Cyber Resilience
Powered by :
Victoria earmarks AU$30 million to boost hospital cyber capabilities
This is Part 1 of a two-part series covering the Public Sector Innovation Day – Singapore. Read Part 2 here.
The COVID-19 pandemic has brought about significant changes in the world. It has ushered in a new normal, bringing a different era of governance and business operations. Technology is at the fore of this front, helping adapt to these disruptive changes in an unprecedented manner. The scale of this transformation is incredible – experts say CVOID-19 has driven two years of digital transformation in two months.
The public sector is at the heart of the response to COVID-19. The response has required action on multiple fronts, using technology advancements, not just for health measures, but to aid efforts to mitigate the economic effects on households, firms, and industries. The crisis has drawn attention to the tools and technologies that governments need to have to protect their citizens and enterprises as agencies struggle to minimise associated negative impact, deliver public services, and ensure the continued development of critical national infrastructure.
A digitally enabled government must go beyond merely digitising processes and offering services online. It must also find innovative ways to raise productivity in workplaces and bring convenience and efficient services to citizens. As the world prepares for the new normal and all the economic, social, and political question marks that accompany it, many are looking to the tools of data science to continue to inform this trajectory. Advanced data science, and the technology it powers, is rapidly becoming an essential component of nearly every industry.
The Singapore government, too, is looking to ramp up the adoption of digital technologies and the nation to recover from the COVID-19 pandemic. Simultaneously national tech agencies developing new digital tools and services to support citizens and businesses. This requires a comprehensive approach including the ability to rapidly integrate new data, make accurate, multilevel forecasts and provide data-driven insights for policymakers.
Now, even as the journey to a post-COVID-19 recovery has begun, the question is still relevant: does the public sector has the necessary tools and technologies to respond effectively, recover quickly, rebound efficiently and reimagine the future which is critical to national interests?
OpenGov Asia held a Public Sector Innovation Day 1 for Singapore at Intercontinental Singapore. The session aimed to impart knowledge on how public sector agencies can accelerate digital transformation and innovation to emerge stronger post-COVID-19.
Attended by key policymakers from the public sector and technology industry experts, the session served as a great peer-to-peer learning platform to gain insights and practical solutions to understand the value of cutting-edge technologies available to make better, faster, and more cost-effective, data-driven decisions that make a difference in the lives of the citizens post-pandemic.
How COVID-19 Accelerated Public Sector’s Digital Transformation
To kickstart the session, Mohit Sagar, Group Managing Director and Editor-in-Chief at OpenGov Asia delivered opening remarks.
As early as 2019, there was consensus on the benefits of remote working, but it did not happen in any significant way. Then, at the end of 2019 came a crisis so debilitating that it brought the world to a halt almost overnight and it kept going relentlessly. But not all were equipped to do so and many just emulated what the other countries were doing. None the less, public services globally have been significantly boosted.
Countries from all over the world were looking to adapt to the challenge. Citizens needed access to government services more intensely and urgently. New information and data were being generated incessantly, necessitating new plans and decisions.
In the early stages, people were excited at the opportunity to work from home. Interestingly though, the step was considered a “pivot” – with the connotation of reaction rather than strategic. People and organisations were said to be “pivoting” to manage and mitigate the issues the pandemic brought like making people work from anywhere, anytime.
Beyond a doubt, the public sector did its job in terms of providing relevant services and initiatives throughout the age of COVID-19. But the question remains, were those initiatives innovative and intentional and sustainable? Were they just a good-to-have or a must-have?
The good brings with it the bad, the unsafe and the difficult. As the initial euphoria of remote working wears thin, people, once happy about the shift, realise that the new normal disrupts their work-life balance and their well-being. Other measures are facing the same reaction. Lacking data, this so-called digital transformation is rapidly losing its sheen and is being considered a band-aid solution.
With COVID-19 seemingly waning and the economy starting to open, governments are looking for ways to boost their economy. In this sea of change and disruption, often reverting to the known is comforting. Knowing this penchant, Mohit asked the delegates, “Do we want to go back to the old norm because it was beneficial at that time? Or should we welcome the wider adoption of technologies that helped us adjust to the new norm?”
Mohit reminded the delegates that by staying true to the lessons learned from COVID-19 and by increasing the usage of technologies like AI, Cloud and Data Analytics, agencies can move further along on their digital transformation journey.
Governments must find the right balance in their digital transformation journey between technology, people and processes. They must also find leadership and the will to empower the workforce with the right tools to achieve the ultimate end goal of a complete digital transformation in the new normal.
In closing, Mohit emphasised the need for agencies to find a suitable partner in this digital journey. They must find the right people who do what they do best for them to stay on the right path towards a full digital transformation.
Strategies to Enable Health Data Optimisation and Usage in Singapore
After the opening remarks, the forum heard a keynote address by Sutowo Wong, Director, Analytics & Information Management Division, Singapore Ministry of Health. He discussed various strategies to enable health data optimisation and its usage. Sutowo started by giving an operating context concerning the data processes in the Ministry of Health, especially during the pandemic.
First, as governments and agencies shape their data strategy, they need to be mindful of external macro trends such as the democratisation of data and analytics, where self-service analytics and the rising demand for data visualisation requires a better user experience for both data and insights.
Second is the rise of analytics apps where role-based actionable insights are more easily consumed and deployed and the adoption of improved decision-making procedures. Leaders must have the ability to support decision making by realising the value from investments in analytics.
He strongly believes that user experience matters. An effective data integration strategy must cater to the user’s expectations and needs by making sure that services are efficient, usable, interactive and can deliver on their promise. Adopters must learn that a data lifecycle has four stages: acquisition, management, access and distribution and exploitation. However, adopters are troubled by several key pain points.
Data acquisition is burdened with issues like significant lead time and cost required to collect data from source systems, leading to delays and high cost, multiple duplicative requests from different divisions/entities to collect same/similar data.
Data management is hindered by data duplication across different repositories, no comprehensive data catalogue and lack of standard data definitions, a large amount of data cleansing and analysis done manually using excel, and by having no data quality monitoring and remediation processes in place.
Access and distribution are bothered by issues such as different entities and systems having their de-identification and anonymisation processes, tedious and varied processes to seek data access approval for different datasets, and fear of residual liabilities for data provider when data is shared.
Lastly, exploitation of data faces challenges such as organisations having limited processing scalability, the governance of data scattered across many endpoints are demanding, the lack of model development and deployment processes for operationalisation of POCs, and the lack of reusable analytics assets e.g., codes, datasets.
The Ministry of Health addressing these issues and improving its capabilities, policies, and legislation. The MOH Consolidated Data Repository (MCDR) allows MOH and authorised users to gain access to cleaned and concorded healthcare data to reduce the time and resources expended by consolidating and optimising the data from different sources to the MOH central platform.
A Data Management Workstream (DMW) standardises and automates data extraction, fusion, and pre-processing as well as utilises a team of data concierges to develop data catalogues and coordinate data requests to allow collected data to be cleaned once for multiple uses in the future. By pre-linking a wide range of datasets, the turnaround and readiness of providing data will improve significantly over ad-hoc and piecemeal efforts.
Data Governance works with the Personal Data Protection Commission (PDPC) to clarify data accountabilities as data flows between MOH and Public Healthcare Institutions (PHIs) to centrally drive data governance and facilities for anonymised and identifiable data to improve data accessibility and distribution across the board.
Sutowo added that users are looking for actionable insights, which is why the MOH must be flexible enough to meet these differing needs. The ministry is making sure that data is curated, and a catalogue is being created to improve data discoverability. Requests for data and packages are to be addressed by using a standardised and streamlined process, providing access to the required tools in a sandbox to analyse the data, and deploying the output and monitoring the performance in operations continuously.
Sutowo touched on MOH programmes that utilise data analytics. The Nationwide Predictive Model for Admission Prevention – Hospital to Home (H2H), provides holistic care for patients who are at home via the common care model for Transitional Care. The predictive model was launched in all public hospitals in Singapore in April 2017. As of 6 May 2018, more than 15,000 patients have been enrolled on the H2H programme.
The ministry launched a self-learning retinal screening tech that cuts the time needed to spot signs of diabetic eye disease as well as an automated tool to diagnose uncertain cases of appendicitis to guide the optimal use of CT scans.
Sutowo emphasised that beyond data, the rapid growth in digital health presents opportunities to redefine our care and financing models. The Global and APAC digital health market has been growing rapidly and is poised for further growth. Singapore is home to 170 local start-ups, between 20 to 30 foreign start-ups and 40 multinational companies in the digital health space.
In closing, he noted that the nation’s public healthcare IT ecosystem has undergone significant shifts and will continue to transform for the better.
Fireside chat: How can the public sector leverage data revolution to respond, recover and reimagine next-gen citizen-centric services?
The session moved to a fireside chat segment where Mohit and Remco den Heijer Vice President – ASEAN SAS discussed how the public sector can leverage data revolution to respond, recover and reimagine next-gen citizen-centric services.
On being asked why he sees data as the heart of the COVID-19 recovery, Remco explained that data is the perfect element in terms of recovering from the pandemic because it is everywhere, both in the private and public sectors.
The world should embrace technologies that are scaling and continuously evolving. Disruptive technologies can extract actionable insights from this data, which is why both sectors must use this development and advantage to recover from the pandemic. Software, hardware, and related skills must be enhanced to leverage technology and data for recovery purposes.
Remco touched on the topic of AI being used by governments in their processes. AI adopters, he advises, must continuously update their AI models with new and updated data to strengthen their predictive capabilities that will provide possible solutions for present endeavours.
He is convinced that that AI functions at its finest when it is incorporated with human intelligence. Having that human lens on top of the tech will always be an important aspect.
Remco urged delegates to continue doubling down on networks and partnerships and to continue learning from each other in this journey.
Applying real-world AI & Analytics to Improve Decision-Making and Provide Efficient Citizen Services in the New Normal
Following the fireside chat, the session heard from Deepak Ramanathan, Vice President – Global Customer Advisory SAS on how AI and analytics in the new norm have improved citizen services and transformed decision–making.
There are several reasons as to why leaders should take a new approach when it comes to decision-making, Deepak says. A new approach may result in a significant need to make better use of resources, improve the efficacy and efficiency of decision making and result in the right service delivery in a timely fashion, drive revenue, control costs and reduce risks. Any new approach should promote the idea of automating data acquisition and using analytics/AI that will drive these desired and needed efficiencies. All in all, decision making will increasingly get digitised.
Deepak cited several examples of augmenting decisions that drive digital transformation and deliver value. One of which was advanced mental health care with the predictive analysis used in California, USA. The project required the integration of data across country departments and information systems. It is focused on building a unified view of every client resulting in improved and effective services.
The Los Angeles country utilised a cross-agency service to measure the cost and benefits of serving the indigent adults in the country’s General Relief Programme.
In Amsterdam, the health sector used computer vision and predictive analytics to better identify cancer patients who are candidates for life-saving surgeries.
Automating real-time, transactional decisions can help in the long run. It can be vital in improving safety and emergency response using sensors to predict disasters, early detection of insider threats for public safety and national security organisations, transforming predictive maintenance for complex equipment and infrastructure, protecting tax revenue, and streamlining expenditure.
Technological advancements will help boost employee satisfaction and drive revenue fields while protecting resources.
Deepak and his team at SAS recognise several principles for responsible AI. They believe that AI should have inclusive growth capabilities, sustainable development and well-being, human-centred values and fairness transparency, robustness, security, and safety, and accountability.
Accelerating Singapore’s Journey Towards Precision in Public Health
Taking over the session, Terence Ng, Director – Policy & Technology Innovation Office Health Promotion Board, Singapore shared how Singapore’s Health Promotion Board innovates in terms of the population’s health using partnership, research, and data.
Today, Terence believes, is an opportune time to reimagine and further invest in health and wellness promotion, as these are the hottest points of discussion during the age of COVID-19. There is a growing need for early detection and preventive health interventions. This is because of the continued growth in noncommunicable diseases (NCDs) particularly chronic conditions & associated health risks, a rise in medical costs. Singapore medical costs are twice the global average and 10 times the inflation rate – and the -19 pandemic is amplifying the urgency for health promotion and disease prevention.
COVID-19 has accelerated the development and adoption of digital health and tech. Organisations and institutions are looking at data and technology to improve health knowledge and delivery. The ubiquity of smart devices allows for more continuous and granular data and more individualised approaches, while AI and machine learning are adopted for predictive and personalised health analysis.
Precision in public health is about delivering the right intervention at the right time, every time, to the right population. The approach must be holistic, precise, personalised, multi-channel, and continuous.
The desired outcomes for precision in public health are as follows:
- Drive better health-related outcomes: reverse risk factors and slow down growth in NCDs / chronic disease and encourage sustained health behaviours and improve mgmt. & outcomes for patients (e.g., diabetes)
- Increase scalability & reach: scale and maximise the reach of interventions to more and different segments of Singapore pop. through better customisation, and leverage technology as an enabler to increase scalability
- Measure the impact of interventions: Better measure outcomes and effectiveness of interventions (incl. programmes, policies), constantly refine and improve approaches to health promotion based on evidence; use tech as an enabler to measure outcomes
- Improve cost-effectiveness of the system: enable more efficient and cost-effective healthcare system using technology and focus on preventive health
- Create new economic value & innovation: further, establish Singapore as a global & regional public health innovation hub and create training opportunities to develop up-skill home-grown talent
Partnerships, research, and data analytics are key in achieving precision in public health, Terence says. Better data and data banks enable researchers and the entire government to access world-class data, data integration and interoperable systems. This has accelerated the development of a Health Data Hub for the population. Better research will come from creating an ecosystem of research partners for next-gen discovery and innovations and better partnerships in public health interventions and major collaborations with leading technology firms and researchers.
Singapore’s Ministry of Health is transforming the healthcare system to adapt to the new normal. The ministry believes that their services should be beyond healthcare and should focus more on prevention and wellness. Services that go beyond a hospital, resulting in less hospital-centric, more relative shifts to right-sited care and beyond quality to value, and by providing more cost-effective treatments and interventions.
Governments Leading Through Change
Jason Loh, Head of Analytics and Artificial Intelligence, Asia Pacific, Global Tech Practice SAS took over to talk on how analytics and AI machine learning helped organisations and government agencies face unprecedented challenges during the pandemic.
He acknowledged that COVID-19 changed working conditions and, essentially, life in general. In less than a year since the virus emerged and just over 6 months since tracking began, it upended day-to-day lives across the globe. The pandemic has changed how people work, learn, and interact as social distancing guidelines have led to a more virtual existence, both personally and professionally.
Machine learning is an innovative approach that has extensive applications in prediction. This technique was applied to help mitigate the effects of the pandemic and predict the risk in healthcare. Machine learning analyses the risk factors as age, social habits, location, and climate as well as identifying patients at high risk, mortality rates and other critical parameters and trend lines.
The technique can be used to understand the nature of the virus and further predict the upcoming issues. This learning algorithm creates inferences out of unlabelled input datasets, that can be applied to analyse the unlabelled data as an input resource for the pandemic. It provides accurate and useful features rather than a traditional explicitly calculation-based method.
Organisations and governments have gravitated toward predictive analytics in the last several years, as they use data to anticipate future trends and needs, especially during the onset of COVID-19. But forecasting demand is difficult even in normal times, and the pandemic’s unpredictability has been challenging. Since the pandemic started, simple descriptive analytics using good data about the present and recent past has helped the public sector.
Jason cited examples of how governments from all over the world utilised AI and data analytics to adapt to the new normal brought by the pandemic. The Chinese used machine learning for epidemiology tracking and neuro-linguistic programming for contact tracing.
Another example was the development of a COVID-19 e-health hub for health professionals in Australia. The e-health hub is dedicated online and by an over the phone mental health and wellbeing network. Developed rapidly to meet an immediate need, the initial release of the platform aims to deliver mental health assessment and access to resources and digital self-help and self-management in times of lockdowns caused by COVID-19.
Jason exhorted leaders to develop better citizen outreach programmes through AI in social media and chatbots. They need to develop platforms and tools that understand what the citizens need in each household. Using the information, they should incorporate it into an advanced data management system using AI and machine learning to help deliver services more efficiently.
Responsible and Ethical Use of AI in Public Sector: Application, Challenges, and Best Practices
After Jason Loh’s presentation, the delegates heard a presentation from Lim Chinn Hwa, Senior Director Smart Nation Platform Solutions, Government Technology Agency, GovTech. He discussed how the public sector can apply responsible and ethical use of AI and the best ways to do so.
The public sector uses AI to make data-driven decisions, improve efficiency and productivity, bring convenience to citizens and personalise public services. That being the case, he notes, AI must be human-centric.
The National AI Strategy seeks to establish Singapore as a global hub for developing, test-bedding, deploying, and scaling AI solutions. The strategy is a key step in the country’s Smart Nation journey. It spells out the nation’s plans to deepen the use of AI technologies to transform its economy, going beyond just adopting technology to fundamentally rethinking business models and making deep changes to reap productivity gains and create new areas of growth.
The National AI ecosystem is made up of a triple partnership helix consisting of the government, the research community and industry. This supports whole-of-government applications with in-house capabilities in Machine Learning/Deep Learning, Natural Language Processing, Computer Vision, and IoT & Robotics. AI must be identified in national projects that deliver impactful social and economic benefits to citizens.
Moreover, Lim Chinn Hwa mentioned specific areas that greatly concern citizens. Areas like transport and logistics that can use AI for intelligent freight planning, smart cities and estates with seamless and efficient municipal services, healthcare facilities that can predict and manage chronic diseases, the education sector that AI can personalise through adaptive learning, assessment and safety and security that could use an AI tool for border clearance operations.
AI is vital to sustainability and food security and is fundamental to Singapore’s 30 by 30 vision to produce 30% of its nutritional needs locally and sustainably by 2030, including fruit and vegetables, fish and poultry.
One example is the challenge fish farms are facing. Fish larvae feed on large amounts of plankton called rotifers – every few hours. To ensure a constant healthy rotifer supply, samples need to be examined daily. A trained technician takes 40 minutes each day to manually examine samples under a microscope.
GovTech worked with the Singapore Food Agency (SFA) to develop an AI mobile app to automate the rotifer inspection process. Technicians upload photos of rotifer samples to a mobile app then the app automatically classifies healthy and unhealthy rotifers – reducing inspection time from 40 minutes to 1 minute.
Singapore is kept smoke-free by an AI-powered smoking activity detection unit. The tech has a deep learning pose estimation-based solution using security camera video feeds. It provides near real-time notifications to users on the detection of smoking activities. The cloud-based solution allows the exportation of data for trending analysis and optimises the deployment of National Environment Agency officers to targeted hotspots.
More recently, AI was also used in the country’s battle against COVID-19. One example is the Smart thermal scanner with deep learning face detection of up to 10 faces at once. It is lightweight, affordable, and works both indoors and outdoors. The software licensed to the private sector is for free.
Another example is Access Control with Video Analytics. The tech is a fully automated, contactless gantry system for temperature screening and optimises temperature screening process duration to 2 seconds per visitor.
Lim Chinn Hwa ended his presentation by emphasising that the public sector can scale the usage of AI by making timely collection, analysis and sharing of data and by building reusable components and scalable, interoperable platforms. He also sees wider adoption of augmented analytics, robotics, smart devices, autonomous vehicles, smart facilities management, more real-time AI services, and open digital platforms soon.
Future of Digital Government: Anticipatory, Intuitive, and Invisible
After Lim Chinn Hwa’s presentation, the session welcomed Dr David Hardoon, Senior Advisor for Data and Artificial Intelligence, UnionBank Philippines. He shared how the future of government must be anticipatory, intuitive, while government officials are invisible to the public eye.
David feels that a digital government must be citizen–centric and perceived from an engagement point of view. Citizen experience should be at the heart of a digital government. A digital government must not retrofit programmes and processes to digital, instead, they must make programmes and initiatives that are digital by design.
Beyond citizen centricity, governments must provide safe experiences for their citizens. Digital transformation will be accompanied by cybersecurity across the board, and not just in financial transactions. Governments must learn how to create safe experiences by using data and available technology.
Governments and agencies must learn to be non-visible at times and create seamless experiences for their citizens or customers. Too much visibility, like transferring from one agency to another just to avail of a service, can result in unrest from a citizen’s point of view. Governments must be made aware that users just want to avail the service and avoid the tediousness of varying processes. Expanding on his view that the future of digital governments is invisible, he felt that cutting down on the approvals from various agencies when trying to access a service is the way to go.
Governments must be motivated by the results and outcomes, not by the money they are going to make. Leaders and decision-makers must find the right tools to measure these underlying outcomes. The more agencies use technologies like AI, machine learning and data science, the more it is critical to make a direct link between the effort that has been put in and the outcome that is derived from it.
David ended his presentation by saying that governments must move on from sandbox treatments and trials to the actual production of programmes for their citizens using disruptive technologies such as AI, machine learning, and data science. Building a digital future must be made in a scalable, robust and secure manner.
Power Talk
Mohit joined Dr Adam Chee, Chief – Smart Health Leadership Centre, Institute of System Science, National University of Singapore, Dr David Hardoon, Senior Advisor for Data and Artificial Intelligence, UnionBank Philippines, Jason Loh, Head of Analytics and Artificial Intelligence, Asia Pacific, Global Tech Practice SAS, and Christopher Tan, Partner Revenue Acceleration, Director – APJ, Intel in Power Talk to discuss how the public sector can further adapt to the changing times.
Jason Loh believes that the personalisation of services will be more prominent in the new normal. He reiterated that the world should continue to embrace technological advancements and new policies and not return to the old norm.
Dr David Hardoon does not feel transformation is about changing culture; it is about how to incorporate technology within the context of culture.
Christopher Tan argues that leadership and the building of digital infrastructure are critical in the changing times.
Dr Adam Chee emphasised the need for digital training and data and information dissemination within governments and organisations in the new normal.
Conclusion
The OpenGov Public Innovation Day – Singapore Day 1 ended with the closing remarks from Mohit. He strongly felt that the change must come from the top so it can trickle down to the workforce and communities.
Change must start from people who understand technology because these technologies use data and data gives you insights; that is the driver behind everything else. Governments should be an example to everyone and by doing that, the desired outcomes will follow.
For more on OpenGov Asia’s Public Sector Innovation Day – Singapore: “Accelerating Digital Transformation, Resiliency, and Innovation for Public Sector in Post-Pandemic Recovery” read Part 2 here.
This is Part 3 of a 3 part series. Read Part 1 and Part 2 here.
Singapore recognises that threats to an open, secure, and peaceful cyberspace are increasingly sophisticated, transboundary, and asymmetric. As a small and highly connected State that has been the subject of several cyber-attacks, Singapore is strongly committed to the establishment of an international rules-based order in cyberspace. This will serve as a basis for trust and confidence between the Member States and enable economic and social progress. To reap the full benefits of digital technologies, the international community must develop a secure, trusted, and open cyberspace underpinned by international law.
On a podcast by the Centre for Strategic and International Studies (CSIS), co-hosts Jim Lewis and Chris Painter talked with David Koh, Chief Executive of the Cyber Security Agency of Singapore (CSA). They discussed how interoperable systems and an international rules-based consensus can help boost cybersecurity.
Mr Koh said that Singapore’s Prime Minister Lee Hsien Loong said that no country wants to have to choose sides. Countries have benefited from an open international economic system. Mr Koh added that Singapore has benefited significantly from this global trend by reaping the benefits of free-flowing trade and information, goods, and services. This has resulted in inter-connected supply chains which increases information and data flows. Mr Koh said that the ideal scenario is for countries to work together achieve an open, secure and interoperable internet.
Mr Koh also discussed the fact that Singapore welcomes the establishment of a UN Group of Governmental Experts (GGE) and the decision to convene an Open-Ended Working Group (OEWG). The CSA believes that the work of the GGE and the OEWG can and should be complementary in tackling issues like cyber resiliency. The major players need to promote interoperability and work together, in the spirit of consensus, mutual respect and mutual trust.
At the regional level, Singapore has worked with fellow Member States of the Association of Southeast Asian Nations (ASEAN) to issue the first ASEAN Leaders’ Statement on Cybersecurity Cooperation during the 32nd ASEAN Summit in April 2018. In the Statement, ASEAN Leaders reaffirmed the need for a rules-based international order in cyberspace. They also tasked relevant Ministers to identify a suitable mechanism or platform for coordinating cybersecurity policy, diplomacy, cooperation, technical and capacity building efforts across ASEAN, as well as a concrete list of voluntary, practical norms of State behaviour in cyberspace that ASEAN can also adopt.
At the national level, Singapore has made significant strides in strengthening the cybersecurity of its local systems and networks on three fronts – building resilient infrastructure, creating safer cyberspace, and developing a vibrant cybersecurity ecosystem.
Furthermore, Mr Koh said that to achieve true cyber resilience, there should be accountability and a rules-based international system. One example of an international rules-based framework is the United Nations Convention on the Law of the Sea (UNCLOS), also called the Law of the Sea Convention or the Law of the Sea where countries included in the treaty follow rules and regulations uniformly. Mr Koh said that a framework like the UNCLOS can be applied in cybersecurity to promote a rules-based international order in cyberspace.
Mr Koh said that the major challenge in cyberspace is the fact that the internet was not originally designed with security in mind, which translates to user anonymity. This anonymity may not be ideal especially when it comes to secure banking transactions, financial systems, and cybersecurity as a whole.
Mr Koh believes that accountability should be integrated into trying to achieve cyber resiliency, that is why the CSA is empowering organisations and governments to strengthen their cybersecurity posture, through readily available resources for the former and capacity building efforts for the latter. Mr Koh postulated that reducing anonymity can mitigate threats and crimes in the digital space.
This is Part 2 of a 3 part series. Read Part 1 and Part 3 here.
Cybersecurity has risen to the top of both national and international agendas. Government leaders from all over the world said that without cybersecurity there is no real national security. The boom of the digital economy and the digitalisation of businesses and society especially during the COVID-19 pandemic has now put the private sector at the centre of cybersecurity debates. Recent data mismanagements, or the revelations that social media sites compromised the data of millions of their users, highlight the central role that the private sector plays in cybersecurity. Undeniably, corporations are key players in the digital realm whether it is as distributors of malicious software, victims of cyber-attacks, or first responders to security breaches.
In the issue of cyber insecurity, the question lingers; what is the role of the private sector in cybersecurity policies, and how can this co-exist with the traditional responsibilities of government? On a podcast by the Centre for Strategic and International Studies (CSIS), co-hosts Jim Lewis and Chris Painter talked with David Koh, Chief Executive of the Cyber Security Agency of Singapore (CSA). They discussed the integration between the private and public sectors in improving cybersecurity capacities.
Mr Koh recalled that he hosted one inter-sessional meeting which was attended by 100 States, 114 non-governmental stakeholders from the private sector, civil society academia, as well as the technical community. He said that he was fundamentally shocked as to how many people from all over the world, from many dimensions, were committed and so deeply involved and had such great ideas on cybersecurity. For him, this only shows that dealing with cyber requires a multi-stakeholder strategy. For example, most internet infrastructure is being controlled/managed by private industries. A partnership between both public and private sectors can help in trying to boost cyber resiliency policies and programmes.
Furthermore, a lot of the technologies coming out are from industries, academes, and civil societies. Therefore, a multi-stakeholder engagement is an ideal method to improve cyber resilience on a bigger scale. Mr Koh noted that at an intellectual level, everyone understands cyber so everyone must also be committed to trying to find viable solutions. He also emphasised that cybersecurity is the key factor in achieving an open and secured internet environment that can help boost domestic and international economies.
Mr Koh said that countries have different perspectives and angles about cybersecurity. Therefore, the UN OEWG gave both private and public sectors the platform to voice their varying ideas regarding cybersecurity. The forum also helped in terms of building the cyber capacities of ASEAN and other developing countries.
Mr Koh and the CSA view cyber capacity building as a collective effort. For the agency, cybersecurity is only as good as its weakest link. Therefore, Singapore has made it a point that they include ASEAN countries in this endeavour to fully improve cyber resiliency in the region. First, CSA is very interested in cybersecurity awareness-raising efforts in ASEAN. Secondly, CSA has a strong interest in facilitating the sharing of best practices and capacity building efforts in ASEAN. Likewise, non-member countries of the ASEAN can also do dialogue with the association so there will be a broader agreement that cyber resiliency is an urgent concern for everyone. The CSA believes that things will be much more effective if they are properly coordinated on a much larger scale.
To support cyber capacity-building efforts, Singapore launched the ASEAN-Singapore Cybersecurity Centre of Excellence (ASCCE), an extension of the ASEAN Cyber Capacity Programme (ACCP). It aims to build more secure and resilient cyberspace through capacity building programmes for ASEAN senior policy and technical officials with decision-making responsibilities. The ASCCE seeks to fulfil three principal functions:
- Conduct research and provide pieces of training in areas spanning international law, cyber strategy, legislation, cyber norms, and other cybersecurity policy issues
- Provide CERT-related technical training as well as facilitate the exchange of open-source cyber threat and attack-related information and best practices
- Conduct virtual cyber defence training and exercises
The ASCCE undertakes a modular, multi-disciplinary and multi-stakeholder approach to deliver these programmes. The ASCCE engages top cyber experts and trainers and collaborates with ASEAN member states, ASEAN dialogue partners and other international partners including Australia, Canada, the European Union, Japan, New Zealand, the Republic of Korea, the United Kingdom, and the United States, in designing and delivering cybersecurity capacity-building programmes.
The ASCCE delivers programmes in consultation with the International Advisory Panel (IAP) comprising senior representatives from key partner countries and international organisations. The ASCCE will also review and further develop its training curriculum with the support of the International Programme Committee (IPC), which comprises experts from participating countries and international organisations.
Mr Koh and the CSA continue to follow the four Ms when building cybersecurity capacities. First is a multi-disciplinary approach, where capacity-building programmes cover not only technical and operational subjects but policy topics as well for a holistic approach to cybersecurity. The second is multi-stakeholder, where it is recognised that governments need support from industries in the private sector. The third is modular where programmes should build upon and incrementally increase the difficulty level to develop the capacities and proficiencies of the participants and lastly is a matrix, where agencies like the CSA can measure the effectiveness of their campaigns over time.
This is Part 1 of a 3 part series. Read Part 2 and Part 3 here.
The Association of Southeast Asian Nations (ASEAN) is the world’s fastest-growing internet region, with the user base now at 480 million people. Digitalisation in Southeast Asia has important economic implications. By 2025, online spending could rise more than six-fold to US$200 billion. Most of this consumption will be in the areas of electronics, clothing, household goods, and increased travel across the region and elsewhere. This all bodes well in terms of building a middle class and fostering job growth in the region.
At the same time, there are negative sides to the transformation to a digital economy, with cyberterrorism, cyber fraud, and identity theft increasingly threatening its potential. Bad actors are working fast and creatively to wreak havoc on countries, businesses, and people. Today, the quality of a nation’s technology backbone is likely to influence its economic success. If cybersecurity is threatened, investor confidence in the ASEAN Economic Community (AEC) will begin to decay.
On a podcast by the Centre for Strategic and International Studies (CSIS), co-hosts Jim Lewis and Chris Painter talked with David Koh, Chief Executive of the Cyber Security Agency of Singapore (CSA). They discussed progress in cybersecurity done by the CSA in its first six years, technical and policy cooperation within ASEAN, and next steps in cyber diplomacy after the conclusion of the current United Nations’ Open-Ended Working Group (OEWG) processes.
David stated that Singapore’s CSA is on a steady pace in the last six years, but it has been a frantic and hectic rollercoaster ride altogether. For him, they have made significant progress in Singapore in terms of cybersecurity. Firstly, by instilling the realisation that the country is tremendously dependent on digital infrastructures as a highly connected society. The way we work, the way we play, all kinds of things that we do depend on the internet today. This should make organisations and citizens realise that cybersecurity is an integral part of these practices. David also sees cybersecurity as a key enabler for the nation to continue the way it lives, works, and plays. From that perspective, CSA was born. David said that he had the great honour of being selected to head up the organisation. He also noted that significant high-profile cyber hacks that occurred around the world are real. These cyber-attacks brought the message home to Singapore, a message that cyber risks must be taken care of.
Prime Minister Lee’s launched Singapore’s national cybersecurity strategy during the inaugural SICW in 2016. By doing so, it galvanised the domestic audience by showing a commitment from the national government that boosting cyber resiliency is something that needs to be done.
In the ASEAN, David conceded, no man is an island, all more so in cyber issues. The nature of digital is cross border international. The country must realise that no matter what happens in Singapore, it would not be sufficient to curtail the widespread cyber threats. Singapore knows that its economic growth is tied to the ASEAN region thus building up the region’s cyber resiliency is vital. To do this, David noted, that ASEAN countries should leverage ICT technologies in terms of economy, education and so on. The region can fully leverage these tech advancements if it can also deal with cyber risks as well. The message is clear that nations are all dependent on each other and they can only reap the full benefits of digitalisation by dealing with cyber issues. Meanwhile, David is also glad that ASEAN members attend their meetings on cybersecurity at a ministerial level. That is how the ASEAN Ministerial Conference on Cybersecurity (AMCC) was launched.
From a larger perspective, David also mentioned that a rules-based framework must be implemented when dealing with cybersecurity. Therefore, the United Nations (in general) is an appropriate platform for cyber discussions to take place, given its open and inclusive nature for all 193 member states. By conducting discussions on the forum, UN members can now see the importance of cybersecurity for their respective countries. The broadening of the conversation on cyber resiliency and producing a consensus report from the UN OEWG is a significant achievement.
Accordingly, David said that if the approach in cybersecurity is in the same direction, whether it be for the potential impacts of cyber threats, up to the solutions that can deal with them, countries can expect a positive outcome in terms of strengthening cyber resiliency. Leaders and decision-makers must recognise that cybersecurity is an issue, and they need to work together so everyone can move forward in this journey of full digital transformation.
Fintech – a portmanteau of financial technology – is an industry that has seen extraordinary growth in recent years, and Singapore is positioning itself to take full advantage of this emerging new market.
As the term suggests, financial technology utilises technology, such as the internet or apps, to provide financial service. According to a recent study, investment in Asia-Pacific fintech more than quadrupled in 2015 to US$4.3 billion, making it the second-biggest region for fintech investment after North America. Singapore has instigated a range of measures designed to boost its fintech industry, many of which are aimed at encouraging new business ventures.
However, recently, the total number of online crime cases reported for the top four types (e-commerce scams, loan scams, credit-for-sex scams, and internet love scams) increased by almost 60%. To augment its scam-fighting efforts, the Singapore Police Force set up the Anti-Scam Centre (ASC), a dedicated unit within the Commercial Affairs Department (CAD) to tackle scam-related crimes.
With its streamlined investigation and prosecution processes, the Police are now able to intervene at a much faster pace. By collaborating with the three major local banks, suspicious bank accounts that are linked to scams can be frozen within a few days as compared to the previous two weeks to two months waiting period before the setting up of the ASC. In addition to the collaboration with banks to disrupt the scammers’ operations, telecommunications companies will also be engaged to swiftly terminate phone lines used by scammers, further crippling their operations.
In the first three months of the ASC’s operation, 1,286 bank accounts that were linked to scams were frozen, with about S$1.25 million of S$3.84 million scammed recovered from such cases.
The Assistant Director of the Specialised Commercial Crime Division, Deputy Assistant Commissioner (DAC) said that the Police would like to thank these banks for their partnership and commitment to swiftly freeze scam-related bank accounts to mitigate victims’ losses; and provide bank account holders’ particulars and statements promptly to allow the Police to carry out investigations against these money mules and suspected scammers.
To further its anti-scam outreach efforts, the ASC continue to engage and work closely with online marketplaces to introduce anti-scam measures. E-commerce scams have seen a significant increase in the number of victims falling prey to bogus transactions as well. Online marketplaces worked closely with the Police and introduced their anti-scam measures such as publishing scam advisories on their platform, via a form of escrow payment that will only release the money to the seller when the buyer acknowledges through the platform, that the item has been received in good order.
Additionally, one online marketplace introduced a ‘My Info’ page developed by the Government Technology Agency which allows its users to verify the identity of another account user, thus preventing scammers from creating multiple fake accounts.
With the strong support and commitment from these strategic partners, the ASC will continue to strategise and leverage technology to implement more measures and work towards realising the CAD’s vision of making Singapore the safest and most trusted place for business and finance.
Furthermore, Prime Minister Lee Hsien Loong announced plans to make the city-state the world’s first ‘smart nation’ by 2030, using technology to improve the economy and enhance the standard of living. The Monetary Authority of Singapore, Singapore’s central bank and financial regulator, is also helping create a ‘smart financial centre’ where technology is used to increase efficiency and create opportunities.
The adoption of cloud computing across Southeast Asia has expanded in terms of services offered and the number of industry competitors entering the market. According to reports, the cloud computing market revenue in the region is estimated to reach US$ 40.32 billion by 2025.
Cloud technology is popular because it is cheaper than installing local servers and it allows regional companies to connect and compete on the global platform. Additionally, at least 57% of large enterprises in Singapore intend to move their finance systems to the cloud. The report also found that one-third (33%) of these companies expect to do so in the next six to 12 months.
However, with the rapid cloud adoption, it holds to logic that cyberattacks are also on the rise. Over a fifth, (21%), of businesses in the country, saw more cyberattacks during the crisis. This landscape necessitates a new optic where the risk profiles of organisations are prioritised and protecting sensitive data and its resources are critical more than ever.
With this phenomenal growth, there is more data in more places and it all must be protected. Data security and residency demand in Singapore are continuously growing as businesses expand. Customers assume and expect that when utilising digital programs and services, their personal information is safe. IT and business leaders want to know where data is being stored to have more control over how it is being managed and protected. Thus, the need for better data integration and protection technology. With the vast amounts of information and data to collect, work with and safeguard, organisations in the country are increasingly embracing a multi-cloud strategy and cloud-based software as a service (SaaS) – exactly where ServiceNow fits in.
ServiceNow satisfies Singapore organisations’ demands to drive business-wide transformation in highly regulated industries with the Now Platform, available on Microsoft Azure Regions, in Singapore, certified to Singapore’s cloud security standard – the Multi-Tier Cloud Security Standard (MTCS).
The MTCS Standard for Singapore was prepared under the direction of the Information Technology Standards Committee (ITSC) of the Infocomm Development Authority of Singapore (IDA). The ITSC promotes and facilitates national programs to standardise IT and communications and Singapore’s participation in international standardisation activities.
Generally, MTCS provides a framework to enable cloud service providers are safeguarding customer data and meeting the necessary government regulations of Singapore. For many, embracing MTCS is not only about compliance – even those who are not formally required to comply with MTCS are beginning to use it. Industries like financial services, healthcare, and the public sector want to prove that they are looking for robust ways to protect private data.
MTCS Level 3 – an elite standard for data protection
Not all cloud security standards are created equal. MTCS’ tiered approach accounts for this by providing different security levels. It ranges from a lower cost, baseline option (Level 1) to an extremely rigorous certification (Level 3).
To achieve Level 3 standards, cloud services companies must pass an audit conducted by an authorised third-party Certifying Body (CB). The assessor reviews the breadth of the CSP’s Information Security policies and procedures to determine that the CSP has designed effective security controls in compliance with MTCS requirements. The auditors also review an entire suite of evidence to confirm that these controls have been implemented and operating effectively.
For example, if an organisation’s policy claims to conduct background checks on all employees, the assessor will ask for proof. They may request a list of 100 employees onboarded during the audit period and randomly select individuals from the list to review and test that those background screenings were conducted comprehensively and appropriately. This means that the organisation will need to provide evidence that proves they are complying with the MTCS requirements.
ServiceNow is certified to Level 3, the highest level in the MTCS certification tiering.
Advancing data protection in Singapore with ServiceNow.
It is no longer enough to have one area of the business under secure measures – organisations need security controls across the entire infrastructure. Having strong encryption and appropriate access controls allows Singapore organisations to prevent threat actors from unauthorised access – and ServiceNow provides these capabilities.
The company provides a clear picture of how the platform’s architecture is built, so users know where their data is being hosted and who has access to that data. With this, clients are the custodian of their data and they maintain control over who is permitted to access their data and when.
Multiple encryption solutions for the protection of data are also on the table. For example, with Edge Encryption, customers can configure fields and attachments for encryption, manage encryption keys and rules, and schedule mass encryption jobs from the admin console to mitigate data leakage. Even in the worst-case scenario, if a user experiences a significant data breach or cybersecurity attack, the data will remain encrypted upon exposure, preventing unauthorised parties from being able to read or understand the confidential information and all its content.
With the platform in place, customers can keep data within Singapore, meeting the growing demand for data residency. Government, financial services, and other highly regulated customers’ can accelerate their digital transformation while meeting MTCS Level 3 requirements and data residency laws. And by adopting and complying with the highest level of certification standards, the company meets customers’ data protection needs.
Successful partnerships are built on trust, and the company has a global team of dedicated security, privacy and compliance experts that protect data every hour of every day of the year. As cyber threats and compliance needs evolve, ServiceNow will identify, prioritise, and respond to threats faster, while complying with global standards to help everyone embrace data security and maintain confidence in the cloud.
Learn more about how ServiceNow protects data for organisations in highly regulated industries.
In the first quarter of 2021, the Department of Information Security at the Ministry of Information and Communications recorded 1,271 cyber-attacks on information systems in Vietnam, a reduction of 20% compared to the same period last year.
Of a total of 1,271 cyber-attacks causing incidents to information systems during this period, the number of malware attacks was the highest, with 623 cases. The numbers of phishing and deface attacks were 449 and 199, respectively. The number of cyber-attacks causing incidents on information systems in the country decreased by 20% year on year, but it slightly increased from January through March, according to data reported in a press release.
Furthermore, in March, the Department of Information Security recorded 491 cyber-attacks, an increase of 8.15% compared to that in February 2021, including 180 malware attacks, 164 phishing, and 147 deface attacks. The total number of cyber-attacks on local systems was 326 in January 2021, up 3.49% from the previous month. This figure in February 2021 was 454, an increase of 39.26% compared to January.
As per the Department of Information Security, after eight consecutive months of decline, in March 2021, the number of Vietnamese IP addresses in botnets increased slightly, to around 1 million addresses, an increase of 11.34% compared to February 2021.
However, in the first quarter of 2021, the number of Vietnamese IP addresses in botnets decreased by 37.44% compared to the first quarter of 2020 and by 14.39% compared to the fourth quarter of 2020. Director Tran Quang Hung, of the National Centre for Cyber-Security Monitoring (NCSC), under the Department of Information Security in 2020, explained that the impact of the COVID-19 pandemic led to a significant increase in security risk. Early on, Vietnam identified the problem and prepared to deal with it well, so the country effectively minimised the risks.
For state agencies, according to NCSC, 2020 was a year with many bright spots ensuring cybersecurity. Under the direction of the government, 100% of ministries, agencies, and localities have completed the implementation of the Cyber Security Monitoring and Operation Centre and connected these centres to the NCSC’s system.
From a business perspective, the programme “Make in Vietnam” has urged information security businesses to master core technology and bring their quality and advanced products and services to the market.
Predicting a prominent cyber-attack trend this year, the NCSC representative said that with the unpredictable developments of the Covid-19 epidemic, in 2021 online phishing attacks will be still complicated, with an increase in number and methods.
Experts also expect that in Vietnam, as businesses and organisations are promoting digital transformation in a variety of fields, from government, health, and education to tourism and trade, new challenges for ensuring cybersecurity will emerge.
In the first two months of this year, Vietnam’s telecom carriers stopped more than 22,000 spam calls. From July 2020 to February 2021, the Department of Telecommunications cooperated with Viettel, VNPT, and MobiFone to deploy a technology solution to screen 111,694 calls and cancel scammer-owned subscriptions.
In January 2021 alone, the total number of spam calls that were stopped reached 14,646. Some other 7,400 spam calls were stopped in the following month, as OpenGov Asia had reported. Telecommunication enterprises have also launched a roadmap on measures to handle junk calls. They also use big data or machine learning technology to identify subscribers who are suspected of spreading spam calls.
An Australian lithium-ion battery manufacturer recently announced that it will develop a defence-grade cyber-secure Battery Management System (BMS) for its superStorage family of batteries that are to be manufactured in Tomago, NSW.
The AUS$1.46 million BMS project is jointly funded and developed by the lithium-ion battery manufacturer with Australia’s national science agency, CSIRO, and the Innovative Manufacturing CRC (IMCRC).
The BMS will monitor and report on the battery’s usage, lifespan and faults through a mobile network to the manufacturer and their customers. Communicating through an inverter, the system will enable secure real-time data, analytics and remote management to drive down the risk of battery failure and operating costs for grid-scale energy storage users.
The Technology and Development Director of the lithium-ion battery manufacturer stated that this collaboration between the firm, CSIRO, and IMCRC will promote an Australian Battery Management System instead of relying on an overseas technology platform. The software designed and developed in Australia has a strong global reputation and the manufacturer has built a history and track record as an industry.
“Working together with CSIRO will ensure we can create a world-class defence-grade cyber-secure Battery Management System that is fully developed and managed in Australia for critical energy storage infrastructures,” he said.
Through this project, the aim is to demonstrate the advantage that Australian intellectual property can bring to a highly competitive energy storage market where a superior Battery Management System is critical for the operating efficiency of a battery.
The Principal Research Scientist at CSIRO said that the agency is delighted to be working with the lithium-ion battery manufacturer to develop a Battery Management System that is the ‘nerve centre’ of a battery, and will make batteries safer, more affordable and optimised to operate in high-temperature environments.
The partnership validates CSIRO’s capabilities to collaborate, train and transfer skills for the advanced manufacturing of batteries.
The CEO and Managing Director at IMCRC sees the research collaboration between the lithium-ion battery manufacturer and CSIRO as a catalyst for further establishing an Australian battery manufacturing sector. He noted that the growing interest in renewable energy and thus demand for lithium-ion batteries provides a great opportunity for Australia.
By accessing local knowledge and expertise, this project will demonstrate how Industry 4.0 technologies and principles can be utilised to establish a viable Australian battery manufacturing sector for the benefit of all Australians, and as a national manufacturing priority. The commitment from all involved in this project will help position and strengthen the value and influence of Australia’s role as a strategic partner in the global lithium-ion battery value chain.
The Minister for Industry, Science and Technology, who launched Australia’s Resources Technology and Critical Minerals Processing manufacturing road map at Energy Renaissance’s site earlier this month, welcomed the research collaboration.
It was noted that this project is a great example of how local industry and research organisations can work together to turn an innovative idea into a high-value product that strengthens Australia’s competitive advantage and secures greater investment and market share.
The lithium-ion battery manufacturer’s 4,500 sqm purpose-built facility in Tomago, NSW will manufacture Australian made batteries that are safe, secure, affordable and optimised to perform in hot climates.
These batteries will power stationary (grid and microgrid, renewables, community storage, mining electrification, Defence SilentWatch applications) and transport (buses, light commercial and industrial vehicles) applications.
