Cities in Asia are increasingly embracing technology to improve the lives of their inhabitants, be it through improvements or enhanced efficiencies in the areas of transport, sustainability, health care or education. However, this embrace of technology is not without its risks.
In Asia, Singapore is at the forefront of many developments in the use of technology to improve governance. In this first part of a conversation with BRINK Asia, Tan Kok Yam, deputy secretary, Smart Nation & Digital Government at the Prime Minister’s Office in Singapore, speaks about Singapore’s Smart Nation vision, the role of government, the cyber risks involved, and how they can be mitigated.
BRINK Asia: Can you speak about the Smart Nation vision for Singapore? Can you also elaborate on the Singapore government’s role in achieving this vision?
Tan Kok Yam: In a nutshell, Singapore’s Smart Nation initiative is really about using digital technology to make Singapore a great place to work, play and live. It is about creating jobs and opportunities and allowing people to participate in the digital revolution.
To do that, you need the government, companies and people to participate. The government’s role is to put enablers in place to allow for digital innovation and digital value creation.
The first role of the Singapore government is about building the digital platforms that enable digitization—the first tranche of the Smart Nation strategic national projects are selected with this in mind, such as the national digital identity and sensor platforms, e-payments capabilities and digital infrastructure.
The second role is in education and investing in digital education of not just kids who are in school, but also the workforce. We have the SkillsFuture program, which support workers in upgrading themselves—this is important because, as the job market changes and nature of work changes, our professional skill sets and competencies need to catch up.
The third role of the government is to be smart users of technology ourselves, raise the level of public service, and set the example for our businesses and organizations to look to.
The fourth role for the government is digital inclusion so that nobody is left behind and that digital progress also includes the more technology-averse citizen segments.
On the final point, the government released its digital readiness plan in June this year. The plan discusses how we will enable vulnerable segments, such as the elderly, to benefit from digital services.
BRINK Asia: What are the risks emanating from a more connected world? And what risks in particular are becoming accentuated for Singapore in this era of interconnectedness?
Mr. Tan: I think the problems are not just for Singapore, but for everyone in the connected world. Without oversimplifying the issues, I think there are largely two sets of risks. The first comes from traditional systems—laptops, tablets and mobile devices, which are all interconnected. In this space, we face the threats of data loss and systems getting shut down.
Oftentimes, the individual is the weakest link. Preparing individuals, equipping them with the right tools and inculcating a strong cyber-defense culture are key.
But also, increasingly, there are more things that are connected that were not traditionally thought of as “computers,” such as drones, robots, autonomous vehicles and numerous IoT devices of all shapes and sizes. Their function and their interconnectedness generate new kinds of risks. And these risks can be physical in nature, affecting safety and security, for example, loss of control of a manufacturing process or an autonomous vehicle.
BRINK Asia: With the current pace of development of emerging technologies such as IoT, there is also a greater scare in terms of security being compromised. Recent cyberattacks on Singapore like the one on SingHealth is a case in point. What is being done to prevent this from happening again and to mitigate these risks?
Mr. Tan: As a general point, cybersecurity is constantly evolving and is akin to an arms race between the attacker and defender. All organizations need to keep at improving and adjusting their defenses.
On the SingHealth case, there is a committee of inquiry going on to get to the bottom of what happened. According to the initial report by the Cyber Security Agency of Singapore, three key factors were identified which contributed to the cyberattack: (a) it was by a skilled and sophisticated threat actor, who used advanced modus operandi; (b) weakness in the system allowed the attacker to gain access; and (c) there were vulnerabilities in the software itself.
After the attack was discovered, immediate measures were implemented to contain the threat, eliminate the attacker’s foothold, and prevent the attack from recurring. The government is closely observing the proceedings of the committee of inquiry so that we may take further measures as appropriate.
BRINK Asia: The risks of cyberattacks are increasingly becoming common. How can governments, businesses and individuals shield themselves from this menace?
Mr. Tan: I think this is the million-dollar question. Cyberattacks are not just becoming increasingly common—they are also becoming increasingly sophisticated. We don’t know what vulnerabilities are there in the supply chain. The first point is for governments and businesses to be vigilant, take the view that no system is completely foolproof, and then make sure you can monitor your system well and detect attacks.
The second point centers around the individual—oftentimes, the individual is the weakest link—this could be either an individual user (using a simple password) or an individual administrator or operator who does not download a security patch on time on a machine or does not report something they have noticed. Preparing individuals, equipping them with the right tools and inculcating a strong cyber-defense culture are key.
BRINK Asia: Should cyber education now be a part of curriculum in schools and learning modules in businesses and governments? Is Singapore initiating any such programs?
Mr. Tan: The answer is yes for both—its importance cannot be overstated. There should be awareness around cybersecurity starting in schools, and cyber policies should be well-promulgated within a company among the employees. We do have a cyber-wellness program that the Ministry of Education has put in place in schools. Within the public service, our officers also receive cybersecurity education so that they are aware of the roles that they have to play in keeping our systems secure.