Ms Sylvia Lim (Aljunied): Thank you, Speaker. Two supplementary questions for the Senior Minister of State.
To the best of my recollection, this is probably at least the third time where confidential or information shared with the US government has been leaked. I think we know of the earlier Wikileaks episodes and this is the third time.
So, my question is whether our Government has made changes in the way that it communicates any sensitive information with the US or other governments to minimise the risks of such leaks?
And the context of that is that in 2011, in the wake of Wikileaks, I had asked the then Foreign Minister, George Yeo, about whether we would change the way we communicate on the diplomatic front and he had said that “Well, we have to because if it happens once, it will happen again”. So, my question is whether the Government has actually changed the way it communicates information, especially sensitive information, with the US or other governments?
The second question is, it was reported in this recent incident that information from ST Electronics was also leaked, and that is, of course, not a Government department as such. So, does the Government actually work with such entities that may have sensitive information to minimise the risks of such information wrongly getting out in the public domain?
Mr Heng Chee How: Mr Speaker, I thank the Member for her supplementary questions. On the first one relating to the sharing of information with foreign governments, these are done through government-to-government agreements, such as the one that we have with the United States. Certainly, wherever there are instances or incidents of a breach and so on, then these are all very specifically investigated in order to establish what might be the vulnerability, and what might be the additional measures that must be put in place in order to minimise the risk of such recurrence.
And I think the Member would also agree that this will be an endless endeavour in the sense that you can never predict what might be the next breach but it is constant vigilance and established processes in order to mutually review and to tighten up.
The sharing of information is itself important for the ensuring of security in so many different aspects and certainly the utility of that is also not to be compromised. At the same time, we must look at how best to safeguard, especially as technology moves and especially as perpetrators look for new ways to do it. That is the first one.
With regard to the second question, Mr Speaker, may I ask the Member to just remind me.
Ms Sylvia Lim: Yes, the second question related to the recent incident where it was reported that ST Electronics, which is not a Government department as such, some information was leaked in the recent episode.
Mr Heng Chee How: Thank you very much. As part of my reply earlier, I alluded to that, where we have external partners, external to MINDEF and SAF, and this could be commercial partners, vendors that we use or they could be government-to-government (G-to-G). So earlier, my response was with regards G-to-G.
ST Engineering, where it provides a service to MINDEF and SAF, would be doing so under a commercial arrangement. And as part of my explanation earlier, I have also explained that MINDEF takes very seriously how we assess a provider in terms of the standards of its cybersecurity in deciding whether or not to award a contract of whatever classification that will be appropriate to that vendor. And where there are weaknesses exhibited in the systems of that vendor, we would certainly take that into account immediately, in working with that vendor on what happened, how do you strengthen your system to prevent recurrence and how we should take that into account in our future evaluation of contract awards.
Ministry of Defence
21 April 2023