Professional Documents
Culture Documents
#ISSlearn
#ISSlearn 2
Smart Nation
Smart City must be Secure by design
Smart City by their nature introduce connections between multiple systems
at multiple touch points and create an intersection between many other systems,
including vehicles, energy grids, media streaming and the cloud.
An exploitable vulnerability in the city could lead to more serious breaches
in any system it touches, which complicates the security landscape.
#ISSlearn 3
Cybersecurity Threat – Examples (1 of 3)
(August 2012)
Cyber Attack on Saudi Aramco. The computer network of Saudi Aramco was struck by a self-replicating virus that
infected as many as 30,000 of its windows-based machines. Despite its vast resources as Saudi Arabia’s national oil and
gas firm, Aramco, took almost two weeks to recover from the damage.
https://www.iiss.org/en/publications/survival/sections/2013-94b0/survival--global-politics-and-strategy-april-may-2013-
b2cc/55-2-08-bronk-and-tikk-ringas-e272
(2 June 2014)
SingPass, a single factor authentication system allowing users to login to various government e-services. It was
reported that more than 1,500 users may have their IDs and passwords accessed without permission.
http://www.channelnewsasia.com/news/singapore/1-500-singpass-accounts/1136316.html
(14 Oct 2014)
SMRT’s webpage hacked redirecting users to another page. A media advertising webpage under SMRT’s was
apparently hacked with users redirected to another page in a foreign language that states “Hacked by: Bortecine Tim”.
http://www.straitstimes.com/singapore/smrts-webpage-hacked-users-redirected-to-another-page
/
(10 March 2015)
Curtin Singapore’s website defaced by hackers claiming to represent ISIS
Hackers claiming to be from the Islamic State (ISIS) has defaced Curtin Singapore’s website. As to why Curtin Singapore
was chosen is not clear and the militant group’s flag was displayed on the defaced website.
https://www.sgcybersecurity.com/securityarticle/securityarticle/curtin-singapore-s-website-defaced-by-hackers-claiming-to-
represent-isis
(December 2015)
Iranian Hackers Claim Cyber Attack on New York Dam. An Iranian hacktivist group has claimed responsibility for a
cyberattack that gave it access to the control system for a dam in the suburbs of New York — an intrusion that one official
said may be "just the tip of the iceberg."
http://www.nbcnews.com/news/us-news/iranian-hackers-claim-cyber-attack-new-york-dam-n484611
#ISSlearn
Cybersecurity Threat Examples (2 of 3)
(July 2016)
Taiwan’s First Bank loss of US$2 million. Law enforcement in Taiwan investigating the attacks against ATMs of a major
nations bank, the Taiwan’s First Bank. Crooks used a malware to withdraw more than $2 million from dozens of ATMs in the
country, it is the first time that cyber criminals used this technique in Taiwan.
http://securityaffairs.co/wordpress/49429/cyber-crime/taiwan-atm-hacking.html
(November 2016)
San Francisco Transit cyber attack. The November hack targeted the computer systems of the San Francisco Municipal
Transportation Agency. The transit agency waived fares that weekend, according to the San Francisco Chronicle, as hackers
requested $73,000 in exchange for unlocking the agency’s computers, a ransom the transit agency refused to pay.
https://www.washingtonpost.com/news/dr-gridlock/wp/2017/01/09/cyberattack-on-san-francisco-transit-agency-prompts-
senate-questions-for-metro/?utm_term=.aa6f9ffa2a4b
(January 2017)
Czech cyber-attack: hacking diplomats’ emails. The Czech Republic has suffered a damaging security breach after
hackers infiltrated the emails of dozens of its most senior diplomats in a massive cyber-attack thought to have been carried
out by Russia.
https://www.theguardian.com/world/2017/jan/31/czech-cyber-attack-russia-suspected-of-hacking-diplomats-emails
#ISSlearn
Cybersecurity Threat Examples (3 of 3)
■(Feb 2017)
SINGAPORE - The personal details of 850 national servicemen and staff at the Ministry of Defence (Mindef) were stolen in
what Mindef has described as a targeted and carefully planned" cyber attack. The breach of Mindef's I-net system was
discovered in early February. The I-net system provides Internet access to national servicemen and employees for their
personal communications and Internet surfing via thousands of dedicated computer terminals in Mindef, as well as in
Singapore Armed Forces (SAF) camps and premises. No classified military information is stored on I-net.
Mindef said this was the first time that the I-net system was breached, resulting in the loss of the 850 personnel's NRIC
numbers, telephone numbers and birth dates. The attack was executed remotely over the Internet.
■(April 2017)
SINGAPORE - NUS, NTU networks hit by 'sophisticated' cyber attacks The objective of the attacks "may be to steal
information related to Government or research", said authorities, adding that "there is no evidence that information or data
related to students was being targeted". The cyber-attacks, which appeared aimed at stealing government information and
research documents, were what is known as APT (advanced persistent threat) attacks - carefully planned cyber intrusions
executed over a considerable period of time, and which are not the work of casual hackers.
■(May 2017 )
For months, the ransom money from the massive WannaCry cyberattack sat untouched in online accounts. Now, someone
moved it.
More than $140,000 worth of digital currency bitcoin has been drained from three accounts linked to the ransomware virus
that hit hundreds of thousands of computers around the world in May.
■(August 2017)
New York - HBO has fallen victim to a cyber attack, the Time Warner-owned cable network said on Monday, after hackers
claimed to have stolen material including plot points from an upcoming episode of its hit series Game of Thrones. “There
been a cyber incident directed at the company which has resulted in some stolen proprietary information, including some
our programming,” Richard Plepler, HBO chairman, wrote in a message to employees.
#ISSlearn
Types of Cyber Attacks
(non-Exhaustive)
#ISSlearn
Social Engineering
#ISSlearn 8
WannaCry Ransomware 2017
• Computers become
infected by WannaCry
when unsuspecting
users click on a bogus
link or e-mail attachment
- a method known as
"phishing".
#ISSlearn 9
DDoS attacks – Denial of Services
#ISSlearn 10
The Internet of Things
#ISSlearn 11
Are you prepared?
#ISSlearn
• Do you feel your organisation is doing enough to protect
itself against cyber threats?
http://info.vectranetworks.com/insider-threat-survey-report-registration
#ISSlearn 14
What is Risk ?
The probability (likelihood) that a given threat source will exercise a
particular vulnerability and the resulting impact should that occur
#ISSlearn 15
Assess the business impact of
identified threats
Example
High Medium Risk High Risk High Risk
(5) (5) (15) (75)
Impact
#ISSlearn 16
Legal and Compliance
• The draft Bill was released on Monday (July 10) for public consultation.
• The Bill aims to harmonise the requirements to protect CII across the public and
private sectors.
CII owners
• Depending on the offences, the maximum penalty is a fine of $100,000 or jail term of up
to 10 years.
• Capacity must be
developed
Stakeholders
Leaders/ Internal
Business
Leaders
Digital
Leaders
Senior
Professionals
Cyber Security
ICT
Professional
Stakeholders
External
internally
• Another forms of
insurance Awareness Program
Be prepared
• Outsource services
Set the bar
not competency Set the basic right
Personal Protection
• Security Assessment
and Testing
#ISSlearn
Understanding Cybersecurity
vulnerabilities
#ISSlearn 28
Gamification:
Learning through Serious
Gaming
#ISSlearn
#ISSlearn
#ISSlearn
Understanding Cybersecurity
Vulnerabilities: 3 illustrations
#ISSlearn
Vulnerability 1
#ISSlearn 33
Vulnerability 2
Example –
hacking CCTV camera is a matter of downloading ready-made
hacking software from Internet
#ISSlearn 34
Vulnerability 3
Link
#ISSlearn 35
THANK YOU
issngln@nus.edu.sg
and
kokleong@nus.edu.sg