Alina Tan, Senior Cybersecurity Engineer at Singapore’s Land Transport Authority, discusses how she tests the resilience of autonomous
By Shirley Tay
“The Singapore government has placed its bets on self-driving technology,” Huang Shao Fei, the Land Transport Authority’s Chief Information Security Officer told GovInsider in 2017. The nation has dedicated more than 1,000km of public roads to the testing of self-driving vehicles, and aims to get autonomous buses onto public roads in three districts by the early 2020s.
But as the city-state accelerates its development of autonomous vehicles, safety and cybersecurity risks must be taken into account. Driverless cars rely on many connected systems and sensors – and a breach of any of those systems would allow hackers to take over key elements like steering or brakes.
Alina Tan, LTA’s Senior Cybersecurity Engineer, built the Connected and Autonomous vehicle lab to test the resilience of these vehicles. GovInsider spoke to her to find out how her work is shaping Singapore’s regulations on autonomous vehicles.
What sparked your interest in cybersecurity?
My fascination with computers sparked from my interest in playing computer games. I always had a curious mindset of finding out how things work by breaking stuff, and after taking one or two more modules on ethical hacking tools during my Polytechnic and University days, this actually sparked my interest in cybersecurity.
I’m interested in reverse engineering, which is applicable to what I’m doing, which is vehicle security. I have to reverse engineer a lot of vehicular components to see what’s the underlying vehicle architecture by looking at specifications and tearing everything apart.
What has been the most interesting project of your career?
Being able to utilise my engineering knowledge and passion to advance policies and provide regulatory directions has been one of the most interesting projects of my career. In order to do remote vehicle testing, my team and I built the connected and autonomous vehicle lab. We perform vehicle research and testing through these test benches to understand the underlying vehicle architecture before proceeding to test the resilience of the vehicles. The project is unique because we are doing everything in-house with all the nitty gritty details, from procurement to building of the vehicle test benches, and finally performing in-depth R&D projects on test benches.
What has been the biggest challenge of the past year? How did you tackle this?
Everything is a challenge, considering the advancements in technology – especially in dealing with connected and autonomous vehicles. My biggest challenge would be working with different stakeholders that is looking at a new piece of technology from different perspectives (Policies, Technology etc.) and we are starting from ground zero.
Thus, being able to translate all these technical details and explain all these difficulties to the boardroom is one of the biggest hurdles. I tackled the issue by building the connected and autonomous vehicle lab to understand the technical details and translate them into technical roadmaps and policies.
What do you look forward to most in your work?
Since I work on the automotive regulations, and the future deployment of autonomous vehicles, I definitely look forward to securing the future of Singapore’s roads, and contributing to the digitalisation of Singapore’s smart city.
As for the technical aspects of my work, I look forward to discovering new security findings, to help developers like vehicle manufacturers and of course LTA. For me, it’s always about contributing back to the company and to the community because you are actually making everybody’s vehicle safer. By sharing this information back to the developers, I get that sense of satisfaction, because you’re making the roads more secure.
I’m also looking forward to building new vehicle test benches during my work to experiment on different vehicles. Since there are so many vehicles, and I’m definitely interested in understanding the different architectures.
What or who inspires you most?
What inspires me the most is the motivation of knowing that I’m contributing to a bigger cause. Securing the transportation of Singapore always inspires me to do better, so that we can keep Singapore safe and secure.
There’s also this security researcher called Ken Munro whom I look up to. He’s a security researcher famous for testing on planes, ships, and vehicles. One day, I definitely hope to be like him, as it’s fascinating to work on planes and ships.
What are the three areas of cybersecurity you’re most interested in?
As an Electrical Electronics Engineering (EEE) graduate by training, naturally I am interested in both Automotive security and OT security as it helped me understood how the devices communicate and the underlying architecture of these control devices.
In order to secure these devices, I am a strong believer that I will need to “attack” these devices from an adversarial perspective. Hence, to tickle my curious mind, I am interested in offensive security which allows me to find out how programs work by breaking things (in a legal manner) and to help find vulnerabilities within the systems to provide Developers with valuable information to secure their applications.
What advice would you give to women looking to start a career in cybersecurity?
As cybersecurity is a relatively large field, it can always be daunting to look for a specific career path. There are many different aspects like threat intelligence, offensive security, forensics, vehicle security, and many others. My advice is to always look for mentors that can provide good guidance to path your career in cybersecurity. Having a curious mindset and not being afraid of failures is also very important. Doing vehicle security, you can get stuck for a couple of weeks because there are some things that we needed to test and it didn’t go through.
I would also advise women to join local cybersecurity community groups or associations within Singapore. Division Zero, for example, has a Women in Cyber chapter that focuses on technical, hands-on, and upcoming mentorship programs for women. There’s also the Singapore Computer Society and the Association of Information Security Professionals. I think it’s a good way to approach other women in this industry and improve both your technical and soft skills.