Speaking at an IT security forum yesterday (Sep 18), the chief executive of Cyber Security Agency of Singapore (CSA) called for public accountability from decision makers, Ministers and CEOs. Cautiously not labelling any specific organisation or leader, David Koh criticised the Singapore government saying that there is no accountability because problems are perceived as technical:
“CEOs and other decision-makers should be held accountable whenever a cybersecurity breach takes place. They have not been held accountable partly because such incidents are seen as a technical issue. The boards of these affected companies have also not held CEOs responsible.”
The comment came barely a month after the leakage of 1.5 million personal details from the Ministry of Health, which saw hackers targeting dictator Prime Minister Lee Hsien Loong’s medication details, and the persistent “technical faults” at SMRT.
For the hacking incident at SingHealth polyclinics, Health Minister Gan Kim Yong was not held accountable and faulted the hackers for being well-resourced. SMRT CEOs Desmond Kuek and Neo Kian Hong – both former army generals – are also similarly immune to any form of punishment for train breakdowns and escalator incidents at SMRT.
The lack of public accountability is even more prevalent at the ministerial level, with Prime Minister Lee Hsien Loong himself setting a poor example. The PM, who double-hats himself as the Chairman of GIC, kept his silence when GIC lost tens of billions in overseas investment losses that saw the 20-year-annualised returns fell from 4.1% to 3.4%. His wife, Ho Ching, the CEO of Temasek Holdings, holds similar “accountability immunity” when the sovereign wealth fund company lost tens of billions in the past decade.