OpenGov spent some time with Mr. Brandon Swafford, CTO, Data Protection and Insider Threat, Forcepoint. Mr Swafford shared on topics such as data sovereignty, dealing with data privacy and security, as well as insights to data protection and managing insider threats.
Could you tell us more about your role as CTO of Data Protection and Insider Threat at Forcepoint?
The CTO role is relevant to Forcepoint in a couple of ways. The company is broken up into several business units, one covers our core technologies business in cloud security, one covers our protection firewalls, one covers global governments and one is data protection and insider threat. I’m a CTO of a business unit that houses our DLP tools and insider threat tools, and I coordinate with the other CTOs as far in assuring that the technology choices that I make for my products don’t conflict with theirs. I work a lot in understanding customer requirements, understanding the trends of architecture and insider threat security issues as well as work with our partner groups.
Forcepoint leverages partners internationally, I work with them for training purposes, products and getting their requirements for their services. So my job is a lot of different things but right I’m really focused on maintaining our international presence and opening it up, essentially. Only recently did the products that I work with became available outside of the United States. Previously, our insider threat tools were restricted because of defence reasons. I came to Asia, Middle East and Australia primarily because it’s a whole new world and I have to make sure that people understand how insider threats are supposed to work and products that can ease it if possible.
What are your thoughts on data privacy and security, given your experiences both with the US government and in the private sector?
So those two things are very different, if we use the United States as an example, if you’re an employer in the US, you have a pretty broad access to people who work for you, in Asia, it’s different in respect to how they handle privacy. In the United States, honestly, if I were a business owner and I think about how much I know about my people, I have to ask myself the question, between myself, LinkedIn, Facebook and Google, who knows more? It’s probably not me. Google and Facebook probably know way more about my employees than I probably ever will, so the pervasivess of the social media concept makes the idea of privacy a lot more difficult to understand.
So the privacy laws in the United States are different and probably less mature than they are compared to the EU. The EU, if you think about data privacy, has a more mature process, things like GDPR are enforcing that a lot more harshly. And so when I think about data privacy, I think about how do I legally and ethically collect the data that I need to have good outcomes and not sacrifice security and at the same time, how do I think about processes that allow me to broad scope monitoring without violating a lot of these laws?
When you think about the competition between privacy and security, it’s going to continue forever. When you think about lots of mature organisations, there’s a lot of focus on maintaining good security and then after that fact they think about, “what happens to these people’s data?” And if you’re a company owner, maybe your source of income is data and so one of the problems right now –if you think about the income that Google and Amazon make, they’re making it off your personal data, they’re making it off through crafting shopping carts for you to buy, which is based on your buying habits.
So the data that they have on you is actually pretty valuable. My world is complicated, I think about things like how do I make sure I don’t collect their banking information, how do I make sure I don’t collect information of them talking to the doctor, those are real issues I have to contend with. Even though the United States has a different approach to privacy, there are still things we have to be concerned with.
It’s about balancing accessibility versus control.
Both public and private sectors are migrating their data to cloud or possess some kind of hybrid cloud system. What are some of the biggest challenges or concerns in determining data sovereignty?
In my previous line, I dealt with data sovereignty in respect to the legal community, so I did a lot of legal forensics investigation work where we had to be concerned with things like EU Safe Harbour so if you have a litigation that’s taking place for a US company but the data’s in Germany, you have to go to Germany to get the data, which can only reside there, so there’s a lot of onward transfer and data sovereignty issues – who really owns it?
And depending on the country, you can claim that any particular email is private, there’s a lot of variance, so data sovereignty is a really complicated problem. Every country handles it differently, so that’s one issue. The issue with the cloud really is that, the cloud is nothing magical, it’s just somebody else’s computer. The complexity, though, is that, since these systems are operating at a superlarge scale, and they want to have redundancy and availablity – companies like AWS and Google have to basically spread their data across huge sloths of data centres.
One of the problems we have to contend with is ensuring that. When you think your data’s going to reside in a particular country, that it’s maintained and there’s controls that ensure that when you say, “this data’s going to reside here then it does.” I think the cloud providers are being more and more diligent about ensuring those are available, so that part of this is the cloud providers responding, the other part about it is not just blindly signing up.
So companies if they truly want to comply with data sovereignty, then it’s really their responsibility to ensure when they sign up for these that it’s part of the conversation and that there’s meaningful controls both the providers are going to have and that the companies are going to provide. For instance, if I’m a big bank, it’s not just Microsoft’s, Amazon’s or Google’s job to satisfy those, it’s also me and how I deploy them, so that when I build these systems, I’m not building a situation where I have a region in EU that is set up to communicate and relies on a system in the United States to do its work.
It’s not AWS or Google’s job to make sure I set up correctly, it’s their job to agree to what they agree to so part of it is that companies need to be educated to build those systems and build them in a compliant manner.
What are the implications in the variances of regulatory frameworks across borders, especially when some cloud services may occur beyond national geographical boundaries?
The question becomes what regulatory framework do you use – some people say the source of the data is relevant and some say it is the destination of the data. So I think when you talk about data movement between countries, it’s an issue of…sometimes the laws are very clear and it says that once the data enters the country that its destination is, it’s owned by the country and the laws apply to it. Does that mean that the people who sourced it (data) give up that right or are forced to give up that right? How does that transfer of ownership really happen?
For example, when you think about some of the countries in Asia such as China, where things that happen in China, turns out not to be owned by them – once the data enters the country, sometimes it’s very difficult to leave, ownership is
retained by that destination country. That’s not something I have to contend with directly that often because most of what I do is in the United States and Europe. In Europe, it’s relatively clear and you have data custodians and the custodians of the data is typically the source country.
In your experience, how do you approach data protection and managing insider threats within organisations?
Insider threats come in 3 forms – the first form being malicious users, the ones that are truly intent on causing harm or interested in protecting themselves and hiding. The second form will be accidental insiders, people that make mistakes, click a button they don’t mean to and the outcome is the same. Maybe they accidentally sabotage systems – the outcome is roughly the same but the mindset is different. For instance if I open up Outlook and I send an email, type in addresses and it autocompletes when I don’t need it to, maybe to a company that I didn’t want the data to go to and I just click send. I mean, I think everyone has done that in some point of their lives and it’s an accident, then what happens?
So the question is, did I try to recall it? Did I tell the person to delete that email? How did I react to that? Did I even notice? And so understanding the mindset of the person and the reaction is critical to know the difference between accidental and malicious. That’s probably the hardest job that I have, it’s understanding the context and intent of the person.
And then the third category is called the compromised insider, which is a hybrid between cybersecurity and insider threat. What I mean by that is the way malware operates is malware implants on the machine, it compromises an account and then it starts to move laterally, exfiltrate data or accomplish its mission. Doing that via an account that is compromised and that is accountable to a person typically and it’s trying to deal with accesses the person has in his/her account.
So from an insider threat monitoring and analysis perspective, it still appears to be a person but the way you attack that problem is very different. And I think one of the ways to look at that is if you think about malicious and accidental people, they tend to operate in a human time concept versus a machine time. So human time is like minutes, hours, days, weeks. Machine time is seconds and milliseconds, these actions take place very quickly, move in a lot places all at once, things that are out of the ordinary for the typical user so understanding compromise is a different problem than the other two. Because the mindset is largely irrelevant.
Now things get really complex when you think about malicious users using malware to exfiltrate data – when you have a person using malware to do that job, it’s like inception, you have to think about, “Now, here’s an exfiltration activity that looks like malware but is that malware being implanted by someone in the company or captured via phishing email, or does it come through an attachment? You have to start asking and know how to react to it.
When it comes to behaviour, I think about three basic emotions for people – sad, angry and stressed. What’s important there is that sad people wants to hurt themselves which means for whatever reason they are upset, they are going to be less secure, I should worry about them being an accidental insider. They’re probably going to care less typically and also they maybe likely to depart the company. And then I have other concerns like angry people who want to hurt others which means now it’s a matter of malicious intent: “the company is hurting me and I want to hurt them back”, “I deserve that promotion, I didn’t get it, I’m going to take the data somewhere else”…that happens.
For stressed people, they want to escape, they want to stop whatever it is that’s causing the problem. So stressed people tend to make irrational decisions out of a goal of getting out of a locker –so if there’s too much work, maybe they do less work. If they’re stressed because their contract is going to end and they need to get their next contract, maybe they take the work they made from one company and give it to the next one to get a contract, they’re worried and stressed. Those are the key emotional indicators that tend to come up.
What is cloud security and what role does behaviour analytics play in the area of cloud security?
Behaviour analytics take on 2 forms in cloud – there’s machines and people. The cloud security behaviour analytics as far as people goes, it’s a lot of the same responses I gave you earlier, so there’s basically going to be use cases say about someone who tries to log in to the same account at 2 different places. People try to steal credentials and maybe limit their 2 factor authentication. When you talk about the cybersecurity side of cloud security, the reality of that world is, once you compromised a cloud service, they’re so big that now you have access to a huge swathe of people. Normally if you just compromise one company, you just get one company but if you compromise a cloud service provider or one of their applications, it’s a vast number of people and companies. So the reality is that those are very important targets for most malicious actors because the reward from compromising one is so high.
And the opportunity for them to capture across lots of different types of information, lots of different types of people, different types of companies having access to lots of different things, it’s really attractive. A lot of the behaviour analytics technologies are roughly the same because the destination isn’t quite as relevant – it doesn’t matter whether I am accessing data on the cloud, the only question really is can I have visibility and if there are some visibility problems in the cloud. So for instance, if I’m on my premise I can collect hacker captures, I can see the network traffic really granuarly on my own data centre, once I go to the cloud I lose visibility, I can’t see some of the more intimate network traffic that happens beween the different systems that I have.
There’s a little more risk because the visibility is different.
Public-Private Partnerships (PPPs) in education have the potential to enhance how education is provided, financed, and managed as well as offer easier access to the community.
A PPP system operates under the construct that market mechanisms, in conjunction with government inputs, are better for providing education. One of the rationales behind PPPs, which are supported by international organisations, development agencies and academics, is that competition between public and private education providers is a good way to improve the quality and efficiency of education.
PPP policy frameworks should therefore create real market dynamics in which education service providers continue to innovate and improve the quality of their services to attract learners, young and old, who are seen as benefit maximisers and well-informed consumers.
New Era of Partnerships, Building Talent Pipeline
“The structure and framework for any university to launch degree programmes can be fairly onerous, given the emphasis on quality assurance and relevance,” says Annie who is also a Professor Emeritus of Finance (Practice), Lee Kong Chian School of Business and Senior Advisor at the Business Families Institute in Singapore Management University (SMU).
However, academic-industry partnerships play a crucial role in building the future of students and facilitating the transition of young people from school to work. Students need to be exposed to a variety of jobs and workplaces to develop interest and discover where their studies and passion may lead.
Industry partnerships with different sectors offer a variety of experiences, such as simulated job interviews, career development activities, challenge-based learning projects, curriculum-aligned activities, and work-study programmes. In addition, internships have become a vital opportunity for candidates to distinguish themselves prior to full-time employment.
A PPP is mutually beneficial, allowing industry access to fresh talent and looking at the industry’s challenges from the perspective of future consumers or employees acknowledges Annie. In fact, the private sector has indicated to all institutions that they need future talent in the area of data analytics, so SMU has recently launched a track in data analytics hosted in both their business school and computer and info systems school so universities also benefit from the insights from the industry to stay relevant in our curricula.
With the help of data analytics tools, a company may take unstructured raw data and use this information to discover patterns, draw conclusions and turned into useful insights. Therefore, data analysis aids businesses in so many ways, including making educated judgments, developing a more successful marketing plan, enhancing the customer experience and streamlining processes.
Education is not only under the charge of the Ministry of Education but also needs the support of other ministries since future jobs and capacity building are expected of the Ministries of Trade and Industry, Finance, Maritime, Health and others. Partnering with the whole of government allows for students’ skillsets to be increased and all students become more relevant, valuable and workplace ready.
Prof Annie knows that no one has a monopoly on knowledge, and no one knows the exact skills which will be needed in the future. Thus, PPPs have the most value when it forms a part of “lifelong learning.”
The exciting thing about lifelong learning, Annie believes “…is that when you get your degree, you think you’re done, but you’re just getting started. Even as you gain experience and learn on the job, you’ll need to keep reinventing yourself and the skills needed to extend your runway will keep changing.”
Passion extends beyond degrees and ongoing learning is a crucial element to keep employees engaged That’s why higher education now permits a variety of pathways to marry passion with career aspirations and is no longer a paper chase, she explains.
Two good cases to illustrate the value of PPP in the context of SMU’s innovative programmes that Prof Annie is very proud of are the partnership approach in launching the International Trading track and the Maritime Business Operations track under the Finance and Operations majors in SMU’s business school.
In accordance with the creation of a strong Singaporean core, wholesale trade and maritime businesses have been focusing on both skillset development and attracting new talent supply to ensure a pipeline of sustainable human capital. So, the trading and maritime sectors do need to build a case for making the jobs in their sectors more appealing – particularly with the assistance of government grants and scholarships.
Companies can play a crucial role by showing how an organisation can provide a feeling of purpose with support and development opportunities available to make building a career in their organisations appealing and attractive to the candidate
A part of Annie’s challenge in the early days was to set up an International Trading Institute (ITI) where students could take for-credit classes under the business school and get a certificate of completion for the non-credit practice-oriented sessions, learning from practitioners in the evenings.
“My goal at SMU is to link external relevance to internal degree requirements while upholding the quality assurance requirements of the education system. Different industry partners help us with this mission to co-create and deliver the applied learning content with us.”
SMU is therefore a strategic asset for the country and both the tracks had, over the last decade, created a pool of more than 300 alumni who are knowledgeable about wholesale trading, largely in the commodities trading space and maritime operations. Now, there is available talent who are able to speak and work with more confidence up and down the trade value chain and contribute to Singapore’s relevance as a trade and maritime hub.
Another great example of PPP was manifested during the last three years of the COVID-19 crisis which saw a spate of job cuts and many experienced PMETs were laid off. Annie worked with her teams at ITI and BFI to design a nine-month Business and Digital Transformation programme which combined in-class training modules with a capstone project for candidates who are matched to SMEs to also deliver a project for these sponsoring companies. Candidates have a chance to learn and apply the knowledge and sponsoring companies also benefit from the capstone projects delivered. In addition, 70% to 90% of the programme fees are supported by SSG grants, while WSG grants provide funding support towards the candidates’ commensurate salaries.
All these partnerships were possible because a pool of companies is available and can be accessed to match the candidates as a result of SMU’s external network of trusted companies, which was strengthened by the BFI that Annie had set up 10 years ago with the support of SMU’s senior leadership. Many of Asia’s SMEs are family owned with different sets of challenges and aspirations other than the usual business issues. In addition, many of these business families have longer horizons and they are the ones that countries depend on to build businesses sustainably as they think beyond current generations.
Therefore, business families with an entrepreneurial spirit, not only make money but also contribute to changing the world through their businesses and other new ventures, including building social enterprises and philanthropic activities.
By addressing business family-specific issues such as succession, family governance, entrepreneurship and wealth management, BFI aims to strengthen the ecosystem of entrepreneurial business families and stakeholders in their creation of sustainable impact by leveraging SMU’s core competence as a thought leader. In turn, BFI has been a strong partner to the LKYGBPC. Many of LKYGBPC’s sponsors are family-owned businesses, such as Wilmar International and Frasers.
In addition, many of these family enterprises have footprints beyond Singapore and are always on the lookout for quality start-ups to invest in or be part of their accelerator programmes. Innovation is essential for a company to improve its operations, introduce new and enhanced products and services to the market, raise its efficiency, and most crucially, boost its profitability.
Annie feels that her journey in academia is more about building entrepreneurship and Technology, Talent and Trust (3Ts) are important drivers in helping companies in their transformation journeys. As such, public-private-people partnerships are even more relevant in today’s challenging and uncertain times to build back better and broader for everyone.
According to Annie, the road to digital and business transformation success is paved with courageous actions by caring and forward-looking leaders. The right leaders will build a firm sustainably and attract the right people, the right leaders will inspire and motivate the right people to learn, improve and grow.
“Developing people is my calling but learning to develop people is everyone’s responsibility. And because the world is bigger than yourself, you need to be big-hearted, purpose-oriented, and have an open mind to be successful on any path you choose,” Annie concludes.
The Second Minister for Trade and Industry, Tan See Leng, and the Republic of Korea (RoK) Minister for Trade, Dukgeun Ahn, have signed the Korea-Singapore Digital Partnership Agreement (KSDPA).
Under the agreement, the two sides will work to establish digital trade rules and norms to promote interoperability between digital systems. This will enable more seamless cross-border data flows and build a trusted and secure digital environment for businesses and consumers. A government press release wrote that KSDPA will also deepen bilateral cooperation in new emerging areas such as personal data protection, e-payments, artificial intelligence, and source code protection.
The Ministers also signed a memorandum of understanding (MoU) on Implementing the Korea-Singapore Digital Economy Dialogue, which will act as a platform to promote digital economy collaboration between industry players and academic experts from both sides. The MoU is part of bilateral efforts to develop cooperative projects to implement the KSDPA. Key features of the KSDPA include:
Facilitating end-to-end digital trade
Electronic Payments (e-payments): The two sides will adopt transparent and facilitative rules (e.g. encouraging open Application Programming Interfaces (APIs)) to promote secure cross-border e-payments.
Paperless Trading: Singapore and RoK will accept electronic versions of trade administration documents to support the digitalisation and seamless exchange of key commercial documents.
Open Government Data: Both countries will ensure that government data will be publicly available in a machine-readable and open format, with easy-to-use and freely available APIs.
Enabling trusted data flows
Cross-border Data Flows (including for financial services): Businesses in Singapore and RoK will be allowed to transfer information, including those which are generated or held by financial institutions, across borders if the requisite regulations are met and with adequate personal data protection safeguards in place.
Prohibiting Data Localisation: The two nations will establish rules against data localisation requirements so that businesses can choose where their data is stored and processed, and their cloud technology of choice.
Facilitate trust in digital systems and participation in the Digital Economy
Artificial Intelligence (AI): The countries will promote the adoption of AI governance and ethical frameworks that support the trusted, safe, and responsible use of AI-based technologies.
Cryptography: Neither country will require the transfer of or access to private keys and related technologies, as a condition of market access.
Source Code Protection: To ensure software developers can trust the market within which they operate and ensure that source code is protected, neither country will require the transfer of, or access to, source code as a condition of market access. This includes the algorithm expressed in the source code.
Online Consumer Protection: The two sides will adopt laws that guard against fraudulent or deceptive conduct that causes harm to consumers engaged in online commercial activities.
Small and Medium Enterprises Cooperation: Singapore and RoK will promote jobs and growth for SMEs. They will also encourage their participation in platforms that help link them with international suppliers, buyers, and other potential business partners.
Digital Identities: The countries will promote interoperability of digital identity regimes, which can lead to reliable identity verification and the faster processing of applications. This will enable businesses and consumers to navigate the digital economy with ease and security.
A digital government operates in a manner that is digital by design, focusing on the requirements of users and maximising data. Fundamentally altering the way the Australian government operates now, it offers enhanced social, policy and economic outcomes.
The Digital Transformation Agency (DTA) of Australia believes that a digital government better prioritises the requirements of individuals and businesses. It entails investing in cutting-edge technology to deliver a personalised experience that is stable, safe and dependable and ultimately anticipates the demands of each user.
Australia’s Resilience and Growth Rely on Digital Government
“We cannot underestimate the impact of programmes and concepts such as ‘Tell us Once’ – not requiring customers to continue to re-tell their story as they access government services,” Lucy emphasises.
They are beginning to see both this de-duplication in service delivery and a side effect of more efficient investment through what they have dubbed the “Australian Government Architecture” (AGA).
The AGA is a vision to reduce the time agencies need to navigate the complexities of government in building digital and ICT-enabled solutions. It is designed to be a catalogue of applicable policies and standards combined with an index of repeatable patterns and capabilities for re-use.
Because of the increased speed-to-market, the Government can respond to priority needs using modern, best-of-breed approaches gaining “overall efficiency in how we digitally connect government services”.
“Silos of excellence” are a significant challenge. While Australia has some policies in place to reduce investment in duplicated capability, this is a difficult barrier. While some core functions of a platform may be the same, the needs of the service that uses that platform may be very different. “It’s always a struggle to strike a good balance.”
Unfortunately, when it comes to transforming government services, there are often legacy, disconnected systems that must be addressed and eventually decommissioned. This requires time, effort, and, most importantly, commitment. When compared to the release of a new system, it is more difficult to create a good-news story about turning off a system.
“Our people are at the heart of so much of what we do in the Public Service. This heart is often the dedication that the government requires of people who are passionate about serving citizens and businesses,” Lucy acknowledges.
The money available to the public sector, particularly in the digital streams of work, can make it difficult to compete with the private sector. This means that their best and brightest often leave for greater returns and better opportunities. “Our big challenge will be crafting our employee value proposition – across the Australian Public Service and all agencies.”
One of the most important technological advancements ever made, digital identification has enormous advantages for businesses, consumers, and governments. Australia is a pioneering nation in the field of digital identity. The Trusted Digital Identity Framework that supports the Australian Government Digital Identity System isn’t simply based on industry best practices from throughout the world; it’s also regarded as best practices in many other nations.
Underscoring her belief in the Trusted Digital Identity Framework (TDIF), Lucy says, “At the DTA, we’ve been building policy for Digital Identity – the Trusted Digital Identity Framework (TDIF) – for several years.”
The DTA is responsible for the Whole-of-Government Digital and ICT Investment Oversight Framework – a six-stage, end-to-end framework that provides Government Agencies with direction for managing their digital and ICT investments across the full project lifecycle. Government Departments and Agencies are obligated to consult with the DTA on all digital and ICT investment plans throughout the framework’s numerous stages, per the Framework.
Moreover, the TDIF serves as the guiding principle for the Australian Government Digital Identity System. It is based on worldwide and industry best practices and standards and it establishes strict guidelines for privacy, security, transparency and trust.
The TDIF is regarded as a world-leading accreditation framework for digital identity providers. It has supported the implementation of best-practice digital identity policies in Australia’s government and corporate sectors.
The TDIF has evolved and continues to adapt in response to changes in the service delivery landscape and consumer expectations as digital identification technology quickly evolves. It has gone through four major revisions, with a fifth now in the works.
In addition to incorporating accrediting programme findings, the next version (release 5) aims to prepare the TDIF for the future of digital identity as verifiable credentials and digital wallets become more popular and technology continues to grow at a rapid pace.
More than 9 million Australians, on the other hand, have decided to create a Digital Identity (using myGovID to build a Basic, Standard, or Strong identity) to access over 125 government services online, with 26 services supplied by states and territories. Over the past year, 1.3 million people used their Digital Identity more than once while 12,000 people have used their Digital Identity more than 65 times.
“We also have more than 1.4 million businesses that use Digital Identity to access business services, like our tax agency. This makes it easier for them to do business by reducing the amount of paperwork they have to do,” Lucy reveals.
Identification fraud can be reduced using a digital identity. In Australia, Digital Identity is predicted to save the economy AU$3 billion per year from identity theft and online fraud. The Australian Government Digital Identity System also provides extra privacy and security safeguards, such as no central database where papers are held, the inability to trace or sell a person’s behaviour, and all information being securely encrypted.
On the surface, this looks to be a simple issue. But, a response must include service standards, service design, accountability systems, collaborative service delivery with other jurisdictions, feedback mechanisms, open data and open government.
The design of performance metrics to monitor end-user experience begins with the service design. That is, gathering baseline data, investigating what data is accessible and, most crucially, finding the questions that yield performance data to enable continual improvement.
Monitoring the performance of a service or product is frequently done through a lens other than digital. The annual Report on Government Services (RoGS), for example, provides an annual study of government services in terms of equity, efficiency, and effectiveness.
The RoGs must incorporate state and territory government services as well as those of the Australian Government because other similar service experiences can influence user satisfaction ratings.
All government services must pause and assess how well they are satisfying the requirements of their users. myGov, the largest platform for providing government services to citizens, is currently subject to an independent user audit. The audit’s recommendations are expected to have significant implications for government service delivery across the board.
The Australian Public Sector (APS), like many other organisations and institutions around the world, is reorienting and evolving to embrace digital transformation and harness the power of data. “Realising that these are critical to our ability to continue to effectively serve the interests of Australia and the Australian people in a world defined by increasing speed and complexity,” says Lucy.
She agrees that it’s hard to keep the momentum and focus needed for long-term digital transformation with all the other priorities and crises that the public sector has to deal with at the same time. A key part of this is recognising and emphasising the link between digital transformation and trust and satisfaction in government on the part of citizens.
Even though the pandemic forced people to rely on their governments more, the overall trend is obvious. Against this backdrop, the Australian Government has made it a top priority and a requirement for the APS to do its job to win back the trust of the people.
“In the DTA, we make it clear how the ongoing digital transformation and the whole-of-government reform agenda are linked and depend on each other,” Lucy asserts.
The agency continues to stress the importance of services that focus on people and are easy to use. They are also building strategies that support the transformation that is sustainable, efficient, and centred on people. She points out that Australians who are happy with government services are twice as likely to trust their government.
Paving the Way for the Future of Digital Transformation
Australia is experiencing the effects of the rapid rate at which the digital world is evolving. Its APS Reform, which has a 2030 perspective, provides the government with a clear vision for the transformation of the public sector. The main objective of this agenda is to revolutionise how digital is done by making the APS more effective and efficient.
Ensuring that people and businesses are at the centre of policy and services is a core tenet of APS Reform. To ensure that transformation meets and surpasses user expectations, early and meaningful interaction and co-design are given a lot of attention in the digital space.
Trust is an issue for governments everywhere and is closely related to citizen expectations. In Australia, as in many other nations, public trust in the government had been dwindling before the outbreak. Although COVID had a brief uptick, regaining the public’s trust remains a major problem facing the government and its institutions.
To ensure that the government puts its constituents at its centre, the digitisation of government is key to the endeavour to reestablish confidence. The Independent Review of the APS in 2019 recognised this priority, and the nation is already moving in the right direction.
The key will be to define who is responsible for delivering initiatives and to raise the transparency of the progress by publicising how well key metrics are performing. However, confidence is not just dependent on how well-run and open the government’s operations are. It includes safeguarding data as well.
Criminal and state-based actors are rapidly developing their offensive capabilities, which is causing the cyber threat landscape to change all the time. These more sophisticated cyber-attacks are aimed against Australia.
A big compromise of Australian Government networks is a matter of “when,” not “if,” without massive reorganisation and cyber upgrading. “In light of this, we are hardening the government’s own IT, through a centralised model of cyber security services, called Cyber Hubs. We’re currently testing the feasibility of the Cyber Hubs model through a pilot. So far the pilot has shown the centralisation of the provision of services can help improve cyber security,” Lucy explains.
The government and institutions have vast amounts of information about Australians. This data is the fuel that drives the progress of artificial intelligence. Over the next 5 to 10 years, there is a chance to harness this data and use AI to innovate and improve public service delivery, resulting in better efficiency and transformation. But AI’s use of this data comes with risks and challenges for everyone, including the public sector. These risks and challenges need to be handled morally and responsibly.
Quantum computing is still in its infancy, but its application could represent the next step in the digital revolution of service delivery. AI is only as good as the data it’s trained on. Large datasets are currently being used by governments and institutions to train AI models and make them more useful.
However, when these datasets become scarce, governments and industries will be forced to find new ways to improve AI programmes. Quantum computing is one such method. Quantum computing refers to a class of supercomputers based on quantum mechanics.
To process information, these quantum computers employ the laws of quantum mechanics. That is, they can detect patterns in data that are nearly impossible to detect using traditional computers. They are substantially different from today’s computers in this regard.
Lucy believes if these powerful AI capabilities are utilised responsibly and data is saved and maintained safely, confidence and trust in government and institutions will grow. “More will need to be done in the next 5 to 10 years to integrate human values like transparency and fairness with AI’s goals of efficiency.”
Lucy is optimistic about the future and the role the DTA will play in guiding the government on developments in digital and ICT. She sees great potential for the agency to act as a government advisory body for its tech-enabled initiatives going forward as well as to serve the country in its digital ambitions. In summary, that is what she believes the agency exists for – to aid the public sector to offer the best citizen experience possible and help the nation thrive.
Information and communication technology (ICT) is used in a smart city to improve government efficiency, public engagement and the standard of living for its residents.
Advanced technologies and data analytics are at the heart of the concept of a “smart city,” whose primary goals are the enhancement of city services, the promotion of economic growth, and the betterment of residents’ quality of life.
The recent pandemic and other critical events have forced the citizens of the Philippines, as it has in other countries, to rely on their government for a wide range of services to be offered innovatively.
Agencies moved rapidly to digitalise services and set standards for data storage, security and workflow. Central and local governments have implemented a wide range of ICT strategies to lessen the impact of these catastrophes.
For instance, Makati City, the business capital of the Philippines, launched the Makatizen Card and the Makatizen App to offer financial help and services, such as online legal assistance, teleconsultations, and online learning, to its residents.
Challenges Turn Inspiration: Embarking on Smart City Projects
“We will be able to increase our revenue and service efficiency through innovation,” Charles asserts, citing the recently launched “MakaTurismo” website to underscore his point, which was made to help the local tourism sector.
The website is Metro Manila’s first travel website focused on attracting tourists into a post-pandemic environment. Apart from the lifestyle centres, eateries, and hotels, the City of Makati is home to numerous undiscovered treasures, such as special historical sites.
Since it includes details about the city’s tourist attractions, lodging options and free walking tours, the project could significantly assist businesses in attracting clients and customers.
While discussions of digital transformation typically centre on improvements to remote working capabilities, Makati City has instead begun investing in infrastructure upgrades. As a result, they are modernising their server infrastructure by switching from a physical to a software-defined network (SDN) and merging various data centres.
Charles noted that Makati City is concerned with project implementation and database consolidation. In addition, they integrate analytics into all projects and increase automation to improve their functional services.
Makati City opened the Makatizen Hub in 2021, to further assist its citizens in their transactions during the ongoing pandemic. The local government has set up satellite offices so that everything can be done online.
Charles emphasises that, as they integrate technology in a variety of ways, they are centralising a strategic approach to planning and managing the direction of the city government’s use of technology.
To accommodate its diverse population, Makati provides a wide range of publicly available services. In addition, there are services designed exclusively for residents, catering to their unique requirements based on factors such as age, health, education and overall satisfaction with life.
The city has been able to successfully manage these programmes, but officials are always looking for ways to improve efficiency. This is made possible in large part by technological advancements. As the population of Makati expands, so do the city’s needs and the hopes and dreams of its residents.
The responsibility of the administration lies in anticipating the wants and needs of the people. By bolstering them with cutting-edge tech, agencies can reimagine service delivery and foresee what people will need in the future.
As an example of a programme designed for the future but implemented today, the Makatizen Card is a useful tool. The Makatizen Card is an innovative programme that provides residents of Makati with access to a variety of new social, informational, identifying and financial services.
For more than half a million people living in Makati, this single government-issued ID card unifies access to a wide range of economic and social services.
Charles is one of the authors of IT Security – the Security 3.0 book, published by Mithra Publishing in London. It discusses the infrastructure framework’s fundamentals that underpin the city’s primary data centre and the local government information system that has recently undergone upgrades.
“The data centre’s IT capabilities can only be improved through upgrades. By upgrading ageing or inefficient IT assets, they improve reliability, performance, efficiency, cost, security, and uptime -which resulted in serving the public efficiently,” Charles explains, further elaborating on the steps taken by the municipal government to improve flood and earthquake early warning systems.
Makati was named the first-ever Resilience Hub in the Philippines and the Southeast Asian Region by the United Nations Office for Disaster Risk Reduction (UNDRR) in the third quarter of this year.
According to the UNDRR, a resilience hub is a city, municipality, or local authority with the political will and expertise to take action to reduce vulnerability to disasters and climate change. With the help of the Making Cities Resilient Campaign (MCR), which Makati joined in 2010, the city has successfully integrated disaster risk reduction into all its strategic plans and programmes. The region’s cities have joined several international networks to learn from and implement its DRR best practices.
Additionally, in collaboration with the Department of Trade and Industry – Board of Investments (DTI-BOI), Digital Pilipinas officially launched its Innovative Cities initiative to technologically advance one city at a time. It does this by bringing together local government agencies, academic institutions and the private sector to establish numerous centres of excellence.
In association with the Resiliency Innovation Sustainability & Entrepreneurship (RISE) Certification Programme, the City of Makati was selected as the programme’s pilot location. With a focus on making the Philippines relevant in digitalisation and Web 3.0 conversation, the Innovative Cities initiative seeks to increase the Philippines’ innovation and technology quotient to support local economies and expand their industries.
The city’s digital transformation journey in local government has been completed at minimal or no cost. Public-private partnerships (PPPs) have been used to implement larger-scale projects and some solutions have been provided for free in exchange for Makati serving as a model for the adoption of these technologies by other LGUs and institutions. Even when the COVID-19 pandemic broke out in 2020, Makati was still able to serve its citizens efficiently without endangering their health.
A true and effective digitalisation strategy entails a fundamental rethinking of the traditional organisational structures of industrial activities and business models to make them significantly better.
With the help of Makati Mayor Abby Binay, who is very encouraging of digital transformation, these initiatives were able to come to fruition. Charles believes that the use of technology and innovations is merely a tool to accomplish this goal, so it’s critical to pick the approaches that can most effectively help an application achieve its objectives.
“Digital transformation is, at its core, a mindset. It is a long-term, ongoing journey rather than a single undertaking or endpoint. As the business changes and appropriate technologies become available, iteration is necessary.”
The Ministry of Electronics and Information Technology (MietY) is deliberating on various aspects of digital personal data and its protection and has formulated a draft bill titled ‘The Digital Personal Data Protection Bill 2022’. The Ministry has invited feedback from the public on the draft Bill. The submissions will not be disclosed and held in a fiduciary capacity, to enable people submitting feedback to provide the same freely. The government has said no public disclosure of the submissions will be made.
According to a press release, the purpose of the draft Bill is to provide for the processing of digital personal data in a manner that recognises both the right of individuals to protect their personal data and the need to process personal data for lawful purposes and matters connected therewith or incidental thereto. The draft Bill employs plain and simple language to facilitate ease of understanding and is available on the Ministry’s website along with an explanatory note that provides a brief overview of its provisions.
There are presently over 760 million active Internet users and over the next coming years, this is expected to touch 1.2 billion. There is an increasing need to regulate content and data collection on the Internet.
The Digital Personal Data Protection Bill frames out the rights and duties of the citizen (Digital Nagrik) on one hand and the obligations to use collected data lawfully of the Data Fiduciary on the other. The bill is based on seven principles around the Data Economy.
The first principle is that usage of personal data by organisations must be done in a manner that is lawful, fair, and transparent. The second principle of purpose limitation is that the personal data is used for the purposes for which it was collected.
The third principle of data minimisation is that only those items of personal data required for attaining a specific purpose must be collected. The fourth principle of the accuracy of personal data is that a reasonable effort must be made to ensure that the personal data of the individual is accurate and kept up to date. The fifth principle of storage limitation is that personal data is not stored perpetually by default. The storage should be limited to such duration as is necessary for the stated purpose for which personal data was collected.
The sixth principle is that reasonable safeguards are taken to ensure that there is no unauthorised collection or processing of personal data. This is intended to prevent a personal data breach. The seventh principle is that the person who decides the purpose and means of the processing of personal data should be accountable for such processing.
The Bill will establish a comprehensive legal framework governing digital personal data protection in the country. The Bill provides for the processing of digital personal data in a manner that recognises the right of individuals to protect their personal data, societal rights, and the need to process personal data for lawful purposes.
Thailand’s digital economy has expanded tremendously in recent years and is poised for additional growth. In line with this, the Thailand 4.0 strategy seeks to turn the nation into Southeast Asia’s innovation and knowledge-based digital centre.
The country is well on its way. The European Centre for Digital Competitiveness classified Thailand as the second most digitally competitive country in 2020, attributing its success to expanding its ecosystem and the region’s shifting perspective toward recognition.
Despite the considerable growth potential for Thailand’s digital economy, the country faces several obstacles to reaching its full potential. These include a digital talent shortage and a delay in the adoption of digital solutions by small and medium organisations.
Both the public and private sectors are eager to learn about successful digital transformation methods as they recognise such insights are critical for businesses to survive and grow in the current digital landscape.
Fostering Digital Transformation and Competitiveness in Thailand
Dr Kasititorn shares that the country has achieved its national target in the Thailand Digital Economy and Society Development Plan, which is in line with Thailand’s 20-Year Strategy. To fully integrate digital technology into every aspect of business in Thailand, they have been working on this plan since 2018.
This national plan is comprised of 4 phases 1) digital foundation 2) digital inclusion 3) full digital transformation and 4) global digital leadership.
“We are off to a solid start as our first two phases have been successfully implemented and influencing Thai’s economy are currently in the third phase.”
Even a cursory observation shows that there is a high level of digital awareness among Thai people, while analysed data reveals more.
As per a survey by the National Statistical Office of Thailand, 93.8% of the country’s population use mobile phones and 68.1% take advantage of mobile banking in 2021, giving Thailand the top spot in the world. In addition, 86.3% use the internet and 87.7% have access to the internet at home.
Dr Kasititorn emphasises that Thailand is very well equipped for the impending transformation that it will experience soon. “To bolster the depa’s efforts through the Digital Economy Promotion Master Plan, we have been supporting the use of digital technology in diverse sectors, starting with agriculture, manufacturing and services and moving on to communities to progress towards Thailand 4.0.”
As of today, most industries have already surpassed a 2.0 digital density index, with the service sectors like finance and tourism leading the way.
To cater to the demand side of the digital economy, the depa also promotes the supply side, including digital entrepreneurs and suppliers. As a digital workforce is essential for effectively transforming the nation, the depa has been working with various groups of individuals for training, retraining and upskilling.
“We aspire that Thailand achieves digital transformation on a national scale with all sectors and all groups of people embracing digital technologies,” says Dr Kasititorn.
They intend to accomplish this goal by first, getting all sectors, particularly SMEs, ready for digital transformation. The industry must recognise the power of digital technology that could support the expansion of their businesses. This strategy makes use of mechanisms like awareness-raising, capacity-building, business matching and finance in the form of incentive vouchers for matching money.
Second, increasing the capacity and standards of digital service providers. Without dependable digital services, indigenous industries would not be able to achieve digital integration. The depa strives to increase the capacity and level of service offered by digital service providers.
The standardisation voucher, startup fund, RDI fund, and other similar funds are all tools used to assist digital service providers. To ensure that the sector has enough talent to fuel the development of product and service innovation, the digital industry can also be promoted through the development of its human resources.
Third, Building a digital ecosystem in Thailand. Thailand Digital Valley (TDV) aims to build Thailand’s digital ecosystem and prepare Thailand to serve as an ASEAN Digital Hub.
TDV will stimulate investments from top-tier technology corporations and startups while promoting the growth of digital services and technologies. TDV will also support the development of Thai entrepreneurs and digital service providers’ competitiveness and competence so that they can compete on a global scale.
When asked if digital transformation needs a cultural paradigm shift, Dr Kasititorn concurs. She is convinced that such a shift results from the necessity to alter the entire system. For entrepreneurs to transition from the analogue era to the digital one, they must adopt a new and distinct style of thinking.
A great example of the need for a perspective is the agricultural sector. According to the study findings of the depa’s Digital Density Index Series 2021, the concentration of digital technology adoption in agriculture (ranging from 1.0 to 4.0) is still around 2.0 at every step of production.
Most farmers who do not use digital technologies are inexperienced small farmers with limited resources. Given that Thailand is primarily an agricultural country, the sector may need to undergo the greatest change.
It must transition from the traditional labour-intensive one to the technology-intensive one. For instance, using drones, robots, sensors, big data and artificial intelligence for farm operation and supply chain management.
For the agriculture sector to be digitalised, there will need to be a paradigm shift in mindset, significant investment in training new generations of farmers and substantial initial expenditure.
Most Thai manufacturing companies already understand that they must embrace digital transformation if they are to survive and grow in the new era of production. As manufacturing involves a significant amount of business and technological expertise as well as long-term investment commitment, businesses are cautiously and slowly transitioning to the digital era.
To support this, it will be necessary to leverage technologies like ERP, IoT, Big Data, AI, Advanced Robotics, AR/VR, and 3D printing for a variety of purposes, including cost-cutting, boosting productivity and operational efficiency, managing supply chains and developing new goods and services.
Finally, when it comes to the service sector, Thailand’s tertiary companies have made significant progress in their digital transformation efforts. Tourism and allied businesses, transportation and logistics and finance and banking are the main industries that have excelled in the digital revolution.
The tourism sector has undergone a significant digital revolution, as most tourists now buy goods and services online. Thailand has gradually digitised its transportation and logistics systems, which has had a multiplicative impact on the effectiveness and productivity of other economic sectors. Sectors like health and education that are undergoing constant digital transformation come after these top performers. As across the globe, Thai banks and other financial institutions have long since gone digital, ensuring almost all offerings and services can be availed offline.
The third phase of the Digital Thailand programme, which aims to fully integrate digital technology into every sector, is now underway in Thailand, according to Dr Kasititorn. “We have done quite well in terms of basic telecommunications infrastructure with numerous wired and wireless networks nationwide to provide services at a relatively affordable rate with exceptions on the very remote area.”
At this point, Thailand’s challenge is to make sure that these networks are utilised to their full potential. In the agricultural, industrial, and service sectors – which employ practically all the labour force in the nation – they are attempting to speed up the transformation.
During the post-pandemic period, the industrial sector showed signs of improvement while sharing a 2.0 digital adoption rate. The service SMEs that are still falling behind will require more attention, even though the service industries may have been performing relatively well in the digital transformation.
To encourage stakeholders across all industries to go outside of their comfort zones and begin their digital transformation processes, it is still of utmost importance to inform them about the potential that comes with digital technology and innovation.
“We do this with various kinds of support from financial incentives such as tax reduction, exemption, grant funding, and matching funds to non-financial measures such as capacity building, networking, business matching and technical support,” Dr Kasititorn asserts.
Increasing Thailand’s Digital Transformation for Future Landscape
According to Dr Kasititorn, digital transformation is the process of inducing and designing changes that are required to disrupt present processes or practise – at the organisational, industry, or national levels – and is supported by digital innovation. It is necessary to take a comprehensive strategy for transformation, and technology is only one component of what must be done.
At the national level, it frequently entails changes in the thinking of all players involved, notably leaders, as well as laws and rules governing how the country and government operate. In terms of technology, one must recognise that digital is not just an enabler but also a disruptor, necessitating a new way of thinking and planning.
“To drive Digital Transformation in Thailand to make big changes, we should not be only technology users but also be able to build the capacity to create and generate digital innovation along the way. With this, we need to build human capital in both qualitative and quantitative terms,” Dr Kasititorn says emphatically.
She has been involved in at least five national ICT policies during his nearly 20 years of research. The latest and current one is the 20-year Thailand Digital Economy and Society Development Plan, driving towards Digital Thailand. She believes that all her research contributes somewhat to the policy-making process and categorises his research into two different groups.
The first group is the research conducted with the drafting of ICT policy or plans as the objective from the outset.
The second group of research is to conduct research on specific issues ranging from research on the current and future situation of the ICT industry and markets to an international trade negotiation affecting the ICT and digital industry. “Normally, we provide policy recommendations which translated into internal policy or strategy preparation. We are not typically part of the negotiation process, though.”
As a part-time lecturer, Dr Kasititorn teaches courses on either ICT public policy or the socioeconomic implications of technology. “I frame my course in such a way that I will use my practitioner’s experience working in the policy arena to extend the student’s breadth of thinking, rather than theory.”
In this approach, she hopes that learners would grasp Thailand’s digital ecology and terrain, as well as the rapid changes that occur. She wants people to deeply comprehend the socioeconomic progress that digital technology has driven or influenced. “However, I intend to demonstrate how society can determine the path of technology, as well as the interplay between many elements and stakeholders. I like to bring global and national phenomena into the classroom to spark discussion.”
By 2027, most Thais should have inexpensive access to wired and wireless (4G/ 5G service networks), as stipulated by the 2nd Digital Economy Promotion Master Plan (2023–2027), led by the depa, and possess a suitable level of digital literacy. With almost 100,000 digital-based businesses, Thailand’s real-world industries are expected to reach the 3.0–4.0 stage of digital adoption.
The foundation of practical applications that result in long-term socioeconomic effects will be digital technologies such as 5G, IoT, Big Data, AI, Robotics, Blockchain, AR/VR. Robots and AI, for instance, will replace labour-intensive industries like agriculture, manufacturing, and even the service sector, increasing productivity and revenue.
“As a result, we anticipate integrating digital technology and innovation across all sectors – agriculture, manufacturing, and services – to boost the GDP of the nation,” Dr Kasititorn explains.
Included in the 5-year term, the 2nd Digital Economy Promotion Master Plan (2023 – 2027) has been developed to focus on 4 strategies.
- Reskill, upskill, and fill a digital talent pool to create 500,000 digital workers for the digital economy and society;
- Transform the traditional economy into a high-value digital economy, with targets of 100,000 digital-based firms and all actual sectors, including local communities, reaching a Digital Density Index level of 3.0;
- Create new opportunities and inclusive economic development, with one city ranking among the top ten livable smart cities in the world and around 95% of people having digital access and literacy; and
- Optimise the usage of digital infrastructure with the goal of establishing two new significant digital infrastructure projects to build up deep-tech capability and attract three global technology companies to invest in Thailand.
Dr Kasititorn added that to ensure long-term growth, they are constructing a digital ecosystem with the necessary infrastructure. Thailand Digital Valley (TDV), a 12-acre digital innovation centre located in Thailand’s Eastern Economic Corridor (EEC), has been built for this aim.
The TDV consists of five cutting-edge buildings equipped with the necessary infrastructure, innovation labs, and a digital ecosystem for world-leading technology firms and Thai digital startups to coexist, fostering the kind of synergy that will aid in the development of new digital products and services that to be sold in both domestic and global markets.
Investors in this special economic zone are also entitled to tax and non-tax benefits such as up to 13 years of exemption from the company and personal income tax, flat-rate personal income tax, and Smart VISA privileges.
Thailand’s primary priority is expected to be digital transformation. The final objective cannot be accomplished just by the government but must be accomplished in partnership with alliances and partners both at home and abroad.
“Our digital vision for Thailand 4.0 is solid, but the sharing of ideas and views is critical to the mission’s success,” says Dr Kasititorn.
The country is looking to explore partnerships and relationships that contribute to the country’s development as well as the world at large. In this vein, she is excited to collaborate with OpenGov Asia and its international networks to identify new opportunities and projects to help Thailand realise its digital potential.
To enhance digital-based governance, the government is getting ready to construct four National Data Centers (PDN). Hence, the implementation of data-driven policies is encouraged using digital government ideas and initiatives.
According to Semuel Abrijani Pangerapan, Director General of Informatics Applications at the Ministry of Communication and Informatics, PDN is a strategic move by the government to advance effectiveness, efficiency, the sovereignty of state data, and the consolidation of national data within the One Data Indonesia framework.
He said during the “Groundbreaking Ceremony for the Development of the National Data Centre (Strengthening of E-Government), in Cikarang, West Java, “The PDN is one of the instructions of the President of the Republic of Indonesia in order to expedite digital transformation within government agencies.
The National Data Centre is expected to result in smart and contemporary governance because the installed technology in the PDN ecosystem comprises cloud computing, big data analytics and artificial intelligence, blockchain, and the metaverse.
Director General Semuel noted that the groundbreaking represented the introduction of the Bekasi Regency PDN development project to the central government, local government, the private sector, and the community.
The establishment of PDN is also one of the primary factors boosting Indonesia’s digital innovation. Especially in the context of effectiveness, efficiency, consolidation of national data, security, and sovereignty of state information, as well as encouraging the implementation of One Data Indonesia.
The Ministry has designed four PDN development locations, including the Deltamas Industrial Estate (Jabodetabek) region, the Nongsa Digital Park (Batam) area, the new National Capital City (IKN) in East Kalimantan, and Labuan Bajo, East Nusa Tenggara.
The Ministry indicated that the initial PDN was constructed in Cikarang, West Java, namely in the Deltamas Industrial Estate region, around forty kilometres from Jakarta. The second PDN will be constructed in the Nongsa neighbourhood of Batam City, Province of the Riau Archipelago. A fibre optic network capable of connecting the area and its environs to western Indonesia already exists at this site.
The decision to locate a data centre in Batam is based on the comprehensiveness of the supporting infrastructure, which includes fibre optic infrastructure, electricity supply, water, and direct paths to the global internet backbone. IKN and Labuan Bajo, East Nusa Tenggara are slated to house the second PDN development location.
Meanwhile, Usman Kansong, Director General of Information and Public Communication at the Ministry of Communication and Informatics declared that the government intends to use metaverse technology to promote virtual tourism at the Borobudur Temple.
To safeguard the tourist attraction, Director General Usman claims that the discussion on the use of this metaverse technology began concurrently with the implementation of a ban or restriction on general visitors’ access to the Borobudur Temple edifice. According to the Ministry, using this technology allows tourists who visit the Borobudur Temple can still climb this ancient structure without being there with the help of the metaverse.
Led by the Minister of Communication and Informatics Johnny G. Plate, the Ministry is optimistic that the implementation of this cutting-edge technology will be realised. The government would also offer help and training for waste management as well as for distributing local handicrafts in the vicinity of the temple and growing tourist settlements. This tourist system has the potential to offset the pandemic’s significant economic impact on the travel and tourism industry.