Jakarta’s tech infrastructure is attacked millions of times, with most attempting to steal government data on citizens and businesses, its Smart City Chief tells GovInsider.
“Last year, we had more than 22 million attacks coming from outside. They were mostly attacks for data collecting – around 40%,” Setiaji says. He reveals that Jakarta is “looking at blockchain to improve our services”, in particular to protect permits and registries managed by the government.
He discusses plans to use blockchain for land and citizen registries; priorities to secure sensors and APIs; and how it plans to work with the private sector.
There are three key blockchain-based registries the city is looking to explore. First, it wants to manage the registration of new vehicles and track maintenance and servicing. Next, it will use blockchain for land ownership certificates to cut down on disputes and duplicate certificates. “Sometimes the land has two certificates. So with this system, we will make sure the land belongs to this [one] person,” Setiaji says.
The third and most ambitious area it wants to explore is to manage digital identities. “Blockchain can also be used for single sign on”, he says, to access public services online. “We will improve our portal, so that people can use it not only for getting public service information, but also to get some certificates and permits.”
Sensors on critical infrastructure
Data is crucial to managing the city’s day-to-day running, and Setiaji wants to ensure that the information it receives is accurate and not tampered with. “We need to make sure the hardware, sensors give us the trusted information to us,” he says.
Jakarta relies on data from sensors on its infrastructure to monitor the quality of services, including on city-owned machinery and construction equipment; flood water levels; and public bus timings. “We need to explore which are the best applications or systems to manage IoT more securely,“ Setiaji says.
In general, hardware like sensors on infrastructure, are vulnerable to distributed denial of service (DDOS) attacks, he says, which could disrupt the city’s access to the data. A coordinated attack on different infrastructure could disrupt lives and cause chaos. “We need to manage our hardware to not be used by DDOS,” Setiaji says.
Preventing misuse of APIs
Another area that the city wants to strengthen are application programming interfaces (or APIs), which it uses to exchange data with startups. Jakarta’s partnership with tech startups has been a key pillar to its smart city vision, as it uses their data or sharing its own data with them to improve services.
It has shared public bus arrival data with transport and delivery app Go-Jek and citizen complaints app Qlue. Another app Qraved is helping the city register street food vendors and check the quality and safety of their food. “We provided the API for bus tracking to other applications, for the transportation applications. So we need to manage our APsI so they will not be stolen by other parties,” Setiaji says.
Jakarta wants to protect the data from misuse, he says. “If they stole the API, so they can use for monetising the data.” For instance, the smart city unit shares CCTV footage and locations hundreds of cameras from transport and public works departments. “We would want to make sure the information of the CCTV is right, and not used in illegal way,” Setiaji says. And it needs to prevent them from being used to attack its own systems. “We need to strengthen our API because when we open the data maybe they can use the API to attack internal systems.”
Proof of concept
The Jakarta Smart City Unit wants private sector companies to pitch their ideas and insights on how it can improve its cyber security, rather than wait for tender cycles. “We invite the private sector to give insights and ask them how to solve the problem from a security point of view – for example, in IoT,” he says.
It is keen to test ideas before it goes into the procurement process. “First, we do a proof of concept; then after we have some results from the POC, we compare the results from the POC, and we choose the technology and we procure this technology.” The city plans to “explore some new technologies for security and also the forecast for attacks”.
Even as hackers attempt to gain access to Jakarta’s systems, its leaders remain open to sharing their challenges and testing new ideas from elsewhere.
Images by Jakarta Smart City