Top 10 things Singapore’s cybersecurity professionals need to know about IoE

Built on the foundation of the Internet of Things (IoT), the Internet of Everything (IoE) is accelerating, creating significant opportunities for organizations, individuals, communities, and countries as more things come online – along with the people, processes, and data that interact with them.

Setting its sight to be the world’s first smart nation, the Singapore government has already laid a solid infrastructural foundation to support IoT with its Intelligent Nation Masterplan (iN2015), and they are now working on the Infocomm and Media (ICM) masterplan for the next 10 years.

Several proposed ideas, such as the Above Ground Boxes and Data Marketplace, will enable Singapore to leverage IoE’s transformative potential and help the nation develop smart, connected communities.

 However, IoE adoption is not a bed of roses as, alongside new opportunities, there will also be fresh challenges particularly when it comes to cybersecurity. The IoE does not just require networked connections but secure networked connections in order to capitalize on the estimated trillions of dollars of value to be gained globally over the next decade. To ensure that its residents and businesses can stay connected, while protecting their privacy and transactions, Singapore does not only need a robust and scalable nationwide infrastructure, but also cybersecurity professionals who are able to anticipate and address the security gaps that IoE will bring.

To help cybersecurity professionals cut through the hype and gain a better understanding of what to expect as the IoE continues to evolve, these top 10 observations will help:

  1. Worlds will collide. Most organisations have a wide range of disparate technologies and processes to protect their information technology (IT) and operational technology (OT) networks, as well as their physical spaces. Add to that consumer technology (CT) such as smartphones and tablets on IT networks and it is easy to see that these networks combine to become IoE networks. We need to begin to implement cybersecurity solutions to protect all networks equally from attack while recognising their specific requirements and priorities.
  2. The attack surface will expand. With billions of new devices now connected to IoE – including smart meters, heating and air conditioning systems, health monitoring devices, remote sensors for gas and oil lines, etc. – and more devices connecting all the time, the ability to gain visibility into these attack vectors, let alone close them to malicious actors, is increasingly difficult.
  3. Threat diversity will increase. Due to the variety of objects adversaries can target, many of which are in insecure locations, attackers are able to devise new methods the cybersecurity industry has yet to face and blend sophisticated techniques to accomplish their mission.
  4. Threat sophistication will continue. Threats have already become stealthier, evading initial point-in-time detections and using nearly imperceptible indicators of compromise to reach their target. Cybersecurity systems that rely exclusively on point-in-time defences and techniques cannot keep up with unfolding attacks.
  5. Remediation will become more urgent and more complex. When an attack does happen organisations cannot necessarily isolate a system because the cost and implications of shutting it down may be greater than the cost of an infection, presenting serious trade-offs between protection and continuity of operations. Remediation methods will need to support a focused approach to quickly detecting, scoping, and containing a threat, cleaning up systems, and bringing operations back to normal.
  6. Risk and impact will escalate. Sensitive data and personal information is flowing between process and business domains – from and through billions of connected devices, in secure and insecure locations throughout the world. The vast majority of these devices and domains rest outside the secure embrace of the IT and OT networks. In an OT world, the impact of a breach can be much greater. For instance, a vision of the Singapore’s smart nation masterplan is to roll out a Smart Health-Assist initiative that will provide better healthcare from the comfort of the home. However, unless the captured data can be securely transmitted back to the healthcare providers, this could have dire consequences and put many lives at risk.
  7. Compliance and regulations will mount. Regulatory bodies are requiring tighter security and privacy controls than ever before, which is affecting a growing number of industries. If unable to effectively and efficiently meet these requirements, an organisation’s ability to gain value as an active participant in the IoE will be limited dramatically. In addition, as more devices are connected, lines of ownership and responsibility will become increasingly blurred. This introduces new challenges for managing and maintaining compliance with regulatory requirements.
  8. Visibility will be paramount. Cybersecurity professionals need to see a real-time, accurate picture of devices, data, and the relationships between them, in order to make sense of billions of devices, applications, and their associated information. This requires more automation and faster analytics; humans will not be able to scale with the environment.
  9. Threat awareness will become the focus. In this amorphous perimeter, cybersecurity professionals need to presume compromise and hone the ability to identify threats based on understanding normal and abnormal behaviour, identify indicators of compromise, make decisions, and respond rapidly. This requires overcoming complexity and fragmentation in technology environments.
  10. Action will need to be swift. Upon identifying a threat or anomalous behaviour, cybersecurity professionals need to be able to take action. This requires the right technologies, processes, and people working together and swiftly to be effective.