‘Leaders must be able to take criticism, acknowledge mistakes’: PM Lee

[clarinet]

Heard is a guy name Kenny?

[aerophone]

Heard NTU and other Uni joined the blacklist.

[sagotu]

Quote:

Originally Posted by aerophone

Heard NTU and other Uni joined the blacklist.

Heard that too.

[googleflight]

Quote:

Originally Posted by clarinet

Heard is a guy name Kenny?

Kenny or Benny, something like that.

[pukimak0]

Thread for UpZ exchange... 22-07-2018 10:34 AM don't like your post
Thread for UpZ exchange... 22-07-2018 09:09 AM help u with what ???
Thread for UpZ exchange... 22-07-2018 08:34 AM don't worry your master will help you
Thread for UpZ exchange... 22-07-2018 06:51 AM to be or not to be
Thread for UpZ exchange... 22-07-2018 05:46 AM what goes up will come down
Thread for UpZ exchange... 22-07-2018 05:41 AM please zap me some more
Thread for UpZ exchange... 22-07-2018 12:14 AM Help you to maintain negative
Thread for UpZ exchange... 22-07-2018 12:12 AM Lucky can reset
Thread for UpZ exchange... 21-07-2018 09:59 PM what a wonderful nite
Thread for UpZ exchange... 21-07-2018 09:56 PM happy birthday

[CheeHongGan]

Now that the dust had settled and the whole of Singapore knows that there was a breach of data at Singhealth . Few things to note : the hackers targeted some people . The hackers steal info about our NRIC . Why did the hackers target some people ? What are they hoping to find ? Why did they steal our NRIC data ? If you look at our whole life in Singapore is tied to our NRIC . So if someone tells you our data is safe nothing will be compromise do you believe them ? CPF ; HDB insurance ; finance ; government services ; banking ; Telco ; internet ; TV ; PUB ; private vehicles are all linked to our NRIC . Think about that . So you still want to be a smart nation ? You still want to be a cashless society ?

[sharklaserscom]

Quote:

Originally Posted by CheeHongGan

Now that the dust had settled and the whole of Singapore knows that there was a breach of data at Singhealth . Few things to note : the hackers targeted some people . The hackers steal info about our NRIC . Why did the hackers target some people ? What are they hoping to find ? Why did they steal our NRIC data ? If you look at our whole life in Singapore is tied to our NRIC . So if someone tells you our data is safe nothing will be compromise do you believe them ? CPF ; HDB insurance ; finance ; government services ; banking ; Telco ; internet ; TV ; PUB ; private vehicles are all linked to our NRIC . Think about that . So you still want to be a smart nation ? You still want to be a cashless society ?

Of course must go cashless, can track everything.
Revelation 13:17

[NotMyPresident]

4-member Committee of Inquiry convened to investigate SingHealth cyber attack


Minister for Communications and Information S. Iswaran, who is also Minister-in-charge of Cyber Security, convened the Committee of Inquiry on July 24, 2018.


Published 5 hours ago

Updated 1 hour ago




Irene Tham

Senior Tech Correspondent



SINGAPORE - The authorities convened a four-member Committee of Inquiry (COI) on Tuesday (July 24) to examine SingHealth's cyber attack that led to the biggest data breach in Singapore.

The committee, headed by former chief district judge and current member of the Public Service Commission Richard Magnus, will also recommend ways to better safeguard public sector IT systems.

The other members of the COI are executive chairman of cyber security solutions firm Quann World, Mr Lee Fook Sun; group chief operating officer of healthcare technology firm Sheares Healthcare Management, Mr T.K. Udairam; and assistant secretary-general of the National Trades Union Congress, Ms Cham Hui Fong.



The committee will look into the following areas:

•Establish the events and contributing factors leading to the attack on SingHealth's patient database on or around June 27, 2018, and the subsequent theft of patient data.

•Establish how the Integrated Health Information Systems, the technology outsourcing arm of public hospitals here, and SingHealth responded to the cyber attack.

•Recommend measures to better protect SingHealth's patient database system against similar attacks.

•Recommend measures to improve response plans for similar incidents.

•Recommend measures to better protect public sector IT systems which contain large databases.

•Submit a report of its proceedings, findings and recommendations to Minister for Communications and Information S. Iswaran, who is also Minister-in-charge of Cyber Security, by Dec 31, 2018.

Said Mr Iswaran, who convened the COI: "It is an important step in getting to the bottom of the incident and keeping Singaporeans' trust in our systems."

Deputy Prime Minister Teo Chee Hean said much was being done to prevent a future cyber attack, but emphasised that Singapore cannot let the incident derail its Smart Nation push.

He also emphasised that while the Government is doing everything it can to strengthen its systems, Singapore cannot completely eliminate the risk of another cyber attack.

"This is the nature of this ongoing battle. The would-be attackers are constantly developing new capabilities even as we reinforce our IT systems," said Mr Iswaran at the MCI Workplan Seminar held at Orchard Hotel on Tuesday.

At the yearly seminar, MCI charts its directions that will take Singapore into the digital future.

"It is also crucial that we do not allow this incident, or any others like it, to derail our plans for a Smart Nation," he added.

The SingHealth attack, announced last Friday, compromised the personal particulars of about 1.5 million patients, including Prime Minister Lee Hsien Loong's personal data and outpatient prescriptions.

Mr Magnus had previously chaired the three-man COI that looked into the Nicoll Highway collapse at a Circle Line MRT work site on April 20, 2004. Four workers were killed in the incident.

Other incidents that have been investigated by such high-level committees include the Little India riots in December 2013 and the series of train disruptions on the North-South MRT Line in December 2011.


more at : https://www.straitstimes.com/singapo...h-cyber-attack

[NotMyPresident]

Singapore Cyber Security Czar already a Brigadier General at 41

Published on 2018-07-24 by Correspondent


Singapore Cyber Security Czar David Koh Tee Hian came under fire from netizens when he nonchalantly remarked during the recent cyber attack on SingHealth's computer systems that the stolen information of the 1.5 million patients are only "basic demographic data".

"We are watching to see if anything appears on the Internet both in the open and in some of the less well-known websites," he said. "But considering the type of data that’s been exfiltrated (i.e, unauthorized transfer of data), it is – from our professional experience – unlikely that these will appear, because there is no strong commercial value to these types of data."

In other words, he is telling the 1.5 million patients not to worry about the theft of their personal data, which includes their name, IC number, address, gender, race and date of birth.

One netizen said, "If name, NRIC, date of birth etc are 'basic demographic info' and have 'no strong commercial value', then David Koh should just openly give everyone his own."

Added another, "Was having same thought. Still dare to state 'professional experience'... if professional enough, experienced enough, such breaches won't happen."

Yet another said, "Fire that guy la! This kind of mentality. No wonder we got hacked. Can he transfer his money to us also since to me his money is basic demographic data too. Chief Executive some more."

Promoted to BG in 2006

According to MINDEF, David Koh was awarded the SAF Merit Scholarship in 1985. And in 2006, he was among the 5 Colonels promoted to the rank of Brigadier-General. At the time, he was the Director of the Military Security Department in SAF. He was only 41 then.

Koh was said to have been trained at the various military institutions, including:
•The Royal Military Academy Sandhurst, UK
•The Signal Officer Advanced Course at the US Army Signal School, Fort Gordon
•The Command and General Staff Course at US Fort Leavenworth

In SAF, he has held various command and staff appointments. They include:
•G3 (Operations) in a Combined Arms Division
•Chief Signal Officer
•Head, Joint Communications and Information Systems Department in the Joint Staff
•Director of the Military Security Department, MINDEF

His awards include:
•Commendation Medal (Military)
•Public Administration Medal – Bronze (Military)
•Public Administration Medal – Silver (Military)
•Public Administration Medal – Gold
•Billington CyberSecurity International Leadership Award

In 2015 at 50, Koh was appointed Chief Executive of the newly formed Cyber Security Agency (CSA) under the Prime Minister's Office. Concurrently, he is also the Commissioner of Cybersecurity, the Deputy Secretary (Special Projects) and Defence Cyber Chief in MINDEF.

In addition, he sits on the Boards of the Government Technology Agency (GovTech), Defence Science and Technology Agency (DSTA) and DSO National Laboratories (DSO), the Monetary Authority of Singapore (MAS) Cyber Security Advisory Panel as well as the Public Utilities Board (PUB)’s Board Risk Management Committee.


more at : https://www.theonlinecitizen.com/201...general-at-41/

[NotMyPresident]

Committee of Inquiry into SingHealth cyberattack formed, report due Dec. 31, 2018

They get to decide if any part of the inquiry can be held in public.

By Jonathan Lim | July 24, 2018



The Committee of Inquiry (COI) looking into the SingHealth cyberattack has been formed, and Minister-in-charge of Cybersecurity S Iswaran has announced its four members.



Huh? What cyberattack?

Just to get any of you in need of it up to speed:

Non-medical records of 1.5 million patients were stolen in what’s being regarded as the most serious hacking in Singapore’s history. The information of 160,000 patients’ outpatient dispensed medicines was also successfully taken in the attack — including Prime Minister Lee Hsien Loong‘s:


On Friday, as the news broke, Minister Iswaran said he would be convening a COI to examine how this happened and recommend what needs to be done on the government’s part:



Story continues below


Here’s who they are:

Chairman — Richard Magnus

He’s a retired senior district judge, and a member of the Public Service Commission. He serves as chairman and board member of several public and private companies, and has also led two other COIs before:
•1992: investigation of a fire at the Sembawang Shipyard involving the ship tanker “M.T. Stolt Spur”
•2004: investigation of the cause of the Nicoll Highway collapse at the Circle Line MRT worksite

Lee Fook Sun

Lee is chairman of Quann World Pte Ltd. He sits on the boards of DSO National Laboratories, SMRT Corporation Ltd, and Great Eastern Holdings Limited. He’s served as director of joint intelligence directorate, the military security department and also assistant chief of General Staff (Logistics) with MINDEF and the SAF before.


T K Udairam

He is Group Chief Operating Officer of Sheares Healthcare Management Pte Ltd. He sits on the boards of Tote Board and the Healthcare Information and Management Systems Society, and has more than four decades of healthcare experience here, particularly with the operation and management of hospitals.

He also was part of the team that developed and implemented Medisave.

Cham Hui Fong

Cham is Assistant secretary-general at the National Trades Union Congress (NTUC), and sits on the board of theCPF. She is an authority member of the Civil Aviation Authority of Singapore and has served on tripartite committees that address labour-related issues.

And here’s what they’ve been asked to look into

There are a total of seven terms the COI is supposed to look into. They have till December 31, 2018. to submit their report.

Here are the terms:

1. Establish the events and contributing factors leading to the cybersecurity attack on Singapore Health Services Private Limited (SingHealth)’s patient database system on or around 27 June 2018, and the subsequent exfiltration of patient data therefrom;

2. Establish how the Integrated Health Information Systems Private Limited (IHiS) and SingHealth responded to the cybersecurity attack;

3. Recommend measures to enhance the incident response plans for similar incidents;

4. Recommend measures to better protect SingHealth’s patient database system against similar cybersecurity attacks;

5. In light of the cybersecurity attack and the findings above, recommend measures to reduce the risk of such cybersecurity attacks on public sector IT systems which contain large databases of personal data, including in the other public healthcare clusters;

6. Conduct itself in accordance with the provisions of the Inquiries Act, with the discretion to determine which, if any, part(s) of the inquiry shall be held in public, and consider the evidence put before the COI as led by the Attorney-General or his designates; and


more at : https://mothership.sg/2018/07/singhe...-cyber-attack/

[CMBI]

Quote:

Originally Posted by mimax

NUS makes police report, bars tech firm from hiring interns after complaint of inappropriate conduct

SINGAPORE (THE NEW PAPER) - A local tech firm has been barred from accessing the National University of Singapore's (NUS) internship portal following complaints by four female students.

The school has made a police report after alleged inappropriate conduct by a company director during a student's self-secured internship interview.

The New Paper understands that the interview took place in March via a one-way Skype video call, during which the director could see her, but she could not see him.

An NUS spokesman told TNP that the girl also informed faculty staff about a message containing unverified allegations against the director, and this was shared with the police.

The message, a copy of which was shown to TNP by faculty students, contained allegations of a sexual nature involving a previous intern who had gone on a business trip with the director and warned students not to join the company.

Students told TNP the message had been circulating among the student body for about a year.

Despite complaints going as far back as 2016, the firm was still listed on an NUS internship portal until May this year.

Between 2016 and last year, the university also received feedback from three other female students from different departments about unfair work practices in the company.

TERMINATION

All of them subsequently terminated their internships. No police report was made as they did not wish to pursue the matter further, the spokesman said.

"The university takes a serious view of any alleged harassment of our students," she added.

"NUS is deeply concerned about the allegations concerning this company. The safety and well-being of our students have been, and will continue to be, our top priorities."

She added that by early May this year, the company and its listings had been removed from the main job portal and two other portals managed by NUS.

However, the firm is still actively sourcing for interns from other schools such as the Nanyang Technological University and Lasalle College of the Arts under the name of a subsidiary.

The NUS spokesman said companies registered on its portals are able to view basic particulars such as contact details and curriculum vitae of students applying for internship positions.

The particulars may also include photographs or NRIC information, but only if they are required by a company as part of the internship application.

It is unclear if this was required by the company on the NUS portals, but it is asking for recent photos of applicants on other school portals.

Its listings on these portals also do not give a salary range, indicating only that it is negotiable.

The NUS spokesman said that based on its records, no NUS student is currently interning with the company.

Wondering what type of harassment?

[Woodshake]

Quote:

Originally Posted by NotMyPresident

4-member Committee of Inquiry convened to investigate SingHealth cyber attack


Minister for Communications and Information S. Iswaran, who is also Minister-in-charge of Cyber Security, convened the Committee of Inquiry on July 24, 2018.


Published 5 hours ago

Updated 1 hour ago

……….

Another wayang show

[Mane10]

The guy lie also don't know how to lie .

[NotMyPresident]

MAS tells financial institutions to tighten customer verification processes


The MAS recommended that banks verify customers with additional information before undertaking transactions, such as one-time passwords, pin numbers or biometrics.


PublishedJul 24, 2018, 7:11 pm SGT



Jose Hong


SINGAPORE - The Monetary Authority of Singapore (MAS) has urged financial institutions here to strengthen their customer verification processes.

It issued a statement on Tuesday (July 24) in the wake of the country's worst cyber attack when the personal data of 1.5 million SingHealth patients was stolen between June 27 and July 4.

The MAS said it recognises that banks already use two-factor authentication processes to identify their customers, and that financial institutions have robust processes in place.

However, it said they should no longer rely solely on the types of information that was stolen during the cyber attack: names, IC numbers, addresses, gender, race, and dates of birth.

It recommended that they verify customers with additional information before undertaking transactions, such as one-time passwords, pin numbers or biometrics.

The MAS also asked all financial institutions to conduct a risk assessment on the impact of the SingHealth attack on the services they provide to consumers.



more at : https://www.straitstimes.com/singapo...tion-processes


Please pay closer attention to your financial records and take steps to protect your hard earn money .

[NotMyPresident]

Spilt milk and Singhealth data breach


By Andrew Loh -
July 24, 2018

By Zitseng

As we digest news of our massive SingHealth data breach, let’s take a step back to assess how we’re dealing with the incident. We aren’t the first country to experience a major healthcare data breach. How are we doing compared with other countries, and what can we learn from ourselves as well as from others?

This SingHealth data breach involved personal data of 1.5 million patients, including information on outpatient dispensed medicines of some 160K of them. This is a serious breach, even though in absolute numbers, it’s very small compared with healthcare data breaches in other countries.

The largest healthcare data breach in the world to date is the Anthem medical data breach in the U.S. It was reported in early 2015 and affected 78.8 million people. Shocking, yes. Anthem is a health insurance provider. They lost more data types than what is reported for ours, but at the basic level, also included name, social security number (which can be compared with our NRIC number), address, and date of birth. In the aftermath after disclosure, Anthem offered free identity theft protection and credit monitoring services for two years, and settled several class-action lawsuits at a cost of US$115 million.

The 2015 year was a terrible year for the U.S. healthcare industry, because the 2nd largest data breach happened the same year, again in the U.S., this time involving another health insurance provider, Premera. They, too, lost medical records and financial information, on top of personal data. In the aftermath, Premera offered free credit monitoring and identity theft protection, also for two years.

These two cases show that SingHealth could at least try to do something more concrete for affected people. We are fortunate that SingHealth’s data breach didn’t involve much more information, though I’m suspicious if there is more to it than they’re letting on.

Identity theft is a very real threat and it can seriously disrupt our lives. I feel SingHealth, and our multi-ministry response to this data breach, could have dealt with this matter more extensively and more seriously. Text messages that SingHealth sent to patients to inform that their personal data was compromised added that, “no action required”, comes across as very irresponsible to me. Elsewhere they have advised affected people to “heighten online vigilance” and to secure “online credentials with strong passwords”.

Your personal data has been compromised, enough that criminals can use to get through account verification practices of many organisations. What does “no action required” mean? Are they saying that since there’s no easy fix anyway, hence no action required?


more at : http://theindependent.sg/spilt-milk-...h-data-breach/