David Koh, head of Singapore’s Cyber Security Agency, tells Reuters that officials decided to air gap government computers after realizing that the threat of a cyber attack “is too real.” Research has shown that countries in Southeast Asia face a higher risk of cyberattack, particularly those implicated in ongoing disputes over the South China Sea.

Koh said Singapore wants to limit web access “because the attack surface is like a building with a zillion windows, doors, fire escapes.” Under the policy, which is due to go into effect in May, civil servants will still be allowed to access the internet from personal or government-issued devices.

But some say Singapore may be going too far. Ben Desjardins, of the security firm Radware, described the move to Reuters as “one of the more extreme measures I can recall by a large public organization to combat cyber security risks.” Ramki Thurimella, chair of the computer science department at the University of Denver, described it as “unprecedented” and “a little excessive.”

Although air-gapping is typically used in national security agencies and other sensitive fields, it is less common in broader government administrations. It doesn’t always guarantee security, either. In 2015, Israeli researchers demonstrated how to hack an air-gapped computer using a GSM network, electromagnetic waves, and a feature phone. Other breaches have occurred due to policy oversights or human error.

There are also concerns that the measure may harm employee productivity. Singapore’s Infocomm Development Authority (IDA) says it is working with agencies “to ensure a smooth transition,” and that it is “exploring innovative work solutions to ensure work processes remain efficient.”