How should Singapore and other smart cities deal with the increasing risk of cyber threats?
Fifty years after its establishment, Singapore is a smart city-state success story at the forefront of a third industrial revolution. Today, the Internet of Things (IoT) increasingly interconnects Singapore’s cyber and physical systems, sensors and smart technology into the digital fabric that links society and critical infrastructures such as transportation, health, finance and defense. Infrastructure investment is expected to grow by 50% to about $30 billion by the end of the decade.
But as Singapore and other smart cities become increasingly connected to cyberspace, so too does their risk of cyber threats. For the next 50 years to be as prosperous as the last, Singapore and other smart cities and nations need to develop a cyber-smart workforce, technology, policies and new risk management solutions.
Cyber Smart City: Opportunity and Challenge
The Cyber Smart City Opportunity of new IoT-inspired products, services and markets could boost the gross domestic product (GDP) of the world’s 20 largest economies by $14.2 trillion in 2030, according to a recent study by Accenture. This trend can be seen in Singapore’s smart buildings, where converged information and operational technologies infrastructures, control systems and sensors integrate multiple electronic systems to support building management and business functions. Smart building technology is increasing energy efficiency and conservation of natural resources. Smart transportation is making cities more efficient. Smart health solutions are making cities healthier and providing early warning against pandemics.
The Cyber Smart City Challenge is to secure all of these converged networks and devices from cyber threats. Hackers continue to exploit smart devices to steal, manipulate and disrupt cyber and physical systems. Cyber attacks have been used to infiltrate corporate networks through smart building controls, blow up furnaces in steel plants and cause generators to fail. In 2013, Target, a large US retailer, was hacked through its smart heating ventilation and cooling system, exposing corporate networks and over 40 million customers’ credit cards. Similar vulnerabilities are prevalent in thousands of networked smart systems.
A cyber-secure smart city will require a more holistic cyber security approach that fosters a culture of cyber security. Traditional information assurance solutions to risk management are challenged by IoT’s expanded attack landscape: more networked devices exchanging larger data sets. Secondly, many industrial control systems need to be running 24/7, they lack secure communication protocol and include legacy devices that are not interoperable or secure when combined with new IoT technology.
So what can Singapore do to realize the smart city opportunity and overcome the cyber security challenge?
Developing a Cyber Smart Workforce is imperative. Even as some technical cyber security defenses improve, humans remain the weakest link in cyberspace. A secure architecture requires a workforce to be continually trained in best cyber security policies, practices and technology. A cyber smart city workforce must understand how to secure converged information technology (IT) and operational technology (OT)—control systems, actuators, intelligent energy devices—environments.
Investments in human resource development should foster skills in the both “hard” and social sciences such as human and organizational learning, complex systems and behavioral psychology. The IT and OT cyber security skill set will be increasingly necessary to secure the smart technology, while the social sciences encourage smart decisions that optimize the technology and help protect us from ourselves.
Cyber Smart Policies and Solutions
Cyber Smart Policies and Regulations are imperative for Singapore’s continued success and survival. Cyber smart policies should help increase cyber security of critical infrastructures such as financial institutions, transportation systems and hospitals. Smart cities depend on these inter-related and symbiotic infrastructures for their economic livelihood, security and survival. Unfortunately, increased networking of critical infrastructure has also made it increasingly vulnerable to cyber threats.
Smart Cities are fueled by prodigious amounts of data that becomes more valuable as it is aggregated and analyzed. However, big data needs to be protected by policies that curtail industrial espionage and strengthen intellectual property protection. One incentive for doing so is increased foreign direct investment as international corporations will increasingly move and expand in nations that protect intellectual property, encourage ingenuity and seek new ways to marry man and machine through education, not malware and hacking.
Cyber smart risk management solutions should provide a holistic in-depth defense approach to secure how data is being collected, shared and stored. Advanced intrusion detection systems and firewalls combined with encrypted data between servers, devices, sensors and enterprise networks are a good place to start. New security solutions for machine-to-machine secure communications are needed.
Technical solutions are only as strong as the risk management policies in place to respond to and prevent attacks. Secure standardization of communication protocol in IoT can help facilitate more secure and interoperable smart cities. Any effective cyber risk management solution should quickly adapt to the threat, helping to limit damage and assure continuity of operations.
The Next 50 Years
In considering what Singapore will look like in the next 50 years, IoT is both transformational and inspiring, but not without challenges. Smart technologies continue to be developed and deployed in our cities without a holistic cyber security strategy. As a result, Moore’s law is playing out to hackers’ advantage in that as data processing and storage costs fall, we become less discerning about what data we store and send and how we store and send it.
For our future smart cities to prosper and bring in a new era of value creation, cyber security needs to be part of the IoT design and human resource development criteria. This new wave of innovation will continue to be disruptive, but it does not have to be destructive to smart cities with smart cyber solutions.
The views expressed in this article are the author’s own and do not necessarily reflect Fair Observer’s editorial policy.