As of Monday, the WannaCry ransomware had affected more than 200,000 computers in 150 countries. While reports continue to roll in and pundits have started predicting the cost to the global economy of this cyber "outbreak", with estimates ranging from hundreds of millions to billions of dollars, one thing is clear - this is not the first, nor will it be the last, massive cyber attack.
For those keeping track, you will remember the ILOVEYOU attack of 2000 which infected 10 per cent of Internet-connected computers, the Slammer of 2003 known to be the fastest-spreading worm of all time, or the Conficker in 2008 which affected nine million computers around the world. One must begin to see the similarity between such "epidemics" in cyberspace and the pandemics in the real world, and it is not too much of a stretch to draw a parallel between a public health attack and a cyber attack.
Singapore has, over the decades, recognised public health as a public good and has invested significant resources in the public health system. Despite the short history of the Internet, we must begin to recognise that a nation's cyberhealth is as much a public good as is its public health. The social and economic fallout of a massive cyber attack can be as devastating, if not more so, than an epidemic as even our national defence and public health systems are today heavily reliant on infocomm technologies.
There is no shortage of programmes to promote public health, from campaigns to encourage hand washing to the provision of vaccinations for disease prevention. The Government recognises that these are needed for a healthy environment and community.
I believe that the same approach should be adopted for cyber security, as it provides for a safe and healthy digital life for the population. Drawing lessons from existing public health programmes, I propose three ways to boost cyber security by focusing on the young and vulnerable, reducing the vulnerabilities of connected devices and making cyber security affordable to the masses.
CYBER SECURITY CURRICULUM FOR PRIMARY SCHOOLS
Singapore's Cyber Security Agency held the first national cyber security awareness campaign, "Live Savvy with Cybersecurity", earlier this year to raise awareness among the general public of "good cyber hygiene". While we applaud the initiative, a primary school curriculum can also be considered to inculcate a stronger understanding of cyber security from a young age. This mirrors Singapore's health curriculum for primary schools, which promotes personal responsibility for health and hygiene, as well as the health of others and the environment.
This is important as children today are exposed to technology at a much younger age. In a study conducted early last year by SuperAwesome, a digital marketing platform, 50 per cent of South-east Asian kids aged between six and 14 own a smartphone. By augmenting the current cyber wellness programme with the basics of cyber security, primary school children will be more aware of the measures they can take to protect themselves on the Internet.
CYBER 'VACCINATIONS' FOR SINGAPORE CITIZENS
Today, most people are aware of the threat of malware and would have installed free antivirus software. Those who are more digitally savvy would have added more protection by turning on the firewall. In today's hostile cyber environment, these measures may no longer be adequate to combat some of the more advanced malware threats.
Similar to our National Childhood Immunisation Programme which covers vaccination against a list of life-threatening diseases or provides subsidies for approved drugs, the Government can consider offering Singapore citizens advanced commercial anti-malware solutions for free, and subsidies for more sophisticated add-ons.
CYBERHEALTH SCREENING AND CARE
The Government ensures that Singapore citizens have access to basic healthcare through subsidies and the 3M framework of Medisave, MediShield and Medifund. Under the new "Screen For Life" programme, Singapore residents will have access to health screening for diabetes, high cholesterol, high blood pressure, obesity, colorectal cancer and cervical cancer from September this year at a nominal fee.
We can take a similar approach by promoting the cyberhealth screening of technology devices for security loopholes and to fix vulnerabilities that can be exploited by cyber criminals. This may be accomplished by distributing tools that help the man in the street perform a self-screening. In addition, the Government can consider an infrastructure similar to Singapore's healthcare system, such as virtual cyber clinics to provide affordable "treatment" for Singapore citizens with cyberhealth issues.
The above are just some ideas to get us started on thinking of cyber security as a public good, and how to move towards an approach similar to Singapore's healthcare system for public cyberhealth.
- The writer is the chief executive of Swarmnetics, a Singapore company that helps organisations find security weaknesses by harnessing the expertise of the global White Hat community.
