The Ministry of Education (MOE) has initiated legal action against contractors following a cyberattack on Mobile Guardian on 4 August 2024, which impacted approximately 13,000 secondary school students from 26 schools. Education Minister Chan Chun Sing addressed the issue during a parliamentary session on 10 September, confirming the termination of MOE’s contract with Mobile Guardian, a device management application (DMA) designed to help students use their personal learning devices (PLDs) safely and responsibly.
Background
Mobile Guardian experienced a significant cyberattack on 4 August, affecting around 13,000 PLDs in Singapore’s schools. As a precaution, Mobile Guardian immediately shut down their servers. MOE then undertook the systematic removal of the Mobile Guardian app from all iPads and Chromebooks. Over 300 additional IT engineers and staff were deployed to assist students in restoring their devices, and instruction sheets were provided for those who preferred to troubleshoot independently. All affected devices have since been restored for use.
Cyberattack
The cyberattack on Mobile Guardian led to the loss of data on about one in six of the affected PLDs, with less than 5% of students unable to recover all their data due to a lack of prior backups. During this period, schools provided hard-copy learning resources and extended assignment deadlines. Weighted assessments were postponed where necessary. “It was most heartening to see many of our students step forward and proactively share their personal notes with classmates and organise study sessions,” Chan said.
Reminder to keep systems safe
MOE’s forensic investigations revealed a new vulnerability in the Mobile Guardian system that facilitated the attack. Chan emphasised the importance of IT service providers maintaining robust security measures. “This is a timely reminder that cyber threats can evolve quickly,” he noted. MOE expects its contractors to regularly assess and strengthen their systems’ security posture. Chan also highlighted the need to prioritise resources to defend the most critical areas effectively.
Options for alternative
MOE is exploring alternative DMA solutions for iPad and Chromebook PLDs, with a new system expected to be rolled out by January 2025. In the interim, schools have implemented additional processes to ensure the safe and responsible use of PLDs. Web filtering has been activated through the Google Admin Console for Chromebooks, and parents have been instructed on how to use Apple’s built-in parental controls on iPads. Chan acknowledged the recent incidents but stressed that technology should continue to enrich students’ learning experiences.
Reliance on technology
Addressing concerns about overreliance on technology, Chan stated that a balance must be struck between technology use and pedagogical practices. He acknowledged worries about screen time but pointed out that the impact depends on how the screen time is utilised. “For the very young, if they are watching YouTube movies unsupervised, that has probably the greatest damage and our greatest concern,” he said. “If they use the screen time for educational purposes and have constant interactions with adults, the effect is quite different.”
Future implications
MOE is committed to working with parents to determine the appropriate level of control provided by the DMA’s options. Chan mentioned that DMA has been effective in preventing access to unsavoury sites, whether intentionally or unintentionally. The ministry’s efforts to enhance cybersecurity measures and explore new DMA solutions aim to ensure a safer and more effective learning environment for students.
