As hackers get smart, cities need even smarter cybersecurity

Da del 29 settembre 2021

The number of data breaches has gone up significantly over the past year or so. Unfortunately, this is likely to be the new normal as the ongoing Covid-19 pandemic has given a major fillip to digital technologies being deployed for smart city services.

In Singapore, the personal data of nearly 79,800 mobile subscribers of MyRepublic was recently potentially accessed by hackers. A specialist medical clinic, Eye & Retina Surgeons, suffered a cyber attack that compromised the personal data of over 73,000 patients in August. In the same month, insurer Tokio Marine Insurance Singapore was also hit by a ransomware attack. These incidents are but part of a dramatic rise in cyber attacks across the world. The US, for example, has suffered several such assaults, including one on the Colonial Pipeline, which supplies gas to the US East Coast. In Europe, various health providers have been breached by hackers looking to steal personal data.

What is notable in the three Singapore incidents is that each represents a vital sector – healthcare, telecommunications, and insurance – that ranks among the important cogs in Singapore’s Smart Nation vision.

The link between increased cyber attacks and Smart City projects is not incidental. Smart cities deploy diverse and interconnected components that constantly exchange data among themselves, often without human intervention. They have smart grids for utilities, building automation, smart vehicles (for example, public buses with in-built sensors to monitor real-time traffic conditions) and drones. All these are enabled with the use of Internet of Things (IoT) sensors and underlying cloud platforms.

Since such networks collect and thrive on data, cyber criminals find Smart City grids as well as elements therein – for example, a hospital or clinic – to be lucrative heist targets for personal data which command a lot of money on the black market.

Singapore has set a good example of how this can be done by working with vendors and device manufacturers to develop stringent regulations and new standards around IoT and other device security. Security cannot be just the government’s responsibility. Device manufacturers, and organisations that use them, also need to constantly update emerging security standards and follow government guidelines to ensure systems are secure by design and perform adequate testing before and after installation to address any flaws.

Education also plays a major role and constant effort is required by both public and private sector service providers to keep abreast of the latest security risks and ways to mitigate them.

While smart technologies will get even “smarter” in future, the difference between a Smart City and a secure and smart city will be the ability to understand the dangers and deal with them. Singapore has developed a robust framework to ensure that while breaches may occur from time to time, the severity of the damage inflicted will be contained by a well-trained and well-aware smart workforce. This has to be a constant endeavour to ensure that the quality of life enjoyed here is not only smart but also safe.