SingHealth Cyber Attack: Benefits and risks of Smart Nation projects in pipeline

The authorities said, when announcing the SingHealth cyber attack last Friday, that they would pause all new Smart Nation initiatives while they undertake a thorough review of the safeguards embedded in each system.

This includes the National Electronic Health Record, which enables the sharing of patients' treatment and medical data among hospitals here.

Cyber-security experts interviewed said each Smart Nation project will likely involve different levels of risks. Here is a list of some other key initiatives in the pipeline, as well as their benefits and risks.


Singapore has been working on developing a national digital identity which would be akin to the NRIC, or identity card, in the physical world.

It is believed a digital ID can better protect people's online identities as threats of fraud and identity theft mount.

The new system will give people access to both public-and private-sector services, like in Estonia.

The European country has a digital ID system that lets its citizens access their bank and healthcare information, and even vote online.

A key component of the digital ID is the SingPass Mobile app that is slated to be rolled out in the second half of this year.

The app aims to provide a more secure way to access hundreds of e-citizen services - including the filing of income taxes, parking fine payments and applying for the permit of foreign maids - without the need for physical tokens and SMS of one-time passwords.

SingPass Mobile will work with MyInfo, a government-backed digital vault of personal data to let customers auto-fill forms for opening bank accounts and public housing applications, among others. All 3.3 million SingPass users have been enrolled automatically in MyInfo.

Cyber-security experts said vulnerabilities, if found in SingPass Mobile and the larger national digital identity, would be catastrophic.

Said Mr Aloysius Cheang, Asia-Pacific executive vice-president of the Centre for Strategic Cyberspace + Security Science, a London-based think-tank: "It would be a catastrophe if the system is broken into, providing hackers access to a national treasure trove of health, income, Central Provident Fund (CPF) savings records, with the potential to manipulate the data."


It is a nationwide network of sensors or Web cameras to collect a wide range of data that can be used to direct driverless cars, catch speeding e-scooters and even analyse faces, down to race, gender and age.

The sensors and Web cameras - or Internet of Things (IoT) devices - will be mounted on interconnected lamp posts, touted as the spine of the Smart Nation Sensor Platform.

All the data collected will be analysed on the fly using artificial intelligence (AI) technologies. Armed with this, government agencies can increase their awareness of a situation, detect potential problems and respond quickly to incidents, such as unruly crowds, train breakdowns or traffic congestion.

IoT security developments, however, are nascent and lack global standardisation.

This means everything these systems are designed to do may be subverted if malicious actors can obtain illicit access, said cyber-security firm ESET's senior research fellow Nick FitzGerald.

"Driverless cars could be misdirected with fake information indicating a road closure or bogus traffic congestion," he added.

If hackers can hijack and misconfigure the wide variety of datasets used to train AI systems, the outcome directed by AI systems will also be misleading, said Mr Michael Kasper, the cyber-security head at virtual reality solutions firm Fraunhofer Singapore.


This is the deadline for citizens to access each and every government service online. For instance, the CPF nomination scheme, for citizens to specify who will receive their CPF savings after they die, is still done over the counter or via snail mail without a digital option.

There are also plans for citizens to complete between 90 per cent and 95 per cent of transactions with the Government digitally by 2023. These include offering cashless payment for every government service.

People can also sign digitally for all government services.

Experts said the success of a fully digital Government relies on a cyber-security ready population, including public servants.

"Citizens may become threat vectors if they unwittingly use compromised apps and browsers that could inject bad commands into a government website," said Mr Stuart Fisher, senior vice-president for Asia Pacific at cyber-security technology firm Deep Instinct.