Top: Original image JCT600 blog
It’s been no secret that Thailand is hot to develop smart cities, where technology and data analysis are integrated with the public and private infrastructure to manage assets and boost the digital economy. From a consumer standpoint, it means using a smartphone to dispatch a driverless delivery vehicle after your refrigerator notifies you it’s low on eggs.
It’s a core part of the so-called digital economy initiative in which everything from energy to education is being versioned “4.0,” and how Thailand strives to keep on pace with forward-thinking cities such as Singapore, Barcelona, Seoul and Helsinki.
Funding is one challenge to getting there, which is why the government has made private-public partnerships a primary focus in piloting the tech and infrastructure needed in Phuket, Chiang Mai and Khon Kaen as the kingdom’s digital mainstays.
But before those challenges are met, society must consider if it wants to live in this hyperconnected and digitally vulnerable future in light of the recent revelations of WikiLeaks’ “Vault 7,” a massive trove of information about CIA hacking tools that shows how those smart appliances have already been compromised and harnessed for nefarious purposes.
Vault 7’s first batch of documents and code released March 7 by Julian Assange and his WikiLeaks team, “Year Zero,” is a collection of 8,761 documents apparently created between 2013 and 2016, with 70,875 redactions, most of which were names, IP addresses and email addresses. Assange and his team claim the documents are from the CIA and detail a number of hacking tools and exploits that the CIA has allegedly built up over times.
From a smart city perspective, a number of these vulnerabilities we call zero-day exploits are very troubling.
Specifically the ones compromising devices such as Samsung Smart TVs to monitor voice and video inside their owners’ homes. Also the large number of Android and iOS exploits which allow hackers to compromise the mobile device of a user and in some cases circumvent security and encryption functions which might be implemented by an app.
The reason compromised mobile devices are such a large concern for smart city residents, developers and service providers is because they will be the user interface for much of the smart city interactions. Our devices and the apps we put on them will be used to interact and engage with everything from booking tickets by scanning movie posters and reserving tables at our favorite restaurants to finding our way to retail shops off the beaten path and navigating to meet friends.
Given the predominate role mobile devices are set to play in the daily lives of smart city residents, visitors and business owners, these security and privacy concerns that have come to light from the Vault 7 leak should be taken seriously not just by the Digital Economy and Society Ministry overseeing the Smart City initiative, but also any firm who intends to enter into one of the proposed private-public partnerships.
For business, security must be a government priority — even if privacy is less so. Under a military government that has actively pursued a Big Brother agenda when it comes to the internet, online rights defenders such as the Thai Netizen Network raised the alarm over a year ago about the confluence of private and public data infrastructure over a government-managed backbone.
Gareth Davies of Fluxus Thailand, a Bangkok-based company with smart city and platform experience, has expressed clear concerns about platforms which deal directly with device security and user privacy.
“Vault 7 shows that businesses need to take device security seriously. With frequent leaks alerting the public to the risks, it’s important to demonstrate that your [Internet of Things] devices are safe and secure against hackers,” said Davies, the company’s managing director.
While the Vault 7 leaks raise many valid concerns in the sphere of security and privacy, specifically around compromising devices that play directly into the smart city ecosystem, the leaks are a wake-up call. Vulnerable devices and zero-day exploits are nothing new, but these leaks should give everyone perspective that companies and governments need to be proactive in the way they manage data and device updates.
The smart city initiative in Thailand is an amazing undertaking that has the ability to really change the landscape of the areas selected. And the public-private partnerships are the right way to go, but as Gareth Davies from Fluxus Thailand pointed out, device security needs to be on the top of the list for companies, especially in the smart city realm. All things have risk, how we deal with it is what separates successful implementation from failure.