Report of the COI into the Cyber Attack on SingHealth 10 Jan 2019
COI Report – Part VII Page 241 of 425 However, these are manual processes which not only are error-prone but will also require constant updating. 698. Hence, experts such as Dr Lim have recommended the use of an asset discovery tool to automate the asset discovery and management process, as opposed to a physical asset register updated manually. In his expert opinion, such a tool should be adopted to augment a network access control solution (which is limited in its effectiveness as a tool to discover and manage assets in the network. 699. The Committee was informed that IHiS is planning to setup a central Public Key Infrastructure (“PKI”) to issue digital certificates such that only authorised devices and applications with valid certificates can connect to IHiS’ network, and intends for the central PKI to support key exchange for encryption purposes. 700. The Committee also notes that IHiS is working towards the implementation of posture checking, which will ensure that endpoints have necessary operating system (“OS”) patches and antivirus/malware signature updates before they are allowed to connect to the corporate network. This measure will help to enhance network access controls. 36.2.3 Reviewing the network 701. In addition to the abovementioned regular reviews, rules that allow or limit network traffic between different network segments must be periodically reviewed to identify vulnerabilities. In particular, any changes to the network configuration or architecture must trigger a separate security review to check that the change has not created new gaps in the existing layers of defence. As regards the Cyber Attack, following the migration of the SCM system to H-Cloud, there remained an open network connection from the Citrix server farm at SGH to the SCM database server at H-Cloud data centre. The open network connection was a critical pathway exploited by the attacker.
