Search
Close this search box.

We are creating some awesome events for you. Kindly bear with us.

EXCLUSIVE – Cybersecurity challenges for developing nations, digital IDs and the future of public service delivery

EXCLUSIVE - Cybersecurity challenges for developing nations

Part 2 of a two-part interview

In the first part of the interview, Mr. Randeep Sudan, Adviser on Digital Strategy and Government Analytics with the World Bank talked about leveraging the Singapore experience and data analytics. One of the most critical aspects of the data chain is security. We asked Mr. Sudan what are the challenges faced by governments on this front and what are they doing about it.

Data security

Mr. Sudan said that we need to be mindful of the fact that cybersecurity is not just for government data. It also applies to data with the private sector. There are weaknesses in the private sector infrastructure, which hackers exploit and then use it for sending out malicious data or carrying out distributed denial of service attacks. China has the reputation of being highly capable in the area of cybersecurity. Nonetheless it faces issues of securing large amounts of data in the private sector and in government.

“Unless one is able to deal with data security comprehensively, one cannot really improve the trust level and cybersecurity in any country. It is a job which the government cannot do alone. It has to get more stakeholders involved in this,” Mr. Sudan reminded us.

Going forward, one way of doing this could be a greater reliance on cyber risk insurance and reinsurance. If companies are buying insurance, then their levels of premiums will depend on the levels of risk to which they are exposed and there’s a market mechanism to assess those risks and monetise them. Currently, the market mechanisms are weak in most countries.

Role of international cooperation for enhancing cybersecurity

It’s a borderless world when it comes to cybersecurity. Many countries are trying to forge partnerships internationally for addressing it.

Mr. Sudan talked about several examples of international cooperation, while saying that more needs to be done. The Korean Internet Security Agency (KISA) has established a Global Center for Cybersecurity for Development (GCCD) to help developing countries on cyber security issues. The UK Government has helped establish the Oxford Cyber Security Center that is working with countries across the world on cyber security issues. Interpol has a centre in Singapore, the INTERPOL Global Complex for Innovation. It tracks threats and shares information. ENISA, the European Union Agency for Network Information Security Agency, shares data across Europe. The US also has programmes for data sharing.

Risks for developing countries

KISA has a direct link into all the ISPs in Korea, so that they are able to monitor the traffic coming in and out of the country, and have a better understanding of the threat landscape. Besides establishing sophisticated monitoring capabilities Korea is now getting into AI to see how these threats can be better identified, predicted and pre-empted.

This level of sophistication requires capabilities and investments. Such investments do not come cheap. Mr. Sudan said that developing countries often struggle with this. Because firstly, there is a lack of availability of skills. Secondly, the institutional and regulatory structures are weak. Then there is a lack of awareness of the serious nature of threats. See for example how the Bangladesh Central Bank lost $81 million on account of a cyber heist.  

In addition, the decisions are siloed. “If you have the education department putting up their data centre, the health department putting up their own data centre, the capability to deal with cybersecurity issues gets diluted to an extent that it exposes the whole system to risk. The more you digitise, unless the security part is taken care of, the more risk and complexity you are introducing into the system. And to manage this complexity in a decentralised way with each ministry managing cyber security threats independently makes things difficult. It might be easier to manage the cyber security function centrally with complementary management of the function at the agency level. And of course, you cannot keep all your eggs in one basket, you need to have secure backups in different places,” Mr. Sudan explained.

Korea has government data centres which are entirely in the control of government and are shared across agencies. These multiple data centres provide redundancy and backup capabilities to mitigate cyber risks.

Estonia has gone a step further and started experimenting with data embassies. The thinking is that in case their systems are completely compromised in Estonia, they should still continue working as a government. Estonia established its first data embassy in Luxembourg and is looking at other options of replicating data and keeping it in data embassies abroad, so that no matter what happens to Estonia as a physical entity, it can still function as a virtual government.

Major countries like India while pursuing digitisation aggressively, need to do a lot more on cybersecurity. It has to be ensured that cybersecurity is built into everything digital. The architecture needs to make things secure. There should be metrics to measure and systems to test security at each stage.

Recent trends in IT services development could offer a part of the solution. Mr. Sudan said, “If we look at microservices, this whole approach of DevOps for example, the advantage is that one doesn’t need to secure the whole system. The parts which are vulnerable can be secured in the best possible way. An added advantage is that such a strategy can bring the cost down.“

Talking about the criticality of cybersecurity, Mr. Sudan added, “All said and done, there are very serious consequences if data security is compromised. If people’s bank accounts are compromised or the electricity networks suffer a serious outage, it can create social chaos on an unprecedented scale. You don’t need a terrorist attack. A cyber breach would be enough to knock out the social system. So, it’s a question of social order, development, security. These are all intertwined.” The cybersecurity function has to be systematically addressed both as a horizontal across agencies and organisations – both public and private and as a vertical to mitigate such risks.

Digital IDs

Digital ID is one of the foundational elements of a digital economy. It is a key enabler for the fast developing world of FinTech. Mr. Sudan said that being able to uniquely identify each individual is critical. Many years ago, Singapore realised this and the government centralised data on citizens, companies and geospatial data. These were the three core databases that were identified as absolutely important.

Mr. Sudan brought up the example of the Indian Unique ID, Aadhaar, as a great initiative on this front.

In his view, it is the most sophisticated ID system in the world at the moment. He said, “You don’t even need to carry a card. Your biometrics is your identification. Moreover, the system architecture is very good. It only gives information which is needed. If someone in the US wants to buy alcohol, they ask to see the drivers licence to verify age. A drivers licence shows a lot of details, including address, date of birth, and full name. All this information is not required for checking if a person is above 18 years or not. In the Aadhaar system the system would simply say whether a person is 18 and older with a simple yes or no. It doesn’t reveal any of the additional, unnecessary information. Information provided is on a need to know basis.”

ID data is secured and access is only through a query engine which is not allowed to alter in any way the core data.

Of course there are new approaches to secure digital IDs that are emerging and use blockchains. We have to see how these approaches play out as they mature. Developing countries will have to be mindful of such approaches in addition to ID systems like Aadhar while determining how best to go about creating digital IDs.

Digital transformation-  top-down or bottom-up?

My experience is that it has to be both top-down and bottom-up,” Mr. Sudan responded.

Defining standards has to be top down. Similarly, cybersecurity strategy and establishing national digital infrastructure like high speed networks has to be done from the top. So also legal and regulatory provisions to safeguard data privacy for example. 

But the bottom-up aspect of citizen engagement, feedback from citizens, customising services for citizens is also important. And the private sector will increasingly have a role there because most of the platforms where the citizens are most comfortable in interacting are platforms with the private sector.

In Korea the government is using Kakao Chat for delivering government services. Mr. Sudan narrated another experience form a trip to China, “I was recently in China. And I had a meeting with Tencent. I realised that many of the Chinese government services are on Wechat. The point of delivery is a private sector platform, not a government website. For example, citizens can schedule their hospital appointments and pay for hospital expenses using WeChat.”

“The Tencent executives told me that in the case of a car accident, if the photographs of the accident are sent from the cell phone an insurance claim can be settled in 30 seconds. Backend algorithms, and visual analytics are now able to assess the damage very accurately. Based on the huge volume of data collected on past accidents the algorithms have become quite reliable,” he added.

In addition to users’ convenience using these platforms, there is another reason why governments should work with the private sector to deliver services. In many cases large digital platform companies have superior security as compared to what government might be able to muster.

The private sector also by and large has much better flexibility. If security technology changes or a new threat is found, the speed of response is likely to be significantly better in the private sector. Of course one cannot generalize this for all cases, as there are many examples where data with the private sector has been breached.

“I feel that on balance, it might be better for the government to work with the private sector, after assessing the systems and processes in place for ensuring data privacy and data security compliance.” Mr. Sudan commented.  

PARTNER

Qlik’s vision is a data-literate world, where everyone can use data and analytics to improve decision-making and solve their most challenging problems. A private company, Qlik offers real-time data integration and analytics solutions, powered by Qlik Cloud, to close the gaps between data, insights and action. By transforming data into Active Intelligence, businesses can drive better decisions, improve revenue and profitability, and optimize customer relationships. Qlik serves more than 38,000 active customers in over 100 countries.

PARTNER

As a Titanium Black Partner of Dell Technologies, CTC Global Singapore boasts unparalleled access to resources.

Established in 1972, we bring 52 years of experience to the table, solidifying our position as a leading IT solutions provider in Singapore. With over 300 qualified IT professionals, we are dedicated to delivering integrated solutions that empower your organization in key areas such as Automation & AI, Cyber Security, App Modernization & Data Analytics, Enterprise Cloud Infrastructure, Workplace Modernization and Professional Services.

Renowned for our consulting expertise and delivering expert IT solutions, CTC Global Singapore has become the preferred IT outsourcing partner for businesses across Singapore.

PARTNER

Planview has one mission: to build the future of connected work. Our solutions enable organizations to connect the business from ideas to impact, empowering companies to accelerate the achievement of what matters most. Planview’s full spectrum of Portfolio Management and Work Management solutions creates an organizational focus on the strategic outcomes that matter and empowers teams to deliver their best work, no matter how they work. The comprehensive Planview platform and enterprise success model enables customers to deliver innovative, competitive products, services, and customer experiences. Headquartered in Austin, Texas, with locations around the world, Planview has more than 1,300 employees supporting 4,500 customers and 2.6 million users worldwide. For more information, visit www.planview.com.

SUPPORTING ORGANISATION

SIRIM is a premier industrial research and technology organisation in Malaysia, wholly-owned by the Minister​ of Finance Incorporated. With over forty years of experience and expertise, SIRIM is mandated as the machinery for research and technology development, and the national champion of quality. SIRIM has always played a major role in the development of the country’s private sector. By tapping into our expertise and knowledge base, we focus on developing new technologies and improvements in the manufacturing, technology and services sectors. We nurture Small Medium Enterprises (SME) growth with solutions for technology penetration and upgrading, making it an ideal technology partner for SMEs.

PARTNER

HashiCorp provides infrastructure automation software for multi-cloud environments, enabling enterprises to unlock a common cloud operating model to provision, secure, connect, and run any application on any infrastructure. HashiCorp tools allow organizations to deliver applications faster by helping enterprises transition from manual processes and ITIL practices to self-service automation and DevOps practices. 

PARTNER

IBM is a leading global hybrid cloud and AI, and consulting services provider, helping clients in more than 175 countries capitalize on insights from their data, streamline business processes, reduce costs and gain the competitive edge in their industries. Nearly 3,800 government and corporate entities in critical infrastructure areas such as financial services, telecommunications and healthcare rely on IBM’s hybrid cloud platform and Red Hat OpenShift to affect their digital transformations quickly, efficiently, and securely. IBM’s breakthrough innovations in AI, quantum computing, industry-specific cloud solutions and business services deliver open and flexible options to our clients. All of this is backed by IBM’s legendary commitment to trust, transparency, responsibility, inclusivity, and service. For more information, visit www.ibm.com