Singapore is charging ahead with its digital transformation agenda, be it in the public services space or in the commercial market.
Organizations of all sizes are working on ensuring that they’re making the most of the technology that is available to them in the market. One of these technologies, the internet of things (IoT), is quite a hit in Singapore and the rest of the region. It enables businesses to collect data from users in real-time, something that wasn’t possible ever before. This obviously opens up new doors for the industry in terms of business opportunities but it also creates new risks.
“IoT in the business space comes with security risks that each organization needs to assess for themselves as these would depend on the nature of the business, scale, and criticality of the IoT functionalities, the IoT deployment model, and so on,” said Singapore Cybersecurity Consortium Executive Director Vivy Suhendra at the recent IoTAsia Summit in Singapore.
“Each additional thing connected to the business network contributes some increase in attack surface and becomes an additional endpoint to manage. We should aim to mitigate the risks as much as possible in all aspects of People – Process – Technology, and to always have an incident response plan for the unmitigated part of the risks.”
The Consortium is actively exploring IoT security
The Singapore Cybersecurity Consortium encourages innovations in IoT security-by-design as well as mitigation of IoT risks in less controlled environments. In particular, one research project funded by the Consortium studies the mitigation of IoT security risks hand-in-hand with physical safety concerns, which would help create environments of safe-secure-by-design IoT systems.
Another funded project develops a NetFlow analysis method to identify vulnerable IoT devices connected to a network while respecting device owners’ privacy, which would help network owners manage the security of IoT systems and potentially take action when components are compromised. Obviously, the Consortium spends a lot of time on such projects for the benefit of all users.
Currently, Singapore applies cybersecurity regulations to critical sectors, and rightly so, as security is not negotiable in those environments. Hence for that use case, IoT innovations would be useful only when they work securely, or when the innovations themselves address security requirements of IoT.
Similarly, Suhendra expects project developments along secure IoT or IoT security technologies to flourish, as demand for them will be shored up by the need to comply with cybersecurity regulations. More importantly, however, the industry and society need to go beyond the regulation compliance mindset and to truly understand the importance of cybersecurity when they use IoT. When this is deeply embedded as a culture, innovations that arise would naturally keep security in mind.
“Where accountability is concerned, I believe all parties involved have an individual as well as collective responsibilities.”
Businesses need to take action if they want to gain from IoT
According to Suhendra, providers of IoT products/services should equip their offerings with up-to-standard security and privacy measures applicable.
They must also respect user consent where it comes to personal information, and could take the extra step of educating users/clients on consumer responsibilities such as changing the default password and privacy configurations, she insists.
“We have heard concerns from industry partners that security inevitably increases costs for products and services, which most consumers are not willing to pay for.”
But there are also positive developments where the industry and academics have been had conversations to develop IoT security certification standards. The Consortium believes that this will lend clarity to the different options in the market for the mutual benefit of providers and consumers, and could be supported by governments as well.
“I believe such industry- or community-driven certifications could have greater flexibility to suit IoT market trends than for strict regulations to be imposed by governments.”
In the interim, Suhendra has some specific advice for businesses using IoT:
“We would suggest that businesses who use IoT for core operations use only devices and services from manufacturers and providers who are committed to security and privacy, and able to deliver security patches when vulnerabilities are later discovered.
“They should perform proper device and network configurations, including changing default passwords.
“Finally, network separation may be a good idea in cases where insecure or unknown devices may connect to the network that is unmonitored, so that they will not have access to critical components if they become compromised.”
At the end of the day, the Singapore Cybersecurity Consortium is making every effort to accelerate how organizations (and government agencies) protect themselves while using IoT. The discussions and dialogues it creates really help create a uniform understanding of what’s at stake and why mitigating risks should be a priority.
Nothing can stop the rapid proliferation of IoT devices and sensors — especially with 5G set to democratize the technology and take it to an entirely new level. Hopefully, help from agencies like the Singapore Cybersecurity Consortium will allow for proactive measures to be taken to protect stakeholders before any damage is done.
(0)
(0)Archive
- October 2024(44)
- September 2024(94)
- August 2024(100)
- July 2024(99)
- June 2024(126)
- May 2024(155)
- April 2024(123)
- March 2024(112)
- February 2024(109)
- January 2024(95)
- December 2023(56)
- November 2023(86)
- October 2023(97)
- September 2023(89)
- August 2023(101)
- July 2023(104)
- June 2023(113)
- May 2023(103)
- April 2023(93)
- March 2023(129)
- February 2023(77)
- January 2023(91)
- December 2022(90)
- November 2022(125)
- October 2022(117)
- September 2022(137)
- August 2022(119)
- July 2022(99)
- June 2022(128)
- May 2022(112)
- April 2022(108)
- March 2022(121)
- February 2022(93)
- January 2022(110)
- December 2021(92)
- November 2021(107)
- October 2021(101)
- September 2021(81)
- August 2021(74)
- July 2021(78)
- June 2021(92)
- May 2021(67)
- April 2021(79)
- March 2021(79)
- February 2021(58)
- January 2021(55)
- December 2020(56)
- November 2020(59)
- October 2020(78)
- September 2020(72)
- August 2020(64)
- July 2020(71)
- June 2020(74)
- May 2020(50)
- April 2020(71)
- March 2020(71)
- February 2020(58)
- January 2020(62)
- December 2019(57)
- November 2019(64)
- October 2019(25)
- September 2019(24)
- August 2019(14)
- July 2019(23)
- June 2019(54)
- May 2019(82)
- April 2019(76)
- March 2019(71)
- February 2019(67)
- January 2019(75)
- December 2018(44)
- November 2018(47)
- October 2018(74)
- September 2018(54)
- August 2018(61)
- July 2018(72)
- June 2018(62)
- May 2018(62)
- April 2018(73)
- March 2018(76)
- February 2018(8)
- January 2018(7)
- December 2017(6)
- November 2017(8)
- October 2017(3)
- September 2017(4)
- August 2017(4)
- July 2017(2)
- June 2017(5)
- May 2017(6)
- April 2017(11)
- March 2017(8)
- February 2017(16)
- January 2017(10)
- December 2016(12)
- November 2016(20)
- October 2016(7)
- September 2016(102)
- August 2016(168)
- July 2016(141)
- June 2016(149)
- May 2016(117)
- April 2016(59)
- March 2016(85)
- February 2016(153)
- December 2015(150)
