Skip to main content

Written Answer by Mrs Josephine Teo Minister for Manpower to PQ on Checks in Integrity of Work Permit, Employment Pass and S Pass Systems

NOTICE PAPER NO. 1755 OF 2019 FOR THE SITTING ON 5 AUGUST 2019 
QUESTION NO. 2993 FOR ORAL ANSWER

MP: Mr Png Eng Huat


To ask the Minister for Manpower with regard to the Report of the Auditor-General for FY2018/19 (a) whether any forensic review has been done to ascertain the integrity of the Work Permit and Employment/S Pass systems for the period of 2 June 2011 to 31 December 2017 since there were no reviews conducted by the Ministry of activities performed by the IT vendor staff using the privileged operating system user account during that period as flagged by AGO.

Answer

  1. Following AGO’s finding, MOM reviewed the operating system administrators’ activity logs from January 2018 (earliest available).  We found no unauthorised activity. Given the heightened cybersecurity risks, we acknowledge the value of more regular reviews and now conduct them on a monthly basis.

  2. Although the same type of review was not conducted between June 2011 and December 2017, MOM has in place various measures to mitigate the risk of unauthorised activity undermining system integrity.

  3. Since the commissioning of the Work Permit System and the Employment Pass System in 2004 and 2008 respectively, all personnel (including IT vendor staff) have been segregated into applications and system administrator roles, with separate access rights for different part of the systems. This reduces the risk of a malicious breach of system security or data integrity as no individual has sufficient access to the system to manipulate it without being discovered. There are also regular reports and automated checks to ensure that applications are functioning as intended.

  4. Since 2011, the Ministry has also recorded the sessions of all administrators.  The primary purpose of the session recordings is to support investigations if a system anomaly is detected, or malicious activity is suspected. Given the volume of data amassed from the recordings, MOM takes a risk-based approach and reviewed sessions of higher risk activities. No unauthorised activity has been detected thus far. 

  5. A forensic review is an in-depth investigation triggered by a suspected malicious activity or security incident, in order to uncover details about the specific incident. As no unauthorised activity was detected, there was no basis to order a forensic review.