#23: It's almost as if my old Neopets account was more secure than SingHealth's system...

Hello from Europe! I was at the Outriders Summit in Warsaw on the 26th, and am now plowing through work while in Scotland. I’m snowed under (especially with travel and being in a different timezone slowing things down), so this is going to be a short one! I’m also trying to do more curation to distill things down to what I think are the most important stories, rather than overload people with everything I found in the week, so it kind of works out.

If you’ve been forwarded this newsletter, click here to subscribe to get updates sent to your inbox every Saturday morning. If you have any feedback (newsletter too long? too short? have a tip?), just hit reply!


Yeesh, that SingHealth breach

The Committee of Inquiry for the SingHealth cyberattack (see a previous issue) began public hearings at the end of last week. There were some “what the hell?” details, like this: “From May to June this year, the attacker used a compromised workstation and some Citrix local administrator accounts to remotely log in to Citrix servers in SGH. CSA found that one of those Citrix local administrator accounts had protection measures, including a password - P@ssw0rd – that could be easily deciphered.”

Ernest Tan, a key member of the cyber-security team, was on holiday when the attacks first happened and only read the emails about suspicious network activities when he got back to the office. But Wee Jia Huo, the cluster information security officer at Integrated Health Information Systems—which runs the IT systems of Singapore’s public healthcare institutions—depended on Tan’s team to initiate alerts and updates on cyberthreats. Wee admitted to the Committee that he didn’t have regular meetings with the security management department, nor was there a plan for covering officers when people go on leave. There was also a lack of a framework for timely responses to cybersecurity issues, and a server that had been exploited by the attacker hadn’t got the security software updates necessary for 14 months (!!!) The server was being managed by a senior manager of cancer service registry and development at the National Cancer Centre Singapore even though he wasn’t actually meant to be the one managing the server. There were also delays in reporting the incident, plus days passed before it was discovered that data had actually been stolen. What a mess it all sounds! Not exactly the most confidence boosting as Singapore continues to want to be a Smart Nation and collect data.

On the issue of data breaches, this piece from RICE Media deserves more attention: Kurt Peters points out that some banks and companies in the Central Business District don’t shred their documents, which means it’s actually possible to just buy piles of personal data off a rag-and-bone man. OMG.

The culture war rages on

What can I say—the 377A debate is still going on. On Team Repeal: human rights group Maruah, who said repealing 377A would ensure a “secular common space”, and veteran diplomat Tommy Koh, who pointed out the difference between a sin and a crime in a paywalled op-ed. In favour of retention: law professor Thio Li Ann, who over a decade ago had likened anal sex to “‪shoving a straw up your nose to drink”, and Muslim community organisation Jamiyah Singapore. The Ready4Repeal team were going to have their townhall session at Suntec Convention Centre, but the venue was cancelled due to “unforeseen circumstances” and they had to find an alternative.

For some context to the “culture war” being fought over LGBT rights that we’re seeing in Singapore, Simon Vincent wrote a piece on evangelicalism in secular Singapore for New Naratif that we published this past week. New Naratif’s latest episode of our Political Agenda podcast also takes a look at Section 377A and the LGBT movement in Singapore.

And there’s more…

Minister for Home Affairs and Law K Shanmugam indicated that Singaporeans will get a better idea of who’s going to be Lee Hsien Loong’s successor after the People’s Action Party election later this year. Analysts say to look out for the guys—because the one thing we’re definitely certain of is that they’ll be men—who will be appointed assistant secretary-generals of the party.

Grab and Uber have been fined S$13 million in total—S$6.4 million for Grab and S$6.58 million for Uber—for being anti-competition. The Competition and Consumer Commission of Singapore has also demanded that Grab maintain “pre-merger pricing algorithm and driver commission rates”, among other things.


And now for a visual break about the neighbours…

There wasn’t a visual break last week because I couldn’t think of any video to share. This week, though, the visual break is also doubling up as the “About the Neighbours” section, because John Oliver’s done this segment about Facebook in Myanmar. 👇🏼