Report of the COI into the Cyber Attack on SingHealth 10 Jan 2019
COI Report – Part II Page 26 of 425 and response security assessments and working with the Infrastructure and/or Application teams in IHiS to close escalated security tickets from IHiS’ outsourced Managed Security Services (“MSS”) provider. The team has doubled in size from 2016 to 2018, and is augmented by outsourced partner services. More information on SingHealth’s Computer Emergency Response Team (“CERT”), which is under SMD, maybe found at at paragraph 112 (pg 40) below. d) Systems Management, whose day-to-day operations include (but are not limited to) server operations and monitoring, database storage, server technical refresh and upgrades, and server patching. The Systems Management Department includes a team that provides infrastructure support for the SCM system and SCM Application Citrix servers (the “Citrix Team”), and a Database Management team whose responsibilities include managing the SCM database. 68. All members of the Infrastructure Services team are organised in a matrix reporting structure. In addition to the four towers, there is a horizontal Cluster Infrastructure Services grouping across the towers. Under the current structure, when an infrastructure services issue is picked up atone Cluster site and needs to be addressed, the tower lead of the IT domain into which the issue falls is supposed to ensure that the issue is addressed across all the Clusters. The current structure is intended to facilitate the propagation of information and holistic implementation of actions across Clusters. 9.1.4 Service Delivery 69. The Service Delivery team is generally responsible for the Maintenance and Support Stage of production systems including SCM. They work closely with the outsourced helpdesk (i.e. level 1 support) on all IT incidents, and provide level 2 support i.e. restore services to normalcy as quickly as possible. They also follow-through with relevant program teams to resolve identified issues (level 3
