Cybersecurity in the Development of a Smart Nation
Smart Nation is an initiative developed by Singaporean Government, which aims to empower citizens, giving them the ability to make use of available information and come up with their own solutions, instead of relying on the government for problem-solving. Some areas of focus include enhancing public infrastructure and transport, enabling successful aging, and ensuring a secure but open data marketplace. Big Data and the Internet of Things are the keys to Singapore's Smart Nation dream. We are proud to bring you an interview with our Singaporean Ph.D. graduate Tan Kian Hua, who is versed and passionate about Big Data and Internet of Things and contributes to the realization of Singapore's dream of becoming a Smart Nation!
"A Smart Nation can be imagined as all devices having the ability to talk to each other and be easily controlled."
Hello Tan, could you please introduce yourself to our readers?
I am currently holding the position as the Chief Information Security Officer (CISO) at Accorix Pte Ltd located in Singapore and also engage by several other companies as their virtual CISO, taking care of their local and overseas offices (Malaysia, Indonesia, Thailand & Hong Kong). My expertise includes designing and implementing world-class cybersecurity solutions with machine learning abilities to serve both internal and external customers. Being part of the management team, I work closely with our marketing team and external vendors to create and educate companies in cyber-awareness. I am the point of contact in handling inquiries from social media for the PDPA (Personal Data Protection Act).
You are passionate about the Internet of Things and Advanced Big Data. Could you please give a short explanation of the topics in layman's terms?
Big data has been around for hundreds of years, just that the computing power at that point of time was not enough to move the data for proper usage. With better infrastructure and higher processing power, together with the internet of things, big data will be able to improve our lifestyle.
Internet of things created a smart nation which provides an integrated community for us. The watch you might be wearing now is a smartwatch, which can take care of your health and it can be linked to the hospital or your family doctor. Together with personal health data, historical records, and all the historical studies of the past, it forms the big data portion.
Big data and the development of the Internet of Things formed the future of technology.
You based your dissertation thesis on security implications and solutions in the Internet of Things. Smart homes and cars, and wearable technology are a growing trend, especially with the introduction of Google Home, smartwatches, and others. What are your thoughts on customer applications? Is it worth it for individuals?
IoT (Internet of Things) is the makeup of Sensors + Internet. These can be stand-alone sensors or connected to other sensors. Sensors will react on their own with a simple rule of engagement; they do not provide data analysis for future improvement. All improvements will go through patches and human intervention.
To protect this sensor in the network, we will add in defense layers like DDOS, spoofing, and others. Different security elements are added at different stages of the network. For example, APT (Advanced Persistent Threats) are installed at the network level, while anti-virus and others will be the endpoint protection levels handled by the individual.
Do note that in the market, when a vendor says it is a smart system, they are only talking about IoT without the cybersecurity protection. To include cybersecurity protection, you will need to approach another vendor, and it will add cost to the business. It is not just an operation business but an opportunity cost as well.
The IT team needs to review all the possible protection solutions in the market, shortlist them, budget them, and finally carry out UAT (User Acceptance Test). If the team is not healthy, over time project will get hold or might be even terminated without knowing the impact on the whole organization.
Main risk: When the user installed and implement the solution. Different provider for hardware and software does not match the existing solution. That way the company needs to weight the different solution and brings out the dissertation topic. How IoT and Cybersecurity evolve strategic management.
IoT benefits companies and individuals in cutting costs and time through automatization. Should individuals even concern themselves with cybersecurity?
The next advanced concept will be IoT (Intelligence of Things).
IoT (Internet of things) will change the conversation to IoT (Intelligence of Things). The intelligence of things is made up of Sensors + Internet + AI (Artificial intelligence) + Big data. With more such information coming into the picture, we will need to have more in-deep thoughts of protecting these data. Information is critical. It can bring a company down; information likes customer data (lost of the customer) patent (brand damage) and the worst launch of new products (lost of competitive).
The critical jargon of protections is the same as last time. But with more significant data, more VM (Virtual machine) is required, with AI firewall need to be more robust and protecting higher bandwidth. Till a time which virtual router, the virtual firewall will not be able to support such a solution.
The intelligence of things, the analysis data are more customized and to gear towards company short and long–term growth. More work needs to be done and securing one or two vendors to do the work will not be possible. Companies which implement such IoT will have in-house IT team working very closely with all other departments.
Following the Huawei and Facebook scandals, we now know that cybersecurity threats do not only come from the outside, but also from the provider itself. How can a customer make an informed decision on which brand is safe?
When reviewing the brand safety, although the brand played a critical role individual must also play their precaution. It will always be very tough for a customer to get the private information on the company, as a lot of data will be deemed as confidential to be released for public viewing. Moreover, the released information might not be accurate or the public might not understand the information.
For the general public, I will also advise them not to trust one source. The internet is available anytime, check online to validate the source. It will be advisable to spend some time researching instead of falling into the wrong decision.
Secondly, they can also talk to someone with the knowledge on cybersecurity threats and review with them. In this way, the consumer can learn and level up their cybersecurity game.
Companies should definitely be protected, as there is always a threat of corporate espionage and more. Just as technology and security evolve, so do the threats. Will we ever reach a point in security in which protection is 100% guaranteed?
The main concern and issue with cybersecurity is the human factor. Human error is the primary threat and many times a small human error can lead to the teardown of an entire infrastructure.
Protection will never be 100% guaranteed, as most of the time, the whole staff will be alerted and trained. Staff in the human resources department can easily open up a malicious email which seemed to be valid. Alternatively, even a cybersecurity manager can fall victim to social engineering.
Learning must always continue in any organization but the most critical thing is to ensure the company continues testing and teaching the staff on the latest threats and methods to deal with them.
You attended and spoke at a conference discussing the vulnerability of intelligent and connected infrastructure leading to a Smart Nation. Could you tell us what a Smart Nation entails?
Smart Nation can be imagined as all devices having the ability to talk to each other and can be easily controlled. All connected devices can be used to make our lives better, like with an automatic car, for example, you can now plan or work out other things while your smart car brings you to your destination. With a smart parking system, your car will park by itself, saving you time and allowing you to focus on your main productive things. So just to add on, after the car has been parked, your lift is ready and it will bring you up to your floor. Once you open the door, the air conditioners are turned on and music will be played depending on your mood. It makes you enjoy life to its full potential with the help of machines.
During the conference, I explained that IoT shakes the world, but that it is also a double-edged sword. IoT makes life easier by having your air conditioner ready through your phone and also having your heartbeat monitoring all the time. But all this information is stored in a centralized server, and cyber hackers can use this intelligence to an automatic system which allows them to hack the system anytime. Imagine being monitored by a hacker, who uses your personal information or habits anytime to their advantage.
What are the vulnerabilities and how to prevent them?
Nowadays, IoT devices come with their own password protection and other protection. Therefore, it can ease the implementation of cybersecurity. They are also missing protection in the case of malware, virus, and man-in-the-middle attack. If your system has got a DOS (Denial of Service – to overload the computer with resources and making the server inaccessible to others) attack, all the smart systems will not function and might turn around and create issues for the user.
Once the internet pipe is choked up, it will result in the victim being unable to gain access to the internet or a specific website server. Therefore, there will not be any communication paths established and the company is isolated from the internet.
The key to any protection will be the awareness of the user. Changing your password frequently and not leaving password around is a good start. Taking it from this basic step and then slowly build up the layered defense to protect the network.
How did you find out about LIGS University, and what inspired you to enroll in our Ph.D. program?
I read about LIGS University during my research in selecting my Ph.D. I am looking at a prestigious university which can provide flexible timing for the courses and ability to work on research that is of interest to me.
The lecturers on board with the school also played a critical factor, as I was looking for global leaders, from whom I can learn about global implementation.
The last factor was online books and the resource library the university has. I requested a trial account to experience the university and found it very helpful for my overall development.
You have completed your studies recently. How would you describe your experience with LIGS University, and would you recommend LIGS University to others?
I am proud to be a graduate of LIGS University. It is a different experience, as I feel that I have traveled the world. While I was working with Professor Vladimir on my dissertation, he shared with me the development of IoT in his region, and whenever he traveled to a conference, he shared his thoughts and kept challenging me, which was great for my development. Even after I graduated from LIGS, Professor Vladimir and I are still keeping in close contact, and actually, we are writing a book together.
For anyone looking to study on a global platform, and hoping to learn more than you can imagine, LIGS University will be the right place for you.
Thank you for the interview!
We also have a few words from our Professor Vladimir Biruk, who led Tan Kian Hua through his Ph.D. studies as his supervisor.
"Actually, such cooperation continuity of a former student and professor demonstrates the quality of education at LIGS University. Despite the long-distance, we can still effectively unify our interest in scientific partnership even after graduation."
How was your cooperation with Tan Kian Hua during his dissertation? Could you share some experiences from your cooperation?
In general, I use my long-term practical Management knowledge alongside industries such as Finance and Crisis Management. In all cases, I ask my students to start with an intelligent and rational question, making it a principle of zero-point. It means that when we begin our project research, we try to put our previous skills in the back of our brain. In spite of professional ambition and known investigation methodologies, we collect information and analyze it on a zero platform. It allows us to build trust in the thesis, as well as each other as long as we share ideas with the goal of reviving the industry and science. After such primary cooperative research, we can easily modernize our standardly known product with the student’s duty as a researcher and leading innovator. The supervisor provides advice and skilled practical correction. Such synergy and professional ambition of both counterparts tend to bring mutual satisfaction and elevate dissertation quality.
Dr. Tan Kian Hua announced he wished to write a book with cooperation perspectives, which gave me no right to stop or go back. Thanks to our reputation, professionalism, and ethics in this cooperative project, we have enough potential to do it, which will be beneficial for our stakeholders and professional readers in particular. Unfortunately, I am not so close to the complete vision of the manuscript as Tan Kian, because he is in the heart of the industry now. If he allows me to spend more time writing my part, I will able to accelerate resources analysis, which includes going several decades back through the development of the IT industry. Then we will merge and unify our skills, crafting a book that will enthusiastically involve our readers and help them think critically. It is not an easy task, however, we are very keen to go through with it despite the competitiveness in the publishing field.
If it is successful, we hope it will be a useful manual for professional readers worldwide. Actually, such cooperation continuity of a former student and professor demonstrates the quality of education at LIGS University. Despite the long-distance, we can still effectively unify our interest in scientific partnership even after graduation. I am very thankful for the support of the university. There is no doubt that we are always keen to help all our students and graduates in their desire for education and develop values in their career and life. That is our honorable and professional duty and with it, we can reach tutoring satisfaction.