Brianna White

Staff member
Jul 30, 2019
Untitled design (15)-1690966278247.jpg

In 2021, a malicious actor remotely accessed a water treatment plant in the US to increase the amount of sodium hydroxide in the water to a dangerous level – which could have potentially harmed millions of people. This is one example of how poorly secured IoT devices can affect public utilities and endanger citizens.

Across Southeast Asia, smart city initiatives like Singapore’s Smart Nation goals and Thailand’s Thailand 4.0 mission promise to improve the quality of life for citizens on national scales. But as physical systems become more intertwined with technologies like Internet of Things (IoT), vulnerabilities in these devices could lead to disastrous incidents.

The number of IoT devices is only set to grow. According to Statista, we can expect to see close to 30 billion connected devices globally by 2030, and at least 20 to 30 per cent of these devices will reside in Southeast Asia, says Poh Chang Chew, Principal Cybersecurity Consultant OT/Critical Infrastructure & Global Partners APAC, Fortinet to GovInsider.

Chew shares with GovInsider three emerging risks that IoT security professionals need to watch out for in the coming years.

1. AI-enabled cyber warfare

First, security professionals will have to guard IoT devices against the rise of AI-enabled cyber attacks, says Chew.

As AI grows more advanced and generative AI such as ChatGPT proliferates, malicious actors could use these technologies to quickly identify vulnerabilities and loopholes within the source code of various connected devices, he explains.

Right now, threat actors use reconnaissance websites like Shodan or botnets to identify vulnerable devices connected to the Internet, such as IP cameras, heat sensors, and other devices used in smart city systems. Then, they can hack into vulnerable devices residing at data centres to modify cooling settings and disrupt operations, he explains.

IoT devices tend to lack strong security, as IoT vendors prioritize speed to market rather than security during the development lifecycle, Chew says. AI can make the process of exploiting these vulnerabilities even easier.

Continue reading: