cause of failure for this strategy,” he said.
網絡安全公司TrapX Security的總經理安東尼 詹姆斯回憶起曾經有過這樣一個案件:一個執法機關的員工將他的筆電連接到兩個應該毫無關聯的網絡後,駭客成功偷出了執法機關客戶的資料和數據。他説:“人們的決定及相關的政策漏洞是此項策略失敗的首要原因。”
Singapore’s Infocomm Development Authority (IDA) said it had worked with agencies on managing the changes “to ensure a smooth transition” and was “exploring innovative work solutions to ensure work processes remain efficient”.
新加坡資訊通信發展管理局表示他們已經在與一些機構合作來應對這些變化“以確保平穩過渡”。他們也在“探索新的解決方法,保證工作流程仍然高效。”
One 23-year-old manager, who gave only her family name, Ng, said blocking web access would only harm productivity and may not stop attacks. “Information may leak through other means, so blocking the internet may not stop the inevitable from happening,” she said.
一位23歲不願透露名字的伍姓經理認為,封鎖網絡只會降低工作效率,也不能制止網絡攻擊。她説:“資訊可能會從其他渠道泄露,所以封鎖網絡並不能防止這個不可避免的事情發生。”
It’s not just the critics who are watching closely.
關注此事的不只有批評人士。
Local media cited one Singapore minister as saying other governments, which he did not name, had expressed interest in its approach.
當地媒體援引新加坡一位部長的話,稱還有別的國家政府對此政策有興趣,不過他並沒有説是哪個國家。
William Saito, a special cyber security adviser to the Japanese government, said some Japanese companies had cut internet access in the past year, usually after a breach. “They cut themselves off because they thought it was a good idea,” he said, “but then they realised they were pretty dependent on this internet thing.”
日本政府特別網絡安全顧問威廉 西戶説,去年有些日本公司切斷了互聯網連接,而這大多是在發生了資訊泄露之後採取的措施。他説:“他們切斷網絡連接因為他們認為這是個好辦法,但是之後,他們都意識到他們對互聯網有多依賴。”
