Report of the COI into the Cyber Attack on SingHealth 10 Jan 2019
COI Report – Part IV Page 115 of 425 326. However, instead of carrying out further investigations to better understand the circumstances, the matter was concluded without further investigations or reporting. Ernest has stated that he did not take any further action because the foreign IP address was not a known C server, in that he had not received any information positively identifying the IP address as a C server. Unless he had received such information, no steps would betaken to block other suspicious IP addresses that had not been flagged as C servers. This completely passive attitude towards the identification and addressing of potential security risks is, in the Committee’s view, fundamentally inconsistent with the roles and responsibilities of the SIRM. 327. The failure to block the suspicious IP address across the whole network and to investigate Workstation A constituted a significant missed opportunity to prevent the attack. CSA is of the view that the fact that callbacks were being made to a suspicious URL and IP address from a workstation within the CII sector, and which was suspected to be infected with malware, should have been reported to CSA as a security incident. Had this been done at the time, it is possible that the Cyber Attack could have been detected earlier, and the appropriate actions could have been taken. 328. Separately, the Solicitor-General has submitted that Benjamin’s attempt at self-help by performing an analysis of process dump through the online service was “resourceful but inadequate”. The Committee has also heard that as at January 2018, Benjamin neither had the training nor the tools to analyse the process dump himself, and he was only trained in digital and memory forensics in March 2018. In view of this, the Committee agrees that Benjamin displayed a good sense of initiative and resourcefulness. However, there were security implications with the use of the online service. Unfortunately, at the material time, Benjamin did not have the proper training to appreciate the consequences of his actions.
