Some lessons that the Singapore government’s Public Sector Data Security Review Committee can learn from the private sector and other governments.
For years, Singapore has been regarded as one of the safest nations in the world. Yet, threats to the nation are evolving at an unprecedented rate.
But these criminals are no longer balaclava-clad robbers smashing windows and breaking into vaults.
Digital networks are today’s crime scenes, with lone actors and even nation states stealing sensitive intellectual property, holding organizations to ransom, and bringing operations to a standstill – all while operating thousands of miles away behind a computer screen.
The past few years, in fact, have served as testament to the increasing rate of cyber-crime, with several Singaporean organizations falling victim to sophisticated breaches.
In particular, the healthcare sector has become a prime target, with notable attacks against SingHealth and Health Sciences Authority (HSA), along with leaks of HIV patient information. But beyond healthcare, the Auditor-General’s report found IT lapses in several government organizations, demonstrating that cyber security is a challenge facing all organizations – no matter what the sector.
Beyond financial gain, these advanced attacks against our public institutions seek to undermine collective trust in the Government’s ability to keep our most sensitive information secure. Prime Minister Lee Hsien Loong’s announcement of the formation of the Public Sector Data Security Review Committee marks a positive step in the right direction, and signals the Government’s commitment to accountability and readiness in ensuring Singapore becomes a cyber-safe society.
The announcement of 13 technical measures to be implemented across all government agencies aims to strengthen the robustness of defense strategies – but are regulation and human effort enough?
Lessons in cyber defense
The private sector and governments alike can teach us a lot about meeting the challenge of cyber defense. Private organizations, many of which have fallen victim to sophisticated breaches, have long learned that modern cyber-attacks evolve at breakneck speeds. Sophisticated adversaries are constantly refining their threat methods, and work to find new ways to bypass traditional security technologies.
Even the most well-established corporation, with enormous resources available to dedicate to security, can still be taken down by a single cyberthreat.
Regardless of how developed or advanced a nation is, all public-facing organizations and governments remain key targets. Simply put, cyber-attacks on government agencies often seek to undermine trust in our public institutions or cause widespread disruption to critical infrastructure. The reality of state-sponsored cyber-crime is fast becoming a reality, as international conflict migrates to the digital domain, compounding the complexity of cyber security for nations and governments.
To fight back, the private sector and governments have rapidly turned to cyber AI platforms, capable of identifying and responding to threats at machine-speeds. In leveraging the most advanced enterprise AI, these organizations are able to have critical visibility and control over their entire digital business, empowering them to stay one-step ahead of cyber-criminals.
While the Singapore government has made great strides to acknowledge and address lapses in cyber security policy, cyber-criminals simply work faster than government regulation can keep up. And as Singapore races towards Smart Nation status, the problem of cyber defense will only become harder and harder to solve. Internet-connected sensors will soon be scattered across streets and throughout buildings, e-payment systems will make transactions seamless, and autonomous shuttles will transform travel.
While these digital advancements will cement Singapore’s status as a world-leading country in innovation and technology, it will also bring forth a whole new cyber vulnerability for our nation. Increasing digitization of critical infrastructure and public services doesn’t just mean a better living experience for our citizens – it greatly expands our attack surface, putting crucial operations and personal data at risk.
Cyber AI
Because of this, now is the time for the Singapore government to look towards new cyber AI technologies for the answer. Two examples of using innovative cyber AI technologies by governments are outlined below, which Singapore can learn from and emulate.
City of Las Vegas is an example of a city pushing the upper limits of innovation with both its smart city initiative and its adoption of cyber AI defenses for security. As one of the first connected cities in the United States, Las Vegas relies on AI to monitor and continuously defend thousands of sensors across the iconic city. These sensors’ capabilities range from tracking air quality, controlling the lights and water, to calculating the amount of traffic. With AI, the city can feel confident in pursuing its smart city initiative knowing that AI will self-defend its infrastructure against sophisticated threat-actors.
The United Kingdom’s National Healthcare System (NHS), which itself was one of the most badly hit victims of WannaCry in 2017, has since incorporated AI as part of its measures to battle cyberthreats. 2017’s attack crippled parts of its operations, locking data on computers with demands for money, causing 20,000 hospital appointments and operations to be cancelled, of which 100 were cancer-related, as ambulances were diverted from some A&Es. But for the branches of the NHS that were already using cyber AI during these events, the WannaCry ransomware was neutralized within seconds – preventing any damage.
While Singapore has seen its fair share of healthcare-related cyber incidents, the effects were not as far-reaching or immediate. However, this is our new future and Singapore should be ready to face this new reality.
A technology-first nation like Singapore must also put cyber defense first, and AI is rapidly proving to be our fundamental ally in the new age of cyber warfare.