Singapore looks to automation to minimize legacy IT mishaps
- Singapore will harness automation to modernize over 2,000 legacy IT systems, in a bid to reduce human error and address lapses
The report by Singapore’s Auditor-General Office’s (AGO) this year had uncovered shortcomings in IT control management and inadequacies by public officials at multiple institutions. Hence, training will also be prioritized going forward, according to the country’s Second Finance Minister, Indranee Rajah, when addressing the report in Parliament earlier this week.
To that end, the processes in over 2,000 legacy IT systems will begin to be automated in the coming months, with automation systems developed by the Smart Nation and Digital Government Group (SNDGG), said Rajah.
Automation to oust errors
Technical misconfigurations by human administrators are behind the push for more automation in longstanding IT systems. One example involved the Republic Polytechnic, where sysadmins were allowed privileged account access without using passwords to verify identities, potentially compromising the system with unauthorized changes that could have led to risky payment transactions.
In another instance, IT control guidelines were not enforced with several project partners of the Public Utilities Board (PUB), leading to those partners being extended excessive rights within PUB’s systems. One partner’s vendor had access to create and delete user accounts, and the vendor’s staff all shared one administrator account, so it was difficult to identify individual actions with individual users.
Another partner was able to modify real-time values of parameters in its IT system, which would affect the amounts to be paid by the Board. PUB was alleged to have largely relied on information provided by the partner to make payments, without carrying out adequate independent verification.
Rajah highlighted that many of these oversights could be traced back to the legacy issue of iterative IT systems, which had been built over time by different vendors using different technologies. The older systems did not have the ability to be connected with the rest of the 2,000 plus IT networks, meaning manual adjustments had to be made when workers joined or left the organization.
Pilot initiatives and provisional fixes are already underway, claimed the Second Finance Minister, but overhauling over 2,000 legacy systems will take some time. The automation solution being developed by SNDGG will be able to manage user accounts, privileges, and access rights, with a target to have it progressively implemented across systems by December 2024.
In the meantime, SNDGG has introduced a system for alerting institutes that staff have joined or have transitioned from the agency, allowing for user accounts to be manually updated. So far, five of the 38 agencies that have on-boarded the solution have been audited by the AGO, and no lapses have been found in this area, according to Rajah.
She further said that training courses will be rolled out, especially in areas where deeper technical know-how is needed. Competency exercises will be organized for specialized fields that require it, like construction and IT procurement.
The minister also added that “appropriate disciplinary action” may be taken against senior public officers that fail to maintain compliance with required guidelines and procedures. “We place high expectations on the senior leadership of the public service, who are entrusted to be stewards of public resources,” she said firmly.
“These expectations are spelled out in the form of leadership competencies and responsibilities, which are conveyed to all senior public service leaders in ministries and statutory boards,” she continued. “We evaluate our leaders against these expectations as part of their performance reviews, and those who fall short will be rated less favorably.”