Singapore To Cut Off Internet Access For Government Workers From 2017 (thestack.com) 122
An anonymous reader writes: Government workers in Singapore will return to a 1990s-level of net connectivity from May of 2017, as the domestic government has decided to block internet access on all of its 100,000 office computers. The decision has been made in the interests of national security, although the Draconian policy will still permit workers to forward work mails to private email addresses as necessary. Workers' own devices will be allowed to connect to the internet normally by special terminals being provided in early trials, while intra-departmental connectivity will presumably be maintained via VPN tunneling. The move comes in the direct wake of a visit to Singapore from the U.S. Secretary of Defense Ashton Carter late last week, promoting stronger security ties with Singapore in the face of the rise of China in the region.BBC News has more details.
Productivity not Security (Score:1, Interesting)
Government workers will actually have to do their jobs now instead of sit around all day watching cat videos.
Re:Productivity not Security (Score:4, Insightful)
We could hope this would spur a global reassessment of the use cases for Internet Access at the workplace. Most workplaces would function well with a whitelist of the small handful of websites a worker needs to be able to navigate to remain a productive worker.
You're at WORK.
Re: (Score:1)
If government workers actually spent all day working, we would need about half the number of them. This would cause mass lay-offs from the public sector, flooding the jobs market with unemployed people. This would cause a spiral of wage deflation, reduced spending power, declining tax receipts, spending cuts, leading to civil unrest, and ultimately the collapse of government and social order.
Let them have their cat videos.
Re: (Score:1)
If government workers actually spent all day working, we would need about half the number of them. This would cause mass lay-offs from the public sector, flooding the jobs market with unemployed people. This would cause a spiral of wage deflation, reduced spending power, declining tax receipts, spending cuts, leading to civil unrest, and ultimately the collapse of government and social order.
Let them have their cat videos.
To be fair I work in the private sector and I can't see much difference between your example and all of my work places.
Re: (Score:3)
Not as a developer. I've been at places with filtering where to many sites with information I need end up in the blacklist. Rather than put in a support ticket, I often find it easier to proxy over SSH. I've only been caught doing this once at a company and that was cause some dickhead used my proxy to pump a huge file though. I stopped giving people access to my jumpbox after that. (I wasn't fired either; just given a warning. It didn't matter though -- turned in my notice for a new job a month later :-P)
T
Re: (Score:2)
Couldn't you just ask them to unblock stackoverflow so you could keep copy pasting your work?
That's what we did at a previous company (defense contractor). We requested things like infoq, stackoverflow/stackexcange, acm and ieee.org for being unblocked, and voila. It kinda sucked not to have access to cnn, dilbert and slashdot, but that's the whole point (to limit dicking around.) Besides, if we really wanted to browse, we simply used our smartphones during coffee breaks.
I can totally see the reasoning behind it.
Re: (Score:3)
Sometimes productivity actually drops once filtering "fun" sites is implemented. Instead of 10 seconds to check facebook and 2 minutes to glance through a few news articles on a computer, it now takes 5 minutes on Facebook and 10 minutes on news sites to do the same thing on a phone.
Re: (Score:2)
Sometimes productivity actually drops once filtering "fun" sites is implemented. Instead of 10 seconds to check facebook and 2 minutes to glance through a few news articles on a computer, it now takes 5 minutes on Facebook and 10 minutes on news sites to do the same thing on a phone.
It is all a matter of balance and requirements. For a company doing "enterprisey" stuff, who cares about access to the internet. If you are working with a defense-related company (as in the example I alluded to), you cannot play with that shit.
And let's think about the context of this story. Singapore. Government agencies in Singapore are getting flooded by attacks from China, like you would not believe. They are being forced into implementing this policy. So I don't blame them, and that's what I would if
Re:Productivity not Security (Score:5, Interesting)
This concerns me.
I rather have government workers looking at cat videos all day rather than harassing citizens.
Re: (Score:2)
GET BACK TO WORK! (Score:3)
Re: (Score:2)
"Government workers will actually have to do their jobs now instead of sit around all day watching cat videos."
Hardly, they'll just use their phablets instead.
Re: (Score:2)
Don't forget solitaire!
Re: (Score:2, Funny)
Considering how long it takes to get a response from private industry or get them to do what they're being paid to do I can only assume they're the ones making the cat videos.
Good start (Score:5, Insightful)
You know what would be even more secure? No printers or photocopiers. If someone wants to write a document, they have to do it longhand. If someone wants a copy, they have to copy it longhand as well. That will really slow down the leakage of information!
Of course a truly secure society would get rid of writing altogether. Important secrets will be passed down using special people with trained memory (often called "bards"). They use song and rhyme to help with the large amounts of memorization required. Ever heard of anyone running off with the vital military secrets of an Amazonian or Pigmy tribe? No? That's why.
Efficient dissemination of information is for suckers.
Re: (Score:2)
You know what would be even more secure? No printers or photocopiers. If someone wants to write a document, they have to do it longhand. If someone wants a copy, they have to copy it longhand as well. That will really slow down the leakage of information!
Of course a truly secure society would get rid of writing altogether. Important secrets will be passed down using special people with trained memory (often called "bards"). They use song and rhyme to help with the large amounts of memorization required. Ever heard of anyone running off with the vital military secrets of an Amazonian or Pigmy tribe? No? That's why.
Efficient dissemination of information is for suckers.
Very clever, but I point out that local copies -- while still vulnerable to inside leaks and what not -- are NOT vulnerable to hackers across the world. It might be less efficient, but then again, how many billions of dollars are companies/governments pouring into infosec only to get breached anyway?
Re: (Score:1)
I had a boss who wished he could ban most of our users from using the printers but it was more about the sheer waste of paper. We have so many ways to electronically edit and mark-up documents and drawings but so many of the old engineers still want to print everything out and scribble all over it by hand. Some of them are just too stubborn to learn new tools and then complained when they were told by management "no, it's not a good use of time to hand write everything and try to get a younger engineer to t
Re: (Score:2)
I don't understand why no one just uses pgp to sign documents or hash them.
I would venture to say that it's primarily because it's too difficult a process for non-tech people to grasp right now.
Re:Good start (Score:4, Insightful)
The "old engineers" use pen and paper like that because they work faster than any computer-based document or diagramming tool can handle.
It's not a problem with learning the new tools. The problem is that once they've learned the new tools, the new tools are still way fucking slower than a pen and paper.
Maybe you don't understand this, but when a true master is in the zone and cranking out top-notch work, this master can't be burdened with shitty software that doesn't work fast enough just to save a few sheets of paper.
When an experienced engineer like that costs $300/hr, it's better for him or her to be producing $10,000/hr of value using a pen and paper than it is producing just $3,000/hr of value using some shitty software. And it makes perfect sense to have the $25/hr inexperienced engineer, who'd be producing way less value than $7,000/hr, input the hand-written notes instead.
It's simple economics, and experienced engineers actually tend to understand economics and optimization far better than most managers do.
If these experienced engineers want to use pen and paper, it's because that's the optimal way of dealing with the problem. The software you're proposing is suboptimal.
Re: (Score:2)
The "old engineers" use pen and paper like that because they work faster than any computer-based document or diagramming tool can handle. It's not a problem with learning the new tools. The problem is that once they've learned the new tools, the new tools are still way fucking slower than a pen and paper.
Oh please, a lot of old farts refused to learn how to use a keyboard so the secretary had to type things up for them. I even known some accountants didn't really trust anything but their mechanical calculators. For the longest time, my mom wouldn't use the microwave because OMG radiation. I agree, there's certain kinds of sketches that are done better on paper. But I also know a guy who'll print 50 pages to add a few comments on paper and when the next revision is out, obviously the old is thrown away. He c
Re: (Score:2)
It sounds like they're going to do what the bank which holds my mortgage has done - eliminated all direct Internet access. Essential communications is maintained via email conducted through a relay, which strips out all suspicious attachments like zip fil
Re:Good start (Score:4, Interesting)
Well, this is Singapore, who like a lot of countries, has a nice Great Firewall as well. (I still remember when internet was free and unfettered but there was talk of setting up the firewall... I think it was set up a year or two after I left).
Considering they want to keep contraband out of the country, I'd be surprised if they didn't already have some sort of gateway and all that - can't have illicit access to porn, for example. (Tor, they probably allow - given the penalty for drug use is death (firing squad, IIRC), well...)
Anyhow, it probably doesn't affect people as much as you think - Singapore is a very modern city-island-state and thus cellular data access is common everywhere.
Re: (Score:2)
The difference being that when left unattended, the photocopiers, printers, and people's fingers don't walk around under the command of someone halfway around the world, find secret documents, copy them, and mail them off to the person controlling them.
Actually, most photocopiers support all of that functionality these days. I could only hope they'll be turning off internet access for the copiers as well, but you never know.
Re: (Score:2)
Re: (Score:2)
Don't worry. No one person can hold the knowledge for how to make any of that advanced stuff. Even, ironically, a pencil [wikipedia.org] is beyond the capabilities of any single person to understand how to make. So without writing nobody will be able to look up how to make any of that stuff, and nobody will be able to order it from abroad either.
A small kingdom (on the order of 20,000 subjects) is about the most advanced society proven to be possible without any writing.
Re: (Score:2)
You're very funny, but it doesn't say no network access or no computer access. It's says no INTERNET access. Presumably they still have access to the intranet and all the resources therein which is probably the only thing they need to actually do their jobs.
Re: (Score:2)
You know what would be even more secure? No printers or photocopiers. If someone wants to write a document, they have to do it longhand. If someone wants a copy, they have to copy it longhand as well. That will really slow down the leakage of information!
Of course a truly secure society would get rid of writing altogether. Important secrets will be passed down using special people with trained memory (often called "bards"). They use song and rhyme to help with the large amounts of memorization required. Ever heard of anyone running off with the vital military secrets of an Amazonian or Pigmy tribe? No? That's why.
Efficient dissemination of information is for suckers.
Why would you need to have access to, say, CNN or youtube when you are on the clock? You are on the clock. You work. You want to do some leisure media consumption, do it with your smartphone on a coffee break or when you get home.
Thumb drives (Score:4, Funny)
Re:Thumb drives (Score:5, Insightful)
Re: (Score:2)
Nah, the best attack vector are active virus scanners that run as the system user. If you find a bug, you can just send the person a broken PDF and they don't even have to open it. You just need the AV to scan it and you're in.
Re: (Score:1)
Never underestimate the bandwidth of a station wagon full of hard drives.
"the Draconian policy" (Score:2)
the Draconian policy
The capitalized 'D' indicates that this is some kind of proper name. I take it this policy was enacted by a man named Draco?
Re: (Score:3)
Re:"the Draconian policy" (Score:4, Informative)
Re: (Score:2)
The 90s is calling. (Score:5, Informative)
I used to have to work like this back in 1998. Internet access was severely restricted and only 1 person per division had access and you'd have to tell them what you were looking for and they'd do the search for you.
In practice, it was faster for me to walk home, search for the information I needed and walk back than to do this or reinvent the wheel when 100 people had found the same problem and had already posted a solution.
Honestly I'm more productive with internet access, even if I'm currently at work posting this while waiting for my script to finish running.
Re: (Score:2)
Name a national government concerned about "productivity."
Re: (Score:2)
Re: (Score:2)
What role did you have and which company? During my days, I had full Internet access as a web designer at a dotcom company (RIP in 2001). :P
Productivity issues? (Score:5, Funny)
I predict (Score:3)
that the Singapore Govt may have difficulty retaining skilled staff.
Re: (Score:1)
True. They will lose all their staffers who are no longer able to update their Facebook.
Re: (Score:3)
that the Singapore Govt may have difficulty retaining skilled staff.
Unlikely. People who take government jobs aren't doing so for the paychecks. Very few of the people who would leave over this are working for the government anyway. It will be annoying, but the workers will adapt. Those who work for the government often do so because government jobs rarely get cut so it will take a lot more than this to get people to leave. Heck, I've known of people in private industry who were told bluntly "Your job WILL end. We're moving your job to another state and you won't be k
So no os updates? (Score:3, Insightful)
So no os updates? so if some can get into the network then it will be very easy to hack the systems then?
Re: (Score:1)
Re: (Score:2)
But then the AD servers will need to be online but who knows what will happen when some non IT guy makes this call and things brake down / some small office can't be cut off from the internet with out running an private line to keep it working. The internet blocked systems have ports 80, 8080, 443 cutoff and WSUS fails.
Re: (Score:2)
Yeah, I mean they'd never have a DMZ and a replication server anyways. I'm sure that every single update gets downloaded from Microsoft's servers today... And if windows breaks, lets go down to the local bazaar and pick up a new copy from the back to a cart!
How backward do you see this country?
Other Perspective (Score:5, Informative)
Re: (Score:2)
Re: (Score:3)
Yes, pay no attention to those spanking new Chinese islands in the S. China Sea, nor to their claims to own the entire S. China Sea because their ancestors used to piss in it 2000 years ago. Also please ignore the threatening moves across the Taiwan strait, those have nothing to do China acting like a bully to get Taiwan and thus provide alleged Chinese leaders (sic) a reason for being allowed to continue to run the Chinese fascist state. And those nice Norks should not be persuaded by the Chinese to stop b
Comment removed (Score:5, Informative)
Re: (Score:2)
"However not at your desk"
Why not? Why not get everyone laptops and let them use WiFi? Your company sucks.
Dude, if you have laptops connected with wi-fi, you are opening the same attack surface (if not a greater surface) than when you were connected directly to a LAN. There are legitimate reasons to only allow whitelisted sites (stackoverflow for example.) Why would you need access to CNN or youtube when ON THE CLOCK, clicking random websites loading trojans?
developers ? (Score:2)
do they employ any developers there ?
how in hell are they going to be able to do the work they're paid for ? printing thousands of pages of paper documentation ?
Re: (Score:2)
You could have local install of documentations. We used to have dumps of main part of MSDN coming with visual studio. I don't see why you could not have a similar thing. Once you decide to adopt a framework/library, install a local copy of its documentation.
Re: (Score:2)
Backwards 1990s way of working. Modern development happens way faster than this, plus many things now are cloud-based. How exactly do you do web development without internet access?
Re: (Score:2)
Awhile back, I had to do something on the IBM mainframe, after several years away from it. Some of the JCL wasn't working right, all the old JCL books were gone, and most of the people who knew more than I did were retired, dead, or both. I found the solution via a Google search.
Re: (Score:2)
do they employ any developers there ?
how in hell are they going to be able to do the work they're paid for ? printing thousands of pages of paper documentation ?
Whitelist selected sites like stackoverflow. That's what I've seen done. It doesn't impair development productivity. After all, you do not need wholesome access to the internet, do you?
to the extreme (Score:2)
This is the extent to which some people want to keep win 10 off their systems..... cut off the entire internet.
So .. (Score:2)
Why not VDI in some capability? (Score:4, Interesting)
I have seen VDI used to keep criticial infrastructure walled off, so a compromised workstation is less of an issue.
I have also worked on having individual machines, which had zero net connectivity to the outside world, patches were done by WSUS, SCCM, software was pushed out via those means or VMWare ThinApp, and the only machines that the workstations could communicate with, were a RODC, software server, and a terminal server.
The terminal server allowed people to run their Web browsers via seamless RDP to pretty much any sites they felt like (within reason -- pr0n sites were blocked due to the legalities of sexual harassment, for example). This way, all the web browsing to external sites was done on a well controlled VM, and if it got compromised, malware couldn't propagate to the internal machines. This seemed like a good compromise between allowing users to browse the web when need be, while keeping security tight.
Re: (Score:2)
Deploying VDI is not without its challenges, and I suspect that rather than work it out, the simple governmental response was to ban things. It also makes them look tough.
It may well be that they end up with VDI when they tire of being back in the 1990s, but it is just as likely that they'll open themselves in a hodgepodge, case-by-case way that makes them even less secure than they were previously.
Re: (Score:1)
VDI sounds great but it's rarely economical in all but some very narrow cases.
It's one of those products deemed "Enterprisey" and thus earns the "Because fuck you, that's why" pricing tears.
You need a fairly robust server farm with lots of resources. Servers need lots of memory, fast cpu, fast storage, and in some cases graphics acceleration. - All the things that make a server as expensive as possible. You can't skimp on any one aspect like most applications.
Then there's the server software. None of it is
No public cloud or web-based sites and services? (Score:1)
Pretty harsh way of controlling access (Score:2)
The only positives I can see from an approach like this are the elimination of a vector for ransomware and viruses, and maybe some illusion of control. There was a story about JCPenney corporate headquarters users watching endless hours of YouTube [gawker.com] in the 2013 timeframe. This was the same time the company was on the verge of going bankrupt after the Apple Store guy took over as CEO and tried to turn an old-school department store into a hipster haven. I'm very busy at work and have kids to get home to, so my
I think it can be done right (Score:2)
not every department need access to the internet nor do the departments that do need access need it to the extent that one might imagine.
I am increasingly finding that I can with forethought identify the domains hosting the information I need, e.g, stackexchange or wikepedia or javadocs or safari, there is no reason the prime aggregations of useful domain specific information can't be aggregated and downloaded with diffs maintained, the noise to signal ration on the internet is growing in the wrong directio
Good move! (Score:1)
That'll make it so that their systems won't keep trying to "upgrade" to Windows 10! Smart move Singapore!
The real story (Score:2)
Is that Singapore apparently has workers from the future.
Want to block the internet? (Score:2)
Ports 80 and 8080.
Done deal.