smart nation, smart hacks and legal liability for cybersecurity breaches in the internet of things
TRANSCRIPT
![Page 1: Smart Nation, smart hacks and legal liability for cybersecurity breaches in the Internet of things](https://reader031.vdocuments.us/reader031/viewer/2022022414/5878728e1a28ab497b8b6795/html5/thumbnails/1.jpg)
IPV6 and Internet of Things: Smart Nation, Smart Hacks and Legal Liability for Cybersecurity breaches
Benjamin AngSenior Fellow, Centre of Excellence for National SecurityEducation Chair, Internet Society Singapore ChapterFurther discussion at www.isoc.sg
![Page 2: Smart Nation, smart hacks and legal liability for cybersecurity breaches in the Internet of things](https://reader031.vdocuments.us/reader031/viewer/2022022414/5878728e1a28ab497b8b6795/html5/thumbnails/2.jpg)
Where we come from
CENS
Multinational team of
specialists in national and
homeland security
Based at NTU’s RSIS,
working closely with
NSCS and CSA
ISOC.SG
Dedicated to ensuring
that the Internet stays
open, transparent and
defined by you.
Organizing events,
Providing education,
Engaging policy
Myself
Former Lawyer
Former CIO
Senior Research Fellow
in Cybersecurity Law and
Policy
![Page 3: Smart Nation, smart hacks and legal liability for cybersecurity breaches in the Internet of things](https://reader031.vdocuments.us/reader031/viewer/2022022414/5878728e1a28ab497b8b6795/html5/thumbnails/3.jpg)
IPV6 solves some problems for the Internet of Things
![Page 4: Smart Nation, smart hacks and legal liability for cybersecurity breaches in the Internet of things](https://reader031.vdocuments.us/reader031/viewer/2022022414/5878728e1a28ab497b8b6795/html5/thumbnails/4.jpg)
Problem #1
Too many devices:
Estimated 10 – 15 billion
IOT devices already
Only 4 billion IPV4
addresses, running out
IPV6 has enough
addresses
340 undecillion
addresses
![Page 5: Smart Nation, smart hacks and legal liability for cybersecurity breaches in the Internet of things](https://reader031.vdocuments.us/reader031/viewer/2022022414/5878728e1a28ab497b8b6795/html5/thumbnails/5.jpg)
Problem #2
Devices need to poll
(collect data, pass to
controller when polled)
All need their own
address
IPV6 has enough
addresses
340 undecillion
addresses
![Page 6: Smart Nation, smart hacks and legal liability for cybersecurity breaches in the Internet of things](https://reader031.vdocuments.us/reader031/viewer/2022022414/5878728e1a28ab497b8b6795/html5/thumbnails/6.jpg)
Problem #3
Devices need
connectivity and
reliability
Small devices = less
space for security
IPV6 supports
connectivity and
reliability
IPV6 has capability for
IPSEC, encryption,
integrity checking
![Page 7: Smart Nation, smart hacks and legal liability for cybersecurity breaches in the Internet of things](https://reader031.vdocuments.us/reader031/viewer/2022022414/5878728e1a28ab497b8b6795/html5/thumbnails/7.jpg)
IOT has risks
![Page 8: Smart Nation, smart hacks and legal liability for cybersecurity breaches in the Internet of things](https://reader031.vdocuments.us/reader031/viewer/2022022414/5878728e1a28ab497b8b6795/html5/thumbnails/8.jpg)
Rushing to market = security is not a priority
Manufacturers’ updates are also not a priority
![Page 9: Smart Nation, smart hacks and legal liability for cybersecurity breaches in the Internet of things](https://reader031.vdocuments.us/reader031/viewer/2022022414/5878728e1a28ab497b8b6795/html5/thumbnails/9.jpg)
What could go wrong
![Page 10: Smart Nation, smart hacks and legal liability for cybersecurity breaches in the Internet of things](https://reader031.vdocuments.us/reader031/viewer/2022022414/5878728e1a28ab497b8b6795/html5/thumbnails/10.jpg)
PDPC fined KBOX $50K
![Page 11: Smart Nation, smart hacks and legal liability for cybersecurity breaches in the Internet of things](https://reader031.vdocuments.us/reader031/viewer/2022022414/5878728e1a28ab497b8b6795/html5/thumbnails/11.jpg)
Sony paid US$8 m to settle
$2.5 million ($10,000 / pax ) for identity theft losses$2 million ($1,000 / pax ) reimbursing protective measures$3.5 million legal fees
![Page 12: Smart Nation, smart hacks and legal liability for cybersecurity breaches in the Internet of things](https://reader031.vdocuments.us/reader031/viewer/2022022414/5878728e1a28ab497b8b6795/html5/thumbnails/12.jpg)
Types of Legal Liability
Negligence Breach of
Personal Data
Protection Act
Breach of Official
Secrets Act
Breach of other
Regulations
Breach of
ContractBreach of
Directors Duties
to Company
![Page 13: Smart Nation, smart hacks and legal liability for cybersecurity breaches in the Internet of things](https://reader031.vdocuments.us/reader031/viewer/2022022414/5878728e1a28ab497b8b6795/html5/thumbnails/13.jpg)
Liability in Negligence
1. Duty of care2. Breach of duty3. Breach causes loss
Negligence Personal Data
Protection Act
Official Secrets
Act
Breach of other
Regulations
Breach of
Contract
Directors Duties
to Company
![Page 14: Smart Nation, smart hacks and legal liability for cybersecurity breaches in the Internet of things](https://reader031.vdocuments.us/reader031/viewer/2022022414/5878728e1a28ab497b8b6795/html5/thumbnails/14.jpg)
1. Duty of Care
Could your company foresee that customers / employees would be affected?
I suppose I
should care
![Page 15: Smart Nation, smart hacks and legal liability for cybersecurity breaches in the Internet of things](https://reader031.vdocuments.us/reader031/viewer/2022022414/5878728e1a28ab497b8b6795/html5/thumbnails/15.jpg)
2. Breach of Duty
Did your company do what any reasonable company would have done?
Your firewall isn’t
updated and your
password is ‘admin’
Who cares
![Page 16: Smart Nation, smart hacks and legal liability for cybersecurity breaches in the Internet of things](https://reader031.vdocuments.us/reader031/viewer/2022022414/5878728e1a28ab497b8b6795/html5/thumbnails/16.jpg)
3. Damage caused
Loss of identity = not much damage
My identity has been
stolen from your
database!
So what is it
worth?
![Page 17: Smart Nation, smart hacks and legal liability for cybersecurity breaches in the Internet of things](https://reader031.vdocuments.us/reader031/viewer/2022022414/5878728e1a28ab497b8b6795/html5/thumbnails/17.jpg)
3. Damage caused
Loss of money = more likely to be damage
They used the stolen
data to empty out my
bank account!
Oops
![Page 18: Smart Nation, smart hacks and legal liability for cybersecurity breaches in the Internet of things](https://reader031.vdocuments.us/reader031/viewer/2022022414/5878728e1a28ab497b8b6795/html5/thumbnails/18.jpg)
3. Damage caused
Physical Injury from an IOT hack = REALLY BAD DAMAGE
They caused my
smart car to crash,
and injured my eyes!
Oh no
![Page 19: Smart Nation, smart hacks and legal liability for cybersecurity breaches in the Internet of things](https://reader031.vdocuments.us/reader031/viewer/2022022414/5878728e1a28ab497b8b6795/html5/thumbnails/19.jpg)
Breach of PDPA
1. Reasonable security arrangements to protect personal data to prevent unauthorised access, collection etc
2. Fine up to $1 million
Negligence Personal Data
Protection Act
Official Secrets
Act
Breach of other
Regulations
Breach of
Contract
Directors Duties
to Company
![Page 20: Smart Nation, smart hacks and legal liability for cybersecurity breaches in the Internet of things](https://reader031.vdocuments.us/reader031/viewer/2022022414/5878728e1a28ab497b8b6795/html5/thumbnails/20.jpg)
PDPC fined KBOX $50K
“The practice of sending large volumes of members’ personal data via unencrypted email is a vulnerability and an example of how K Box had not sufficiently protected the members’ personal data.” – PDPC
![Page 21: Smart Nation, smart hacks and legal liability for cybersecurity breaches in the Internet of things](https://reader031.vdocuments.us/reader031/viewer/2022022414/5878728e1a28ab497b8b6795/html5/thumbnails/21.jpg)
Parents suing Mattel
“Defendants' inherently
dangerous product and
unlawful and negligent
collection, use, and
distribution of minors'
personal information”
Let’s meet at
the park at
midnight
![Page 22: Smart Nation, smart hacks and legal liability for cybersecurity breaches in the Internet of things](https://reader031.vdocuments.us/reader031/viewer/2022022414/5878728e1a28ab497b8b6795/html5/thumbnails/22.jpg)
Breach of OSA
S5(iv) If a person fails to take reasonable care of the information … that person shall be guilty of an offence
Negligence Personal Data
Protection Act
Official Secrets
Act
Breach of other
Regulations
Breach of
Contract
Directors Duties
to Company
![Page 23: Smart Nation, smart hacks and legal liability for cybersecurity breaches in the Internet of things](https://reader031.vdocuments.us/reader031/viewer/2022022414/5878728e1a28ab497b8b6795/html5/thumbnails/23.jpg)
Breach = offence
Fine of up to $2000 and prison up to 2 years
They took official
documents and data
from your server
Oh no
![Page 24: Smart Nation, smart hacks and legal liability for cybersecurity breaches in the Internet of things](https://reader031.vdocuments.us/reader031/viewer/2022022414/5878728e1a28ab497b8b6795/html5/thumbnails/24.jpg)
Breach of Regulations
Monetary Authority of Singapore Technology Risk Management Notice: A bank (etc) shall implement IT controls to protect customer information …
Negligence Personal Data
Protection Act
Official Secrets
Act
Breach of other
Regulations
Breach of
Contract
Directors Duties
to Company
![Page 25: Smart Nation, smart hacks and legal liability for cybersecurity breaches in the Internet of things](https://reader031.vdocuments.us/reader031/viewer/2022022414/5878728e1a28ab497b8b6795/html5/thumbnails/25.jpg)
Breach = fines
They took customer
data from your
banking server
Oh no
![Page 26: Smart Nation, smart hacks and legal liability for cybersecurity breaches in the Internet of things](https://reader031.vdocuments.us/reader031/viewer/2022022414/5878728e1a28ab497b8b6795/html5/thumbnails/26.jpg)
Breach of Contract
Express Contract: Service Level AgreementsImplied Contract: Sale of Goods Act
Negligence Personal Data
Protection Act
Official Secrets
Act
Breach of other
Regulations
Breach of
Contract
Directors Duties
to Company
![Page 27: Smart Nation, smart hacks and legal liability for cybersecurity breaches in the Internet of things](https://reader031.vdocuments.us/reader031/viewer/2022022414/5878728e1a28ab497b8b6795/html5/thumbnails/27.jpg)
Breach of Implied Contract
IOT Devices are products = Sale of Goods Act creates a contract between buyer and seller
Some pervert took over the
Smart Camera in our house
– it isn’t fit for purpose!
Oh no
![Page 28: Smart Nation, smart hacks and legal liability for cybersecurity breaches in the Internet of things](https://reader031.vdocuments.us/reader031/viewer/2022022414/5878728e1a28ab497b8b6795/html5/thumbnails/28.jpg)
Breach of Directors Duties
Directors owe a fiduciary duty to the company
Negligence Personal Data
Protection Act
Official Secrets
Act
Breach of other
Regulations
Breach of
Contract
Directors Duties
to Company
![Page 29: Smart Nation, smart hacks and legal liability for cybersecurity breaches in the Internet of things](https://reader031.vdocuments.us/reader031/viewer/2022022414/5878728e1a28ab497b8b6795/html5/thumbnails/29.jpg)
Breach of Directors Duties
Shareholders can sue the Directors
You haven’t been
taking care of our
company!
Oh no
![Page 30: Smart Nation, smart hacks and legal liability for cybersecurity breaches in the Internet of things](https://reader031.vdocuments.us/reader031/viewer/2022022414/5878728e1a28ab497b8b6795/html5/thumbnails/30.jpg)
What can we do?
![Page 31: Smart Nation, smart hacks and legal liability for cybersecurity breaches in the Internet of things](https://reader031.vdocuments.us/reader031/viewer/2022022414/5878728e1a28ab497b8b6795/html5/thumbnails/31.jpg)
31
Singapore Chapter
Workshops and training
Panel of Lawyers
Build awareness in your Board and Employees
Public Policy issue advocacy
Networking events
![Page 32: Smart Nation, smart hacks and legal liability for cybersecurity breaches in the Internet of things](https://reader031.vdocuments.us/reader031/viewer/2022022414/5878728e1a28ab497b8b6795/html5/thumbnails/32.jpg)
32
Singapore Chapter
Get Involved
Join the Singapore Chapter, or
Attend an Event
– Blockchain Seminar 2016
Ask a Lawyer at www.isoc.sg
This is your Internet.Join it!
![Page 33: Smart Nation, smart hacks and legal liability for cybersecurity breaches in the Internet of things](https://reader031.vdocuments.us/reader031/viewer/2022022414/5878728e1a28ab497b8b6795/html5/thumbnails/33.jpg)
Background Information
![Page 34: Smart Nation, smart hacks and legal liability for cybersecurity breaches in the Internet of things](https://reader031.vdocuments.us/reader031/viewer/2022022414/5878728e1a28ab497b8b6795/html5/thumbnails/34.jpg)
Centre of Excellence for National Security
Multinational team of research
specialists in national security
Working with National Security
Coordination Secretariat (NSCS) and
Cyber Security Agency (CSA)
![Page 35: Smart Nation, smart hacks and legal liability for cybersecurity breaches in the Internet of things](https://reader031.vdocuments.us/reader031/viewer/2022022414/5878728e1a28ab497b8b6795/html5/thumbnails/35.jpg)
CENS Research Programmes
Homeland Defence
Programme
Radicalisation
Studies Programme
Social Resilience
Programme
Cybersecurity
Programme
• Strategic
Communication
• Social Media
Analysis
• Radicalisation to of
individuals and
groups
• Criminology,
psychology,
sociology, history
and political science
• Multiculturalism,
citizenship, class,
immigration
• How globalised
societies cope with
crises such as
pandemics and
terrorist attacks.
• Cyber threats
• Cybercrime
• Smart Cities
• Confidence Building
Measures
• Controversies
(security vs privacy)
![Page 36: Smart Nation, smart hacks and legal liability for cybersecurity breaches in the Internet of things](https://reader031.vdocuments.us/reader031/viewer/2022022414/5878728e1a28ab497b8b6795/html5/thumbnails/36.jpg)
How CENS influences national policy
Publish Commentaries and Briefs
Educate National Security Officials
Organize workshops and seminars for
to create a community of practice in
public and private sectors
![Page 37: Smart Nation, smart hacks and legal liability for cybersecurity breaches in the Internet of things](https://reader031.vdocuments.us/reader031/viewer/2022022414/5878728e1a28ab497b8b6795/html5/thumbnails/37.jpg)
37
Singapore Chapter
Internet Society Mission
To promote the open development,
evolution, and use of the Internet for
the benefit of all people throughout
the world.
![Page 38: Smart Nation, smart hacks and legal liability for cybersecurity breaches in the Internet of things](https://reader031.vdocuments.us/reader031/viewer/2022022414/5878728e1a28ab497b8b6795/html5/thumbnails/38.jpg)
38
Singapore Chapter
Your Membership helps Change the World
Internet Society members achieve change through partnerships and technical expertise.
90+Chapters
Worldwide
Your membership to the Internet Society gives you a
powerful voice.
50000+Individual
Members
140+Organization
Members
![Page 39: Smart Nation, smart hacks and legal liability for cybersecurity breaches in the Internet of things](https://reader031.vdocuments.us/reader031/viewer/2022022414/5878728e1a28ab497b8b6795/html5/thumbnails/39.jpg)
39
Singapore Chapter
Public Consultation with MDA on changes to Licensing of Websites
Photo: © Stonehouse Photographic
www.internetsociety.org/wcit
![Page 40: Smart Nation, smart hacks and legal liability for cybersecurity breaches in the Internet of things](https://reader031.vdocuments.us/reader031/viewer/2022022414/5878728e1a28ab497b8b6795/html5/thumbnails/40.jpg)
40
Singapore Chapter
Lodging complaint against law firm representing Dallas Buyers Club in threatening users
Photo: © Stonehouse Photographic
www.internetsociety.org/wcit
![Page 41: Smart Nation, smart hacks and legal liability for cybersecurity breaches in the Internet of things](https://reader031.vdocuments.us/reader031/viewer/2022022414/5878728e1a28ab497b8b6795/html5/thumbnails/41.jpg)
41
Singapore Chapter
Seminars on Charlie Hebdo, Cybersecurity Skills Building, Election Blogging, IOT, and more
Photo: © Stonehouse Photographic
www.internetsociety.org/wcit
![Page 42: Smart Nation, smart hacks and legal liability for cybersecurity breaches in the Internet of things](https://reader031.vdocuments.us/reader031/viewer/2022022414/5878728e1a28ab497b8b6795/html5/thumbnails/42.jpg)
42
Singapore Chapter
World IPv6 Launch
www.WorldIPv6Launch.org