Six firms have won a multimillion- dollar bulk tender as Singapore further tightens its defence against sophisticated attacks that aim to disable government websites.

The Straits Times understands that the three-year bulk contract which started yesterday is worth about $50 million - around twice the value of the last three-year contract which has lapsed.

The deal comes on the heels of StarHub’s broadband outage last year linked to a cyber attack in the United States, and the theft of the personal details of 850 national servicemen and staff at the Ministry of Defence (Mindef), discovered in February.

The six contractors awarded the contract by GovTech are local telcos Singtel and StarHub, Britain- based telco BT, and Singapore- based tech firms CHJ Technologies, Evvo Labs and Embrio Enterprises.

The six firms are expected to keep government websites fully available to the public even when attacks are taking place. This is done by providing distributed denial of service (DDoS) mitigation services, which will now take into account the threats that took down United States Internet firm Dyn’s services in October last year.

Dyn’s service outage, which took down websites such as The New York Times and Spotify, in turn disrupted Web surfing for StarHub’s broadband customers.

DDoS attacks work by having thousands of infected computers accessing and overwhelming a targeted site, causing a huge spike in traffic.

DDoS mitigation is a set of techniques that differentiates genuine incoming traffic from that sent by hijacked, infected browsers, so that services to genuine users will not be denied.

According to tender documents seen by ST, the contractors are also expected to provide new capabilities to combat attacks stemming from software flaws on Internet-facing machines.

In early February, Mindef discovered that a vulnerability in its I-net system had been exploited, resulting in the loss of NRIC numbers, telephone numbers and birth dates of 850 personnel.

The I-net system provides Mindef staff and national servicemen with Internet access on thousands of dedicated terminals.

Cloud security services firm Akamai Technologies’ regional director of product management Amol Mathur said that the new DDoS mitigation capabilities are necessary in an evolving threat landscape where large-scale attacks are being powered by compromised Internet devices such as Web cameras and routers.

Dr Chong Yoke Sin, chief of StarHub’s enterprise business group, said it will provide the Singapore Government with its telco- centric security operations as well as the cloud-based mitigation services of its technology partner Nexusguard.

Mr Jason Kong, co-founder of Toffs Technologies, the supplier of content delivery back-up services for Embrio Enterprises, said: “Organisations should have a content delivery back-up plan to ensure business is as usual should the main delivery platform suffer an outage.”

Last week, the Nanyang Tech- nological University solicited a separate DDoS contract with more stringent requirements to com- bat attacks stemming from software flaws on Internet-facing machines.

The university discovered in April this year that it was the victim of an apparent state-sponsored attack aimed at stealing government and research data.

The National University of Singapore was similarly attacked at around the same time.

Last year, an unnamed government agency also became the victim of a state-sponsored attack, the Cyber Security Agency of Sin- gapore said in a report released last Thursday.

Source: http://www.straitstimes.com/tech/50m-deal-to-keep-govt-websites-going-in-a-cyber-attack