Earlier this year, several governments around the world banned specific apps from being installed on government-issued mobile devices, amid fears that user data and information collected by these apps would be misused, or that sensitive data would be collected by such apps.
I asked the Prime Minister whether all government-issued mobile devices are pre-installed with device management apps and antivirus software. I also asked how the government ensures that sensitive information on these devices do not fall into the wrong hands, especially devices used by civil servants and political office holders.
This was the full exchange in Parliament on 9 May 2023:
Mr Gerald Giam Yean Song asked the Prime Minister (a) whether all Government-issued mobile devices used by civil servants and political office holders are pre-installed with device management application (DMA) and antivirus software; (b) if so, how does the Smart Nation Digital Government Group (SNDGG) ensure that sensitive information passing through these devices does not fall into the wrong hands; and (c) if not, how does SNDGG ensure that only approved apps are downloaded, only appropriate websites are accessed and only malware-free email attachments are opened on these devices.
The Senior Minister of State for Communications and Information (Dr Janil Puthucheary) (for the Prime Minister): Madam, Government-issued mobile devices are secured through technical controls and policies on appropriate use.
Technical controls include the installation of Mobile Device Management software, which allow for remote removal of data from compromised devices. Connectivity to the Government network must be done via a virtual private network. Emails are screened by a security application that blocks emails containing suspicious attachments. As a policy, such devices cannot be used to process and store highly classified information that may cause serious damage to national interests.
We also educate public officers through regular training so that they are aware of cybersecurity risks, including rogue apps or spoof websites. As members will appreciate, cyber risks can never be fully eliminated. We will implement appropriate safeguards while enabling officers to be effectively supported with IT tools.
Mdm Deputy Speaker: Mr Gerald Giam.
Mr Gerald Giam Yean Song (Aljunied): I thank the Senior Minister of State for the reply. Has the Government assessed the risk that the apps installed on these phones, whether they are personal or official mobile phones of public servants and civil servants, may be able to surreptitiously access official secrets that may be stored on the phone or accessible on the phones? And what mitigation measures are done to prevent this – for example, do all official devices require anti malware software to be installed?
Also, the Senior Minister of State mentioned quite a bit of restrictions on the official mobile phones. What rules are in place to ensure that civil servants do not use their personal devices for official purposes, just to get around the official phone restrictions in an effort to communicate with one another or with the public?
Dr Janil Puthucheary: Madam, I thank the Member for the question. His supplementary questions touch on a number of areas – malware mitigation, installation of software, installation of apps, the use of personal devices versus official devices. We do have policies as well as technical solutions that apply to all of those areas that he had asked about.
But the key issue is the behaviour of our personnel. Every single one of these technical, software solutions can be weakened by inappropriate behaviour. So, the key is really to make sure that our public officers understand what they are allowed to do and how what they do exposes themselves as well as our systems to risks, and to make sure that their behaviour is not compromised. The short answer is, we do have technical solutions to each of the issue that he has brought up, but what we really need to emphasise is the process and people factors in order to make sure that we secure this space. And I thank him for his questions.
Source: Singapore Parliament Reports (Hansard)
Photo by Ketut Subiyanto on Pexels