• IP addresses are NOT logged in this forum so there's no point asking. Please note that this forum is full of homophobes, racists, lunatics, schizophrenics & absolute nut jobs with a smattering of geniuses, Chinese chauvinists, Moderate Muslims and last but not least a couple of "know-it-alls" constantly sprouting their dubious wisdom. If you believe that content generated by unsavory characters might cause you offense PLEASE LEAVE NOW! Sammyboy Admin and Staff are not responsible for your hurt feelings should you choose to read any of the content here.

    The OTHER forum is HERE so please stop asking.

[Sg] - PAP Josephine Teo espouses her tech wisdom on how to deal with tech disruptions such as the one caused by Crowdstrike by using BCPs and TTXs!

UltimaOnline

Alfrescian (InfP)
Generous Asset
Joined
Jul 16, 2008
Messages
21,870
Points
113
20240531108197850brianteo-azmoonshot31-09.jpg

Josephine Teo


The IT systems in Singapore organisations affected by the global outage are almost fully recovered.

Yet the incident has left many of us feeling vulnerable and questioning our heavy reliance on technology for everyday activities. These feelings are completely understandable and valid.

We should be concerned. The real question is what we can do about these concerns.

It’s highly unlikely that we can withdraw or even reduce our interactions with the digital world. Digitalisation is one of those mega trends worldwide we must learn to gain mastery over. Many people get that.

But we also dread being swept along by the inevitable and sometimes feel like we cannot avoid becoming victims.

Is there nothing we can do? Or are there, in fact, some concrete actions we can take to prepare and protect ourselves for such events?
How?

Preparation for an incident like that of the last few days often begins during “peacetime,” when nothing is going wrong, and when we might be lulled into a sense of mistaken comfort.

It is precisely when things are going reasonably well that we must take action to fortify our defences.

It starts with robust testing and putting in the right safeguards so that incidents are prevented in the first place. Testing and red-teaming must be prioritised and conducted across multiple levels so that appropriate safeguards can be put in place.

It also involves planning for suitable responses when things go very wrong, such as putting in place Business Continuity Plans (BCPs), which many organisations have.

It is vital that we update our Business Continuity Plans and practise them regularly, stress-testing ourselves through Tabletop Exercises (TTXs).

In Singapore, we take TTXs seriously. For instance, Exercise Cyber Star conducted by CSA last September involved 11 CII Sectors, including public and private organisations from Banking and Finance, Government (including Power and Water). In addition, the agencies in charge of various sectors run their own TTX to focus on their respective domains.

For the whole of government, yearly exercises are conducted. In the past 3 years, close to 100 Government agencies have exercised their crisis management responses as a team.

These exercises are helpful in refining our emergency responses, thus building confidence in our People, Processes, and Technology.

During each exercise, we ensure our technology is up-to-date and resilient against outages. We practise our incident responses and Business Continuity Plans, so that we know what to do and who to contact during crises. Our people demonstrate their dedication and hone their knowledge and capabilities to respond under stress.

The existence of BCPs and TTXs will not eradicate crises. In fact, they exist precisely because we know that outages will happen. It is not a matter of if, but when. Hence, we need to do as much as we can even before incidents happen so that we can recover and prevail over the disruptions.

Let's continue to learn as much as possible from the incident to strengthen our digital resilience. Only by doing so, can we emerge stronger together.


gab-byline.png

Gabrielle Andres
Correspondent

SINGAPORE – Preparations for crises like the recent global tech outage often start in peacetime, when things are going reasonably well, said Minister for Digital Development and Information Josephine Teo.

At such times, safeguards are put in place to prevent incidents from occurring, and plans are drawn up to respond when “things go very wrong”, she wrote in a Facebook post on July 21.

“It is precisely when things are going reasonably well that we must take action to fortify our defences,” Mrs Teo said, adding that the Government regularly stress-tests its systems through tabletop exercises.

The July 19 tech outage was related to a software update by cyber-security firm CrowdStrike. It affected nearly 8.5 million Microsoft devices, or less than 1 per cent of all Windows machines, according to a Microsoft blog post on July 20.

Companies worldwide, including airlines, banks and media outlets, reported disruptions to their services and operations. In Singapore, services at Changi Airport and Singapore Post were among those affected.

Government services in the Republic, as well as local banks, telcos and hospitals, were not affected by the outage, said the Ministry of Digital Development and Information on July 19.

Mrs Teo wrote in her post that IT systems in Singapore organisations affected by the outage are “almost fully recovered”.

“Yet the incident has left many of us feeling vulnerable and questioning our heavy reliance on technology for everyday activities,” she noted. “We should be concerned. The real question is what we can do about these concerns.”

Mrs Teo said fortifying Singapore’s defences starts with robust testing and putting in place safeguards to prevent such incidents from occurring.

“Testing and red-teaming must be prioritised and conducted across multiple levels so that appropriate safeguards can be put in place,” she said.

Red-teaming typically refers to a process where a system undergoes a series of rigorous tests to find gaps in safety.

“It also involves planning for suitable responses when things go very wrong, such as putting in place business continuity plans (BCPs), which many organisations have.”

Such plans should be updated and practised regularly, with stress tests carried out through tabletop exercises.

Singapore takes tabletop exercises seriously, Mrs Teo added.

The whole government also conducts yearly exercises, with nearly 100 government agencies having exercised their crisis management responses as a team in the past three years.

“These exercises are helpful in refining our emergency responses, thus building confidence in our people, processes and technology,” Mrs Teo said.

She added that the Government ensures that its technology is “up to date and resilient against outages” during each exercise.

“We practise our incident responses and BCPs, so that we know what to do and who to contact during crises,” she said. “Our people demonstrate their dedication and hone their knowledge and capabilities to respond under stress.”

However, she pointed out that the existence of BCPs and tabletop exercises “will not eradicate crises”. “In fact, they exist precisely because we know that outages will happen. It is not a matter of if, but when,” she said.

“Hence, we need to do as much as we can even before incidents happen so that we can recover and prevail over the disruptions.”

https://www.straitstimes.com/singap...ech-outages-starts-in-peacetime-josephine-teo
 
Fucking bastard. The defense is done by ceca and the leaders are the jlbs scholars and directors from the gov ministries that turned into puppies under my scrutiny.
 
Fucking bastard. Before this incident happened there were already exercise and bcp ongoing but the problem still exists and now talk back the same topic.
 
Fucking bastard doesn't know the actual problem lies with the incompetencies of the ceca supports during the actual fail over executions.
 
Fucking bastard doesn't know the actual work is not done by the gov ministries scholars and directors themselves but outsourced to ceca and others and every few years backside itchy must change project award to new vendors. Even the working plans are already in placed, the new vendor that took over will mess it up and become not working.
 
I don’t think Jo Teo is tech savvy enought to pen the article. It’s probably written by her Tech Advisors….
 
I don’t think Jo Teo is tech savvy enought to pen the article. It’s probably written by her Tech Advisors….
The role of a politician is to act and push agenda. Yes, she is running a ministry with many experts to support her
 
if majority of a cuntry’s enterprises and businesses rely on ms, it will always remain a catastrophic problem. i once worked for a major sp500 firm, and there were $20m worth of downtime and lack of productivity every 2 weeks when windoze platforms mandated security and office suite updates. 69% of company using windoze were held hostage for at least 16.9 minutes (some 69 minutes) while ms went thru’ its updates at an sexcruciatingly painful snail pace. ms had to force all corporate users to update and change sso credentials at the same time as they got hit by bugs and hacks on their weak security platforms. fucking stupid worst not best practice. why can’t they let corporate users stagger their updates after midnight (maintenance window) and at non-productive hours like apple does? after losing $20m every 2 weeks from 169k employees being held hostage for at least 16.9 mins starting at 8am pct the ceo decided to override the cio and give employees new and old the option to buy apple imacs and macbooks.
 
Last edited:
if majority of a cuntry’s enterprises and businesses rely on ms, it will always remain a catastrophic problem. i once worked for a major sp500 firm, and there were $20m worth of downtime and lack of productivity every 2 weeks when windoze platforms mandated security and office suite updates. 69% of company using windoze were held hostage for at least 16.9 minutes (some 69 minutes) while ms went thru’ its updates at a sexcruciatingly painful snail pace. ms had to force all corporate users to update and change sso credentials at the same time as they got hit by bugs and hacks on their weak security platforms. fucking stupid worst not best practice. why can’t they let corporate users stagger their updates after midnight (maintenance window) and at non-productive hours like apple does? after losing $20m every 2 weeks from 169k employees being held hostage for at least 16.9 mins starting at 8am pct the ceo decided to override the cio and give employees new and old the option to buy apple imacs and macbooks.
IT= cheap labor, everywhere Lenovo, system engineer network engineer manager C Level here majority foreigners sinkies can only be found in GLCs or SMEs and lanjiao sinkie companies
 
IT= cheap labor, everywhere Lenovo, system engineer network engineer manager C Level here majority foreigners sinkies can only be found in GLCs or SMEs and lanjiao sinkie companies
that’s the problem. for bottom line cio’s outsource it to cheap cecas and outmoded intel and ms platforms. instead of achieving bottom line it will bottom them out sooner or later. not a matter of if but when.
 
Back
Top