IDA MD Jacqueline Poh talk cock in her replies on breach

[Confuseous]

Hi IDA, we are a bit concerned.
By Martino Tan

The Infocomm Development Authority (IDA) told the media yesterday that 1,560 SingPass accounts could have been accessed illegitimately.

SingPass is a password that was set up for every citizen in 2003 to access the 340-plus e-government services from 64 government agencies.

IDA said it was notified on June 2 by its contractor, CrimsonLogic, that a number of SingPass users had received a SingPass reset notification letter although they did not request for any password reset. A police report was lodged on June 3.

I am not a techie and I don’t want anybody to get hurt. But I’ve got four questions to ask, because this incident raises several questions for IDA.

1. When was IDA going to announce to the public about the breach? Could IDA have informed the public earlier?

According to TODAY, the breach surfaced over the weekend (1 June) when 11 SingPass users received letters informing them that they had requested for a password reset, though they had not.

But it might have occured earlier. In fact, the breach could have occurred as early as four days before (28 May). This is because if the password was reset, the SingPass Password Reset Notification Letter would be sent to the user via post within 4 working days. (according to SingPass website)

However, both the Straits Times and TODAY observed that the press conference was ”hastily-convened” yesterday. This gives one the impression that IDA was not prepared to inform the public yet. But this was three days after the breach (1 June).

What if the breach reaches beyond the 1,560 SingPass users? It might have caused widespread alarm among more SingPass users if they too receive letters for a password reset. I understand that IDA may not have all the answers but it could have informed the public earlier.

2. What took SingPass operator CrimsonLogic so long (at least 24 hours) to inform IDA?

The breach surfaced over the weekend but CrimsonLogic only flagged the problem to IDA on Monday evening.

3. Were the SingPass accounts compromised or even hacked?

IDA’s words will not calm concerned SingPass users. IDA said that there was “no evidence to suggest that the SingPass system has been compromised”. If I understand correctly, this means IDA have found no evidence that the accounts were compromised. But this does not mean that the accounts were not compromised.

4. Why wasn’t two factor authentication rolled out? What was taking IDA so long to protect its fellow citizens against potential hacking?

Kudos to The Straits Times for their incisive commentary about the breach and why the two-factor authentication should be rolled out. Former ST editor Bertha Henson also made a good point on her Facebook post - if the Monetary Authority of Singapore requires two-factor authentication for banking online, the government should do the same for its portals and have a second layer of checks for all citizens.

From ST commentary, we know two things:

1) IDA was aware that a two-factor authentication (those we use for online banking) was a stronger defence against illegal tampering; and 2) IDA put out two tenders for a new SingPass system in 2012 and 2013 but did not award the tenders.

When asked about the delay, IDA managing director Jacqueline Poh said, “We continue to explore the use of 2FA for e-government transactions, particularly for those involving sensitive data… In the meantime, we have put in place multiple levels of security such as captcha and sending letters to your residential addresses when SingPass passwords have been changed. These measures are already in our system.”

Dear IDA, I don’t think you are addressing ST’s question and our concerns.

http://mothership.sg/2014/06/4-questions-we-want-to-ask-ida-about-the-singpass-security-breach/

 

[makapaaa]

Ah! Another $500k per year (?) Admin Service scholarship holder:

https://www.ida.gov.sg/About-Us/New...airman-and-Managing-Director-at-IDA-Singapore

Date: 02 May 2013
Singapore, 2 May 2013 | For Immediate Release

Mr Steve Leonard and Ms Jacqueline Poh to join IDA​

The Ministry of Communications and Information (MCI) and the Infocomm Development Authority of Singapore (IDA) are pleased to announce the appointment of Mr Steve Leonard as executive Deputy Chairman and Ms Jacqueline Poh as Managing Director of IDA Singapore. They will officially assume their new appointments on 10 June 2013. The current IDA CEO, Mr Ronnie Tay, will return to the Administrative Service for another posting in the Public Service.

Mr Steve Leonard, an industry veteran with more than 28 years of international experience working in global technology firms, will have executive leadership responsibility for IDA as the new Deputy Chairman. He will focus primarily on industry promotion and development. This includes strategic planning and development of manpower for the infocomm sector, infrastructure development, spearheading the transformation of innovative start-ups and local enterprises, and overseeing various national cross-sectoral programmes. Mr Leonard, who has been serving on the IDA Board of Directors since 2009, was President of EMC Asia Pacific and Japan for more than six years, and previously served as the senior leader for Symantec software in Asia. He was also a senior executive of EDS Corporation in both Asia and Europe.

To assist the Deputy Chairman, IDA will also be appointing a Managing Director who will lead IDA's policy and regulatory functions, including developing infocomm policy, telecoms regulation and information security, as well as guide the strategic Government Chief Information Officer (GCIO) function.

Ms Jacqueline Poh will be seconded from the Administrative Service to take up the new position at IDA. Ms Poh was previously the Divisional Director, Workplace Policy and Strategy Division, Ministry of Manpower (MOM). Prior to MOM, Ms Poh served in other ministries including the Ministry of Finance where she oversaw issues relating to social and security, and taxation related matters.

On the new management appointments, IDA Chairman, Ms Yong Ying-I said, "Infocomm technology is now pervasive, transforming how societies function, how government engages with citizens, and how business is done. The possibilities and the challenges have increased. The appointments of an executive Deputy Chairman and a Managing Director at IDA, who bring strong private sector and public sector experiences with them, will enable IDA to more strongly drive impactful transformation across a broad range of sectors and issues affecting our economy, society and government."

Mr Steve Leonard said, "I have been a long term resident of Singapore, and I have seen how important technology is here. I am keen to help move Singapore forward with the many exciting national initiatives IDA is championing, such as the ones in smart cities and big data. Together with Jacqueline, I look forward to working with the IDA team to forge a common vision and further deepen Singapore's commitment to innovation both locally and internationally."

Ms Jacqueline Poh said, "Recent advances in both information and communications technologies have made it an exciting time to be in this space. The pervasiveness of connectivity in Singapore puts IDA in a good position to capitalise on ICT to help the government deliver more value to the public and to help businesses delight their consumers. IDA has an important role as the Government's CIO to champion the development of novel digital capabilities and approaches to improve our services to our citizens."

The current IDA CEO, Mr Ronnie Tay, will return to the Administrative Service from 10 June 2013 for another posting. Ms Yong said, "The IDA Board expresses its deep appreciation to Mr Ronnie Tay for his many contributions to IDA and Singapore's infocomm development. Under Mr Tay's leadership, IDA has made very significant progress in realising Singapore's iN2015 vision of developing into an intelligent nation, global city powered by infocomm."

Mr Tay has helmed IDA since November 2007 and under his leadership, Singapore has successfully deployed the Next Gen Nationwide Broadband Network to 95% of homes as well as businesses, with more than 250,000 fibre broadband subscribers. For the infocomm industry, the S$46 million Infocomm Industry Productivity Roadmap was launched in 2011 to push for productivity in the ICT sector, benefitting more than 70 companies and 6,700 infocomm professionals to date. Similarly, through the Infocomm@SME programme, more than 5,000 SMEs have benefitted from the iSprint grant scheme to use infocomm to enhance business productivity. In addition, various sectoral transformation programmes for education, healthcare, finance, logistics and transport were implemented, and the eGov2015 masterplan was launched in 2011.

During Mr Tay's tenure, IDA worked with the Ministry of Communications and Information to introduce the Personal Data Protection Act. IDA also worked to review the spectrum allocation frameworks for mobile broadband services such as that for 4G, and introduced various consumer protection measures such as enhancing 3G Quality of Service standards. New initiatives such as the Smart Cities Pilots & Trials Programme and New Ways of Work which included the setting up of Smart Work Centres have been introduced. Leveraging on emerging technologies and trends such as business analytics and Big Data, IDA also encouraged the development of innovative services through CFCs for mobile positioning and analytics services, and harnessing data for value creation. "It has been a great privilege for me to have served with the team in IDA, in our efforts towards harnessing the potential of infocomm for economic and social development. I very much appreciate the collaboration and support of the infocomm industry, government agencies and various partner organisations during my term in IDA." said Mr Tay.