Singapore must mind the cracks in 2016

With its increasing use of personal data and IoT, Singapore needs to pay attention to potential cracks in the system or risk more outages such as those in the nation's transport and e-government networks.
Written by Eileen Yu, Senior Contributing Editor

As Singapore ends a year marked by glitches in its transport and e-government infrastructures, its 2016 resolution must focus on identifying--and sealing--all potential cracks in the system.

This will be especially critical as the country looks to increasingly tap personal data and Internet of Things (IoT) technology as part of the government's smart nation strategy, as well as efforts to improve citizen welfare.

During my recent chat with David Koh, the chief executive of Singapore's Cyber Security Agency (CSA), discussed his concerns about the emergence of IoT devices and how these would significantly increase the attack surface. Because it is still a relatively new technology realm, there also is a lack of familiarity with how security should be implemented on IoT devices. Furthermore, integrating security into these systems--particularly everyday home appliances--still isn't part of "routine thinking" involving its design, deployment, and management.

With botnets already targeting refrigerators, Koh said IoT opened up serious security challenges since it could lead to not just cyber breaches but also real physical harm. He pointed to the possibility of cyberterrorists exploiting the increased attack surface to penetrate critical infrastructures such as a city's power plant and transport network. They could potentially cause serious accidents and the loss of lives.

And because such attacks would be relatively new and unfamiliar, they might go undetected and deemed to be nothing more than unintentional accidents, Koh noted, adding that this further compounded the potential threat.

I echo his concerns and believe the Singapore government needs to be especially mindful of these risks as it takes its smart nation initiatives into the next phase. IoT and data analytics play major roles, with thousands of data sensors already deployed in Jurong Lake District to collect and analyse data for urban mobility, sustainability, and to improve sensing and situational awareness.

The country's next ICT masterplan also would include the deployment of IoT in logistics and its next-generation electronic road pricing (ERP) system would be based on Global Navigation Satellite System (GNSS) technology. Apart from being able to charge road users based on the distance travelled, the new ERP network also is touted to be able to push value-added services to motorists, including real-time traffic data tailored to their location and electronic payment for parking.

Imagine what cyberterrorists can do by breaching the ERP system to pinpoint a driver's exact location, penetrate the vehicle's web-connected operational functions, and cause it veer off into oncoming traffic.

The Singapore government needs to demonstrate it has the capabilities and resources to adequately safeguard the country's critical infrastructures, including healthcare, utility, transport, and finance. As it is, cracks already are showing in its transport system, which suffered numerous outages in the past year alone and with the most recent incident taking place just this past week.

Last month, e-government services on the Central Provident Fund Board's website were brought down for several days due to "technical issues arising from the recent website upgrade". One would assume the CPF Board, together with its IT services vendor, would have conducted the usual tests and dry-runs to ensure its core online services would remain unaffected during the site upgrade.

So, how the glitch happened despite these preparation work, and rectified only days later, should be something the CPF Board would want to look into. The learnings should then be shared with all public sector agencies to avoid such oversights from inflicting other e-government services.

The Singapore government needs to realise it is no longer running a third-world nation. The island-city today today is home to one of the world's most connected populations and has second-highest capital per worker. It should strive always to be one step ahead, anticipating potential issues and mitigating the risks, and be able to rectify problems quickly when they do pop up, despite the best of preparation.

Establishing a separate agency, parked under the Prime Minister's Office, with central oversight to lead Singapore's cybersecurity operations and developments is a great step forward. In recognising the core fundamentals of building secured systems, the government also is setting the right tone and investing resources to beef up the country's cybersecurity capabilities.

But while it has taken the right steps forward, it also needs to identify--and seal up--the cracks before it loses its footing.

Editorial standards