The number and complexity of critical events impacting businesses and governments are on the rise.
Today’s crises are triggered by events both inside and outside of an organisation’s control: the global pandemic, severe weather changes, IT outages and even cybersecurity threats. They disrupt operations, threaten people, compromise assets, and impact reputation.
In this high-risk environment, organisations need to leverage the right technologies, people and processes to make informed decisions, with consistent monitoring by multi-disciplinary team members. As a result, decision-makers have been on the look-out for solutions to overcome systemic problems and maintain business operations in the long term.
While the world is focused on the health and economic threats posed by COVID-19, cyber criminals around the world undoubtedly are capitalising on this crisis. Cybercriminals know that we are vulnerable. A spike in ransomware operations globally is adding to an already complex crisis management cycle for many organisations. It won’t stop there. Challenges have increased as cyber-threats and more IT incidents emerge due to inefficiency in responses and processes, causing downtime and rise of cost. Providing an adequate cyber risk management strategy, therefore, is imperative.
To address these issues, experts in the field of critical event management processes gave extremely helpful presentations during the OpenGovLive! Virtual Insight not just on projected effects of cyber threats, but on procedures that must be put in place in case of an actual cyberattack.
The session held on 10 December 2020 was attended by delegates from the Indian and APAC region, all eager to engage in an active discussion on the topic of Strengthening Cybersecurity and Emergency Preparedness: Enhancing Readiness, Response and Recovery
Planning ahead and adopting a resilient strategy
Mohit Sagar, Group Managing Director and Editor-in-Chief at OpenGov Asia, set the tone and stage for the discussion. He acknowledged that incident management was not a new concept but remains one of the top priorities of companies even today. The reason, Mohit said, is that incidents involving data compromise and those related to cyber threats continue to grow in complexity and number.
The outright reaction of most enterprises after a critical event is that they feel lost, even though they may have prepared for such an event. The question to be asked, Mohit stressed, is not why a critical event happened. The more appropriate question to raise is up to what extent a company has prepared itself for that incident.
Another relevant point raised by Mohit was a critical event’s impact on staff. Most employees are uncertain if they should admit they lack the readiness to comply with protocols in the event a critical situation arises. No employee should bear the brunt of a company’s lack of preparation for emergency incidents. Readiness is always key.
The solution, Mohit opined, is a resilient strategy to counteract the effects of cyber and other critical emergencies. This element is crucial and has been epitomised during the COVID-19 pandemic when many businesses were left at a loss on how to recuperate.
With regard to planning ahead, the issue is at what speed and cost? This is where operational resiliency comes into play. Similarly, another key issue is culture. The problem involving culture is reflected more clearly in the case of conglomerates which find it hard to keep everything working large-scale.
In the end, there should be seamless communication, a well-orchestrated platform for critical events management and seamless delivery of services. This, Mohit said, can be achieved, by teaming up with the right partners who can help keep the business working in top shape.
What makes incident management complex
One of the key challenges in coming up with an incident management strategy is that many consider it a difficult process to manage and oftentimes, confusing.
Sonia Arista, Vice President and Chief Senior Information Security Officer, Everbridge, dispelled this worry. She discussed that critical event management is not a singular process. Many factors are at play in setting forth a CEM strategy. There are also different stages in standard critical event management.
At the initial stage, companies must assess the type of disruption that might occur, as well as the extent of damages. From there, decisions must be made on who needs to know about the CEM plan and who designated response teams are. The last phase is communication. Companies should not keep any incident hidden from employees. Communicating to shareholders and customers is likewise advisable.
Aside from these, a post-mortem analysis identifying areas of improvement should also be conducted.
Sonia went on to enumerate some of the critical events that might occur at any particular point in time. These include theft, IT failure and cyber attacks. In many cases, a company is not just hit by one emergency but a plethora of critical events. This is where a critical event management process comes in.
Sonia wrapped up her presentation by reiterating the useful components of an effective CEM plan. She stated that companies should always be knowledgeable about a possible emergency. It must notify all concerned persons and improve on its existing incident management process.
Building cybersecurity readiness
When it comes to cyber threats, having an incident management protocol means more than just ensuring that everything and everyone is well-prepared.
This was the clear message of Charlotte Wood, Director, Policy and Awareness Cyber Security NSW of the New South Wales Government, to participants during the OpenGovLive! virtual session.
According to Charlotte, three things should be considered in the fight against cyber attack: confidentiality, integrity and availability.
Confidentiality means only authorised users and processors shall have access to data and integrity relates to the way data should be handled. Likewise, authorised users must always have access to available data.
Speaking about risks, Charlotte identified the financial risks associated with cyber attacks. To plan, Charlotte says, the trick is to look at risk likelihood and risk impact.
She added that people are the biggest vulnerabilities of companies. To address this, there must be a process on people control. As to possible threats, Charlotte outlined a few. These include human error, insider action and sabotage. In anticipation of these threats, putting a set of controls is important.
Preparation to reduce the impact should occupy the biggest slice of the pie when setting up a critical events management process. Focusing on technical teams for real-world events and in-depth exercise for tech teams in case of a data breach and similar incidents would mitigate the impact of cyber threats.
Charlotte ended the discussion by leaving some food for thought for the attendees: softening the blow of critical events should be a continuous process. It is about educating people as well as encouraging early detection.
Lastly, Charlotte emphasised the importance of having people in charge know what is happening and its impact to make the right decisions.
Going beyond technological aspects
Many businesses and organisations believe that the tech aspect of a critical events management process is a top priority. However, this aspect is just the initial stage of addressing risks and their impact. What needs to be focused on is how to have a structured approach when a critical situation arises.
Jim Fitzsimmons, Director – Cyber Security Consulting at Control Risks, gave thought-provoking points during the OpenGov Asia session. He emphasised that addressing lapses in the technological aspect of operations is often the starting point which can branch out into bigger problems like regulatory impacts and in some cases, health and human safety impact. These are things that go beyond what emergency response teams can do. Businesses must acknowledge that issues arise not just due to technology.
For Jim, information gaps regarding incident management are rarely addressed by companies. Oftentimes, many companies find out about an incident after it has happened. This leaves them taking up considerable time trying to figure out what happened and why an incident happened.
The solution, Jim said, is to be more structured on the type of questions to ask. These may include what to do during the onslaught of critical events and how to address them. This way, a critical events management strategy will not be a blind process.
To sum up his discussion, Jim added that it is equally important to approach problems through collaborative effort and see incident management as a process that cannot be purely delegated to the tech team. The trick then, he noted, is to have a balanced, well-structured approach with a view of potential risks and impacts while working collaboratively as a team.
After the interesting points discussed by the speakers, participants of the virtual session were engaged in polling questions regarding incident management and cyber attacks.
When asked about key concerns in cybersecurity that the participants’ organisations consider, almost half (40%) answered that employee education in IT security is a challenge.
A senior delegate from the public sector in India shared that the primary issue that they had to address was reluctance from employees to report cyber attacks. He felt that most organisations tend to have a standard response to all cyber threats. The problem with this is that the type of response must be based on the type of cyber attack.
As to how organisations measure the effectiveness of cybersecurity, an overwhelming number (85%) of respondents chose the ability to respond effectively to an impending cyber threat.
To elaborate, a participant from Hongkong stressed that it is not enough to only have protocols on managing cyber attacks. She believed that it would be risky if there are no methods which could be utilised to measure the extent of cyber threats. This is in addition to the reality that measurement of damage is difficult to manage.
In rating their level of preparedness for an impending cyber attack, a majority of attendees (85%) said that they are well-prepared but are not sure if they can withstand the resulting infiltration brought by cyber-attacks,
The session came to a close with Sonia leaving a reminder that risks are all around and may arise unexpectedly. Cyberthreats come in many forms including internal threats. The solution, she said, is for companies to keep an eye on the likelihood of risks and also doing a thorough assessment of critical events.
To be able to come up with a sound critical events management strategy which promotes preparedness, resilience and recovery, Sonia encouraged participants during the session to reach out and work hand-in-hand with highly-skilled incident management groups. By partnering with experts like Sonia and her team, companies and government agencies can be assured of a reliable mechanism that will be an additional safeguard in case of any unforeseen incident in the workplace surfaces.
Singapore’s Infocomm Media Development Authority (IMDA) has recently updated its platform known as Chief Technology Officer-as-a-Service (CTO-as-a-Service). The platform enables SMEs to self-assess their digital readiness and needs at any time and from any location, as well as access market-proven and cost-effective digital solutions and engage digital consultants for in-depth advisory and project management services.
This is for any business entity that wants to know how to start going digital, understand what type of solutions to adopt for its specific business challenge, or choose the solution that best meets its needs.
An enterprise can benefit from CTO-as-a-Service through:
- Conduct a self-evaluation of its digital readiness and pinpoint its gaps and needs in terms of digitalisation;
- Study other Small and Medium Sized Enterprises (SMEs) that have carried out digitalisation projects successfully;
- Receive digital solution suggestions based on the business’s needs and profile; and
- Evaluate the features and costs of various digital solutions.
There are more than 450 subsidised digital solutions available for selection, including those that address industry-specific or general business needs, as well as those that serve to streamline operations, increase business sales revenue, or ensure business resiliency.
The business can also work with digital consultants from the designated operators through CTO-as-a-Service, for digital advisory to assist:
- Seek a deeper comprehension of its business priorities and needs;
- Create training plans and digital solutions specifically for its businesses;
- Include fundamental data usage, protection, and cybersecurity risks in the digitalisation process.
The business may also ask digital consultants to assist with project managing the rollout of its digitalisation initiatives.
Eligible businesses can use digital advisory and project management services for free for the first time. Should the businesses want to keep using digital consultants, future usage or service enhancement will be based on commercial agreements.
Any company that satisfies the requirements below is qualified to use free project management and digital advisory services for the first time:
- Licensed and active in Singapore;
- A minimum of 30 per cent local shareholding;
- Enterprise’s group employment size is no more than 200 employees, or the group’s annual sales turnover is no more than S$100 million;
- Has never previously used CTO-as-a-Service digital consultants.
Meanwhile, SMEs are the backbone of Singapore’s economy. They employ two-thirds of the country’s workers and contribute almost half of Singapore’s GDP. Since digital technology is changing every part of Singapore’s economy, SMEs need to take advantage of digital technologies to grow and do well.
The SMEs Go Digital programme, which was started by the IMDA in April 2017, is meant to make going digital easy for SMEs. More than 80,000 SMEs have used the programme’s digital solutions.
Enterprises can also use advanced and integrated solutions to improve their capabilities, strengthen business continuity measures, and build longer-term resilience. Solutions that are supported by government agencies solve common problems at the enterprise level on a large scale, help enterprises adopt new technologies, and make it easier for enterprises to do business within or across sectors.
IMDA works with sector-led agencies and industry players to find advanced and integrated digital solutions that can be supported and are relevant to their sectors. Companies that want to use these solutions can check the IMDA website to find out when they can apply for each one.
Costs for hardware, software, infrastructure, connectivity, cybersecurity, integrations, development, improvement, and project management can be covered by funding support. With this, the agency has kept helping businesses, and the list of solutions that are supported will grow, with an emphasis on AI-enabled and cloud-based solutions.
Taiwan City Science Lab @ Taipei Tech demonstrated a series of cutting-edge AI applications. The lab exhibit advanced AI applications and their research and development results, such as the mobile robot, a AI robotic fish and Campus Rover.
The cross-disciplinary R&D and teaching laboratory aims to be a global technology and talent exchange platform. Massachusetts Institute of Technology (MIT) and Taipei Tech are coming together to jointly established City Science Lab @ Taipei Tech.
“Through developing advanced AI technology and big data system, we plan to make Taiwan the island of high-end technology,” said Yao Leehter, Taipei Tech Chair Professor of the Department of Electrical Engineering.
Yao indicated that Taipei Tech alums highly support the lab. The lab also collaborates with Kent Larson, the leader of MIT City Science Lab, the City Science Lab @ Taipei Tech aims to be an international platform for technology and talent exchange.
Taipei Tech adopts and jointly promotes with MIT to implement the Undergraduate Scientific Research Programme. Known as UROP, the programme provides sufficient resources for students and cultivates a new generation of scientific researchers. The collaboration was initially rolled out in 1969 by MIT’s first President, William Rogers.
For students to learn the most modern and state-of-the-art technology applications, the lab provides advanced equipment for R&D purposes, such as mobile robots. The agile, mobile robot can adapt to complex terrains and is equipped with LIDAR, infrared, and stereo vision sensors, which can draw 3D point cloud maps in real-time and detect and dodge obstacles. The mobile robot is used in decommissioned nuclear power plants, factories, construction sites, and offshore drilling oil platforms. Another mobile robot use case is for patrol, troubleshooting, and leak detection.
In addition, the lab also showcased its R&D results which are the AI robotic fish to the advanced instrumental equipment. The robotic fish is a streamlined robot designed to resemble a real fish. The fish robot comprehends and mimics the motion model of swimming fish through machine learning.
The robot can swim underwater in a simulated way. To perfectly mimic the fish movement, researchers have spent significant time collecting massive movement data from real fish, documenting, and analysing the swimming performance. Afterwards, they utilised AI technology and programme coding to control the motoric movement of the robotic fish.
The team then spent a year adjusting the robotic fish to make the swim movement look like a real fish. Machinery fish propulsion efficiency and excellent swimming performance are considered one of the most critical subjects in bionics.
“The robotic fish is useful for biological research and can also be used to carry out underwater operations and examine water quality,” said Yao.
Recently, the fish robot was involved in movie production. During the designing process, the production house team suggested adding a “cloth” on the fish with fish skin and fish scale to make it more lifelike. The company also came up with the idea to use a magnet to stick the fish scale on the body of the robotic fish. Taiwan Textile Research Institute and the local design research group joined the brainstorming and production process to finish the golden fish’s final look onscreen.
Moreover, The Campus Rover, developed by the team of Professor Yao in cooperation with the Taipei Tech Department of Industrial Design, demonstrated practical AI applications in real life. For example, campus or express hospital service can use the self-charging robot to ensure delivery safety.
Around 30,000 rural homes and communities will soon have access to faster and improved connectivity with an expansion of the Rural Capacity Upgrade programme. 21 new contracts have been signed by Crown Infrastructure partners to accelerate upgrades to towers and broadband connections in areas with poor coverage.
The announcement was made by the Minister for Rural Communities, Damien O’Connor, and the Minister for the Digital Economy and Communications, David Clark. This round of the Rural Capacity Upgrade will see many existing towers upgraded and new connections established in rural areas experiencing poor performance. Areas that will benefit from these improvements include, but are not limited to, settlements in the Far North, Gisborne, the Manawatu-Whanganui region, Taranaki, Southland, and Waikato.
The project is expected to significantly boost the economic productivity of homes and businesses with a slow, unreliable, or unusable connection, Clark noted. The government is committed to improving rural connectivity and is on track to see 99.8% of New Zealanders receive access to improved broadband because of the Ultra-Fast Broadband rollout, Rural Broadband Initiative, the Marae Digital Connectivity programme, and the Mobile Black Spot Fund by the end of 2023, he explained.
The investment in rural connectivity will work alongside Land Information NZ’s rollout of the Southern Positioning Augmentation Network (SouthPAN) service. As OpenGov Asia had reported earlier, SouthPAN is the Southern Hemisphere’s first satellite navigation augmentation service. It will improve the availability and accuracy of positioning, taking it from 5-10 metres to as little as 10 centimetres across the country.
This will boost rural productivity through precision agriculture and horticulture, fenceless farming, and improve the safety of search and rescue in the backcountry. The government, along with private sector contributions, has invested more than $2.5 billion into improving digital connectivity to date.
The government has also released “Lifting Connectivity in Aotearoa”, which sets out the high-level connectivity vision for New Zealand over the next decade. This includes the goal that all New Zealanders have access to high-speed connectivity networks, and that the country is in the top 20% of nations with respect to international connectivity measures.
Last month, the government launched the Remote Users Scheme to provide broadband and connect New Zealand’s most remote communities. Clark had announced the scheme, noting that it would equip as many remote households as possible with the connectivity infrastructure needed to access broadband services. As reported on OpenGov Asia, the Remote Users Scheme will help connect people to online health services and educational tools. Through Budget 2022, $15 million was allocated towards funding the scheme, as part of the broader $60 million rural connectivity package announced earlier in the year.
The Crown Infrastructure Partners (CIP), which was established by the government, will administer the Remote Users Scheme and is calling for applications from potentially eligible households and communities. A request for proposal from Internet service providers will follow. It is expected that new broadband connectivity infrastructure for the eligible areas and households can begin being built in mid-2023.
In a process that could be compared to travelling through a wormhole, researchers from the Massachusetts Institute of Technology, California Institute of Technology, Harvard University, and other institutions sent quantum information across a quantum system. The Sycamore quantum processor device was used in this experiment, which pave the way for more quantum computer research into gravitational physics and string theory in the future.
Calculations from the experiment showed that qubits moved from one system of entangled particles to another in a model of gravity, even though this experiment didn’t produce a disruption of physical space and time in the sense that might understand the term “wormhole” from science fiction.
A wormhole connects two far-off regions of spacetime. Nothing is allowed to travel through the wormhole in the general theory of relativity. But in 2019, some scientists hypothesised that an entangled black hole-created wormhole might be passable.
By introducing a direct interaction between the distant spacetime regions and using a straightforward quantum dynamical system of fermions, physicists have discovered a quantum mechanism to make wormholes traversable. This type of “wormhole teleportation” was also created by researchers using entangled quantum systems, and the outcomes were confirmed using classical computers.
In this experiment, researchers used the Sycamore 53-qubit quantum processor to teleport a quantum state from one quantum system to another to send a signal “through the wormhole.” The research team had to find entangled quantum systems that behaved as predicted by quantum gravity while also being small enough to run on current-generation quantum computers.
Finding a simple enough many-body quantum system that maintains gravitational properties was a key challenge for this work. The team gradually reduced the connectivity of highly interacting quantum systems using machine learning (ML) techniques to accomplish this. Each example of a system with behaviour that is consistent with quantum gravity that emerged from this learning process only needed about 10 qubits, making it the ideal size for the Sycamore processor.
It was crucial to find such tiny examples because larger systems with hundreds of qubits would not have been able to function on the quantum platforms currently in use. The team observed the same information on the other 10-qubit quantum system on the processor after inserting a qubit into one system and sending an energy shockwave across the processor after doing so.
Depending on whether a positive or negative shockwave was applied, the team measured how much quantum information was transferred between two quantum systems. The researchers demonstrated that a causal path between the two quantum systems can be established if the wormhole is kept open for enough time by the negative energy shockwaves. It is true that the qubit that was inserted into one system also appears in the other.
The team then used conventional computer calculations to confirm these and other properties. Running a simulation on a traditional computer is not like this. A conventional simulation, which involves the manipulation of classical bits, zeros, and ones, cannot create a physical system, even though it is possible to simulate the system on a classical computer and this was done as described in this paper.
Future quantum gravity experiments could be conducted using more advanced entangled systems and larger quantum computers because of this new research. This research does not replace direct observations of quantum gravity, such as those obtained through the Laser Interferometer Gravitational-wave Observatory’s detection of gravitational waves.
Dr Andrew Lensen from the School of Engineering and Computer Science and Dr Marcin Betkier from the Law School are eager to ensure AI has a significant role in the justice system. The researchers based in New Zealand built an Artificial Intelligence (AI) algorithm that predicts the length of court sentences.
But the question that may arise is whether the AI algorithm is fair enough to hand down the sentences. In the current justice system, society trusts judges to hand down fair sentences to the accused based on their knowledge and experience.
But how about AI? Can it judge better because it can eliminate the potential for bias and discrimination? And can AI substitute the judge’s knowledge and experience with its ability to analyse and predict large amounts of data?
Dr Andrew is optimistic that AI can help better sentencing performance in the court. The confidence comes from the use of AI to predict some criminal behaviour, such as financial fraud. Even though he has not tested the algorithm model in the courtroom to deliver sentences, he is confident in his idea that AI can have a role in the sentencing process.
Dr Andrew says when judges handle a case in the court, they have some “inconsistency” when passing a sentence for a convicted criminal. The inconsistency comes from a judge’s consideration of individual circumstances, societal norms and the sense of justice.
The moral decision and the sense of humanity are based on their experience and even sometimes change the law. Each judge uses their prudence in deciding the outcome of a case. Another “undesirable inconsistency” occurs as bias or even extraneous factors like hunger. Research in Israeli courts has shown that the percentage of favourable decisions drops to nearly zero before lunch.
Judges must ensure similar offences should receive similar penalties in different courts with different judges. Usually, to enhance sentence consistency, the justice system has prepared guidelines as a reference. This inconsistency area is the pain point where AI can help.
How AI Helps Judges
Most modern AI is machine learning, a machine learning algorithm that could learn the patterns in a database to predict patterns and outcomes. Therefore, AI can provide better sentence suggestions after the computer algorithm learns the patterns within a set of data.
Dr Andrew’s machine learning algorithm trained with 302 New Zealand assault cases. The sentences in those cases are between 0 and 14.5 years of imprisonment. The model quantifies sentences based on certain phrases and terms when calculating the sentence. Then the algorithm built a model that can predict the length of a sentence for a new case and explain why it made certain predictions.
The relatively simple model worked quite well within the average error of the model in under 12 months. The model associates the words or phrases such as “sexual”, “young person”, “taxi” and “firearm” with longer sentences. While shorter sentences were given to cases with words like “professional”, “career”, “fire” and “Facebook”.
Beyond Decision Making
In the future, AI could be used as an evaluation tool for judges. They could understand better their sentencing decisions and perhaps remove extraneous factors. The models also have the potential to be used by lawyers, providers of legal technology and researchers, to analyse the sentencing and justice system. Moreover, AI also can be used for controversial sentences and help create some transparency around controversial decisions.
Of course, the use of AI in the justice system may still be controversial. Most people are still keen that the final assessments and decisions on justice and punishment should be made by human experts. But maybe it is the right time need to give an opportunity to an “algorithm” or “AI” in the judicial system for the common good.
New Zealand is not the only country that explores the use of Artificial Intelligence (AI) in courtrooms. Several other countries like China and Malaysia have done similar things. In China, robot judges can decide on a small case. While in Malaysia, some courts have used AI to recommend sentences for offences such as drug possession.
Da Nang city has topped digital transformation rankings for the third time so far and has been awarded the Best Vietnam Smart City Award 2022. The Vietnam Software and IT Services Association (VINASA) organised the event in Hanoi. The jury was chaired by the former Minister of Science and Technology, Nguyen Quan. The award was among the 43 given to cities, enterprises, and products considerably contributing to smart city building and national digital transformation.
Da Nang also received prizes for smart governance and management, smart transportation and logistics, startup and innovation city, and city with smart applications serving citizens and enterprises. Da Nang has implemented a number of technology-based applications and initiatives to aid public administration and enhance the quality and delivery of public services.
At the beginning of the year, Da Nang became the second city in Southeast Asia to deploy chatbot tech for tourism. As OpenGov Asia had reported, in an attempt to increase the variety of tourist self-service tools and information channels, the municipal Tourism Department coordinated with a private artificial intelligence (AI) developer to create and pilot Chatbot Danang Fantasticity, the first automatic tourism information search and support channel via text message conversation in Vietnam.
In September, an ambulance journey supervision and management utility was launched on DanaMap or the Danang Smart City application in the central city of Da Nang. The utility allows the municipal Emergency Centre, the Health Department, and residents to monitor the operation of ambulances. The Department is also launching videos that demonstrate how to carry out remote check-ups for patients on ambulances and a database of patients to help doctors check their disease history.
Apart from Da Nang, the cities of Da Lat, Pho Yen, and Dong Xoai were awarded the smart governance and management city award. The central province of Thua Thien-Hue obtained the startup and innovation city award, and Thai Nguyen the award for smart application city serving citizens and enterprises.
Meanwhile, 34 prizes were presented to technological solutions in 17 categories, including administration, transport, environment, health care, agriculture, construction, and tourism. Statistics for smart city building show that the 34 digital solutions have gained over VND 350 billion (US$ 14.3 million) in revenue.
Besides, the jury also selected nine outstanding solutions to grant the five-star rating. These solutions apply advanced technologies including big data, AI, 3D, and virtual reality/extended reality (VR/XR) to help with cities’ governance and management and bring about useful experiences for residents and businesses.
Vietnam has strong digital ambitions and is looking to be a regional digital hub. In 2020, Vietnam approved a National Digital Transformation Programme by 2025, with an orientation toward 2030. The strategy helps accelerate digital transformation through changes in awareness, enterprise strategies, and incentives toward the digitalisation of businesses, administration, and production activities. The plan aims to have 80% of public services at level 4 online. Over 90% of work records at ministerial and provincial levels will be online while 80% of work records at the district level and 60% of work records at the commune level will be processed online.
The Counter Ransomware Task Force (CRTF), which was formed to bring together Singapore Government agencies from various domains to strengthen Singapore’s counter-ransomware efforts, has issued its report.
Singapore’s efforts to promote a resilient and secure cyber environment, both domestically and internationally, to combat the rising ransomware threat are guided by the recommendations in the CRTF report.
According to David Koh, Commissioner of Cybersecurity, Chief Executive of CSA and Chairman of the CRTF, ransomware poses a threat to both businesses and individuals. Economically, socially, and even in terms of national security, it can be detrimental. Both internationally and across domains, ransomware is a problem.
“It requires us to collaborate and draw on our knowledge in a variety of fields, including cybersecurity, law enforcement, and financial supervision. It also necessitates that we work with like-minded international partners to identify a common problem and develop solutions,” David explains.
He exhorts businesses and individuals to contribute as well, strengthening the nation’s overall defence against the ransomware scourge.
Cybercriminals use malicious software known as ransomware. When ransomware infects a computer or network, it either locks the system or encrypts the data on it. For the release of the data, cybercriminals demand ransom money from their victims.
A vigilant eye and security software are advised to prevent ransomware infection. Following an infection, malware victims have three options: either they can pay the ransom, attempt to remove the malware, or restart the device.
Extortion Trojans frequently employ the Remote Desktop Protocol, phishing emails, and software vulnerabilities as their attack vectors. Therefore, a ransomware attack can target both people and businesses.
The ransomware threat has significantly increased in scope and effect, and it is now a pressing issue for nations all over the world, including Singapore.
The fact that attackers operate internationally to elude justice makes it a global issue. Ransomware has created a criminal ecosystem that offers criminal services ranging from unauthorised access to targeted networks to money laundering services, all fed by illicit financial gains.
Singapore must approach the ransomware issue as a cross-border and cross-domain problem if it is to effectively combat the ransomware threat.
Other nations should adopt comparable domestic measures to coordinate their financial regulatory, law enforcement, and cybersecurity agencies to combat the ransomware issue and promote international cooperation.
Three significant results were the culmination of the CRTF’s work. For government agencies to collaborate and create anti-ransomware solutions, they first developed a comprehensive understanding of the ransomware kill chain.
Second, it examined Singapore’s stance on paying ransom to cybercriminals. Third, for the government to effectively combat ransomware, the CRTF suggested the following policies, operational plans, and capabilities under four main headings:
Pillar 1: Enhances the security of potential targets (such as government institutions, critical infrastructure, and commercial organisations, especially small and medium-sized businesses) to make it more difficult for ransomware attackers to carry out successful attacks.
Pillar 2: To lower the reward for ransomware attacks, disrupt the ransomware business model.
Pillar 3: To prevent ransomware attack victims from feeling pressured to pay the ransom, which feeds the ransomware industry, support recovery.
Pillar 4: Assemble a coordinated international strategy to combat ransomware by cooperating with international partners. Singapore should concentrate on and support efforts to promote international cooperation in three areas that have been identified by the CRTF: law enforcement, anti-money laundering measures, and discouraging ransom payments.
The appropriate government agencies will take the recommendations of the CRTF under consideration for additional research and action.