Thwarting the cyber terrorist
Source: The Straits Times
By Ho Ka Wei and Ben Nadarajan
Date: November 14, 2003
TO STOP a hacker before he strikes, the authorities can now take two key steps - initiate pre-emptive action if he is in Singapore, or seek Interpol's assistance if he is overseas.
These actions are possible because of changes made to the Computer Misuse Act, which are part of a national effort to build a robust defence against cyber attacks.
A Home Affairs Ministry spokesman told The Straits Times the measures can be 'technical, operational or procedural' in nature.
These could include perimeter defences, such as firewalls, tools that can detect vulnerability in networks, real-time intrusion detection and anti-virus systems.
The spokesman also said yesterday that if a company was threatened, the new laws would enable the authorities to take its affected operations offline to remove the threat.
However, she added that if this happened, steps could be taken to ensure business continuity.
All these new measures are needed to guard against cyber terrorism, which terrorism expert Rohan Gunaratna described as a 'very real threat' in an interview with The Straits Times on Tuesday.
Before the changes to the law were made, the authorities could act only after an offence had been committed.
Now, action can be taken to thwart any threat to national security and essential services here, which include communications infrastructure and the public transportation network.
For cases involving offenders operating outside Singapore - where the majority of hacker attacks originate - the Criminal Investigation Department will seek help from the relevant Interpol agency, said the ministry spokesman.
Between 1999 and last year, 16 people here were arrested for hacking.
Police said some of the targets included personal websites, corporate Web servers and individual PCs.
There were 24 cases of successful hacking in the first six months of this year. Three people have been convicted.
But while the changes give the authorities a lot more teeth, reactions to them have been mixed.
Some people said they are necessary because Singapore is a highly wired society, but others raised concerns, citing the wide-ranging nature of the changes, the lack of checks and balances, and fears that Singaporeans' electronic privacy may be eroded.
But legal experts said the authorities here are not alone in having such powers, and pointed out that even Britain and the United States have such provisions in their laws.
Associate Professor Daniel Seng, director of research at the Singapore Academy of Law and a visiting professor at the National University of Singapore's law faculty, said: 'The USA Patriot Act is even wider in its reach, in some respects.
'It even has broad-ranging powers for surveillance with little, if any, focus on terrorism and other criminal activities that have an impact on national security.'
But it faces opposition from libertarian groups, he added.
The changes to the law here do not sit well with some either. They argue that the powers are too wide and give too much power to the authorities, and added that there is no mechanism that ensures restraint, either.
Mr R. Ravindran, an MP for Marine Parade GRC, said an independent third party would help to make such pre-emptive actions accountable.
He cited the US example, where a court had to be informed before a phone could be tapped.
West Coast GRC MP Ho Geok Choo gave the assurance that she would push for further changes to the law, such as calling for interim measures before extreme actions are taken, if needed.
In Parliament on Monday, when the changes were passed, Madam Ho had dubbed the amended Act the 'cyberspace equivalent of the Internal Security Act'.
But, she said yesterday, 'there is nothing to stop further amendments'.
^macro[showdigestcomments;^uri;Thwarting the cyber terrorist]