SingHealth cyber attack: Bite the bullet and reboot Smart Nation

23 July 2018

SingHealth cyber attack: Bite the bullet and reboot Smart Nation
Irene Tham
Senior Tech Correspondent

The level of cyber hygiene must rise to better thwart increasingly sophisticated hackers.

The challenges are primarily on two fronts: the lack of technology maturity and standardisation, and people’s reluctance to change old, risky habits.

A lot would be at stake if Singapore had rushed to roll out hundreds of thousands of energy, lighting or environment sensors, or Web-connected cameras on smart lamp posts islandwide without the sophisticated safeguards to fend off state-sponsored hackers – many of whom are repeatedly probing Singapore’s critical systems to exfiltrate sensitive data for political or economic gains.

“The stock taking is important because at the heart of Smart Nation projects are Internet-of-Things (IoT) devices such as sensors or Web cameras, many of which do not even have a password protection mechanism for access control,” said Mr Aloysius Cheang, Asia-Pacific executive vice-president of the Centre for Strategic Cyberspace + Security Science, a London-based think-tank.

The fact that IoT devices are always connected to the Web has also multiplied the risks of data exposure.

In the light of heightened risks and in the aftermath of the SingHealth breach, it wouldn’t be surprising if the Singapore authorities rewrite technology specifications for some projects.

Cumbersome processes should also be rewritten to get people to change old habits that introduce cyber risks. For instance, it is a common practice to get employees to change their passwords every three months. But this approach provides a false sense of security as employees are known to write down their passwords on sticky notes to remember them. People also use easy-to-guess passwords such as their birth dates, or use the same password for all their online accounts.

Two-factor authentication involving the use of one-time passwords randomly generated by hardware tokens or sent via SMS provides extra security. However, on a national scale, the elderly and less savvy people would struggle with it.