Cyber Resilience

Powered by :

The Tasmanian Government has committed $4.9 million over four years to develop its Whole-of-Government Cyber Security Program as part of its $135.4 million investment in government IT service delivery.

The funds will be used to expand the cybersecurity program, which seeks to help the state government more rapidly detect and mediate vulnerabilities in Tasmanian government services. The expanded program will also include support for government departments to train staff to better recognise threats that may occur in their day-to-day work, as well as a cybersecurity upskilling program for the state’s public sector.

As part of these efforts, the government will soon advertise for additional experts to the Whole-of-Government Cyber Security Team as part of a recruitment guide.

The Tasmanian Minister for Science and Technology said in a statement that the Tasmanian Liberal government is determined to protect its information and ICT systems from malicious cyber activity which is increasing in frequency, scale, sophistication and severity.

The expanded program aims to reduce the impact of malicious actors and aid rapid remediation by detecting vulnerabilities in Tasmanian government services at the earliest opportunity, further integrating our incident response capacity with national arrangements.

Tasmania reveals $135M IT infrastructure overhaul

Tasmania announced that it aims to invest $135.4 million into a government-wide IT infrastructure upgrade to ditch its “20th-century technology”. As part of the state’s 2020-21 budget, the government will spend $26.5 million this year alone on upgrading its legacy systems, which will take an estimated four years in total.

Alongside this Tasmania plans to spend $57 million on its Digital Transformation Expenditure Program until 2024. This includes $1.5 million in funding towards the state’s digital health transformation project, split between $500,000 in 2020-21 and $1 million in 2021-22.

Over the next four years, the project’s 2020-21 spend is expected to be the smallest at just $379,000. Following on from this, $1.7 million is scheduled for 2021-22, then $1.6 million in 2022-23 and then $1.3 million in 2023-24.

As part of the digital transformation program, funding will be pulled into a strategy and business case for the state’s Health ICT Plan 2020 to 2030. With this plan, the state aims to digitally transform hospitals, improve patient information outcomes and better manage the Department of Health’s workforce.

The third stage of the state’s Justice Connect program, which was established to address the ageing systems at the state’s Department of Justice, is also taking a slice out of the Digital Transformation Expenditure Program at a price of $6 million, split into equal parts between 2021-22 and 2022-23.

This will see current case management systems will be replaced with a single integrated system, which is expected to support the case management needs of a combined Single Tribunal.

Past the Digital Transformation Expenditure Program, the Department of Police, Fire and Emergency Management’s Project Unify saw $46.1 million, which is set to be distributed over the next four years, for the upgrade of ageing policing operations ICT systems.

The Department of Health’s human resources information system (HRIS) is set for an overhaul in what the budget documents describe as an “urgent upgrade”, with $21.6 million set aside for the project over the next three years.

The new system will enable the Department to move away from paper-based systems, improving the delivery of critical human resource management systems, the budget noted. Of the spend, $2.1 million is due to be spent in 2020-21, followed by $11 million in 2021-22 and $8.5 million in 2022-23.

Vietnam considers digital platforms as a way to accelerate national digital transformation, considering cybersecurity a key factor to create digital trust and Institutional reform the decisive factor for digital transformation.

Vietnam Security Summit 2020 was held in Hanoi on November 10 by the Party Central Committee’s Economic Commission and the Ministry of Information and Communications. Featuring the theme ‘Cybersecurity in the AI and Big data era’, the summit shed light on the latest security trends and considerations for digital governments and modern-day enterprises, including national critical infrastructure defence, next-gen enterprise cyber protection and customers’ data assurance.

Digital transformation has led to an increase in the number of internet of things devices and generated a large amount of data. While data had become an important resource of the country, of each organisation and individuals, the risks of information and data theft and destruction were also increasing.

Cyber attackers have exploited the strengths of artificial intelligence and big data in cyber-attack techniques and malware has become increasingly sophisticated with phishing technology based on artificial intelligence.

“Reality shows that we are facing increasingly dangerous and sophisticated cyber attacks. Each agency, organisation, business and user must always be ready to respond to threats in cyberspace,” said Vice Chairman of the Party Central Committee’s Economic Commission Nguyen Duc Hien.

Sharing the same viewpoint, Colonel Nguyen Dang Luc, Vice Chairman of the Government Cipher Committee, said cyber-attacker and criminals of late have become emboldened enough to steal state confidential information, data and destroy information systems. Increasingly cybercriminals and reactionary organisations had been proliferated and gained the technical expertise to cause serious consequences, threatening social order and safety, political stability and national security.

From the perspective of the Ministry of Information and Communications, Nguyen Khac Lich, Deputy Director of the Authority of Information Security under the Ministry of Information and Communication, said the current risk of information security was significant to the extent that it would affect the entire economy. “Cyber attacks are getting more sophisticated, more fierce, more dangerous,” said Lich.

At the summit, the representative of the Authority of Information Security reviewed some outstanding results in the work of ensuring information security in Vietnam. Specifically, Vietnam’s ranking of the Global Cybersecurity Index (GCI) in accordance with the assessment of the International Telecommunication Union (ITU) had positive changes last year. The country ranked 50 out of 193 countries, 11th in Asia-Pacific and fifth in ASEAN.

Sharing about the strategy to implement cybersecurity, Lich said, “If we want our nation to become a powerful country in cybersecurity, in the group of 30 leading countries in GCI index by 2030, we need to focus on development in accordance with five main pillars including legal, technical, organising, capacity building, and co-operation.”

Along with that, Lich also raised other major plans to ensure information security in the coming time, which include information safety in digital transformation, protecting users on cyberspace, promoting the implementation of the four-class model in the organisations and identifying human as the main orientation of ensuring information safety.

OpenGov Asia recently reported on Vietnam’s Decree 91 that aims to ‘clean up’ digital space with AI, ML and Analytics

The Vietnam government strongly believes that ensuring safety in cyberspace will accelerate the process of national digital transformation as it is the key to a successful and sustainable digital transformation.

The Monetary Authority of Singapore Cyber Security Advisory Panel (CSAP) stressed the need for financial institutions to review their security controls given the elevated technology-related risks arising from remote working and safe management measures due to the COVID-19 pandemic. The Panel shared its insights on cyber risks in the new operating environment and made several recommendations.

Mr Ravi Menon, MAS’ Managing Director who chaired the CSAP meeting, said, “Singapore’s financial sector has done well so far in its cyber and operational resilience amid the new operating environment created by the pandemic. But as the situation prolongs, that resilience will come under greater stress as cyber attackers look for new vulnerabilities.”

“Financial institutions must remain alert and nimble and strengthen their defences against emerging cyber threats. CSAP members have provided useful recommendations on maintaining cybersecurity against the backdrop of growing reliance on remote working arrangements and cloud service providers.”

Key recommendations from the CSAP meeting include:

Reviewing risk profiles and adequacy of risk-mitigating measures.

The Panel discussed the risks and vulnerabilities arising from the rapid adoption of remote access technologies and work processes that could affect financial institutions’  (FIs) cyber risk profiles. The meeting highlighted the need for FIs to assess if their existing risk profiles have changed and remain acceptable. This is to ensure that in the long run appropriate controls are implemented to mitigate any new risks.

Maintaining oversight of third-party vendors and their controls.

With the increased reliance on third-party vendors, the Panel emphasised the need for FIs to step up their oversight of these counterparts and to monitor and secure remote access by third-partiesto FIs’ systems. This is even more important during the COVID-19 pandemic where remote working has become pervasive.

Strengthening governance over the use of open-source software (OSS).

Vulnerabilities in OSS are typically targeted and exploited by threat actors. The Panel recommended that FIs establish policies and procedures on the use of OSS and to ensure these codes are robustly reviewed and tested before they are deployed in the FIs’ IT environment.

The Panel also exchanged views with the Association of Banks in Singapore Standing Committee on Cyber Security (SCCS) and the Insurance SCCS on enhancing cloud resiliency, monitoring insider threats, and the role of cyber insurance in risk management over two days of virtual meetings. Participants included representatives from government agencies such as Ministry of Communications and Information, Ministry of Defence, and Government Technology Agency.

The National e-Governance Division (NeGD), in partnership with National Law Institute University, Bhopal, launched an Online PG Diploma programme on ‘Cyber Law, Crime Investigation & Digital Forensics’ on 9 November 2020.

Hosted on NeGD’s Digital Learning Management System (LMS), the programme is a nine-month online post-graduate diploma course in Cyber Law, Crime Investigation and Digital Forensics.

NeGD’s Learning Management System (LMS), built as part of its Capacity Building Scheme, caters to the needs and requirements of learning and development of government departments envisaged in the National Programme for Civil Services Capacity Building (‘NPCSCB’) – “Mission Karmayogi.”

Falling within the ambit of the Digital India Programme, the course is being offered to 1000 officials in collaboration with NLIU Bhopal. So far, a total of 542 participants has been selected. The programme aims to enable police officers, state cyber cells, law enforcement agencies, prosecutors and judicial officers to acquire the requisite skills to deal with cyber forensics cases efficiently and effectively as per the Indian Cyber Law. The course will also help the participants adopt global best practices, standards and guidelines.

A Cyber Forensics Lab is being established at the National Law University (NLU) Delhi to facilitate this course. Other law schools/ universities like National Law School of India University (Bangalore), Rajiv Gandhi National University of Law (Patiala) etc., will also be involved in the future.

The programme features over 100 hours of content developed by key stakeholders. Commenting on the evolution of the programme, Shri Abhishek Singh, IAS, P&CEO, NeGD, and CEO, MyGov India said it was heterogeneous with participation from judges, officers from police and the customs, judicial and prosecution officers.

Chief Secretary and State Vigilance Commissioner – Government of Meghalaya said that the course will be extremely useful to the Law Enforcement Agencies. He shared there had been an increase of nearly 60% in cyber cases during the pandemic as compared to the period between 2018 and 2019.

One of the positive fallouts of COVID-19, he opined,  was an increase in the use of Digital Technology. The flip side to this was that it has led to a rise in the number of cybercrime cases and highlighted the following challenges including fraudulent business transactions, obscene content and defamation and fake news.

Rapid location and identification of cybercriminals was an issue along with a delayed response from service providers. Other problems are a lack of timely information that hampers investigation as well as the location of data in servers outside the country. Knowledge, technology and tools were much needed to cope with increased sophistication in cybercrime. In addition to technologies and capacity building, creating general awareness among citizens were critical drivers for this initiative.

Business dynamics and technology challenges also played a major role in handling cybercrime cases which have been the major drivers in designing the course in collaboration with experts and academia along with NeGD.

Investigational expertise along with well-trained prosecutors and requirement of higher technical education and continuous capacity building of judges was much needed to handle cybercrimes. The course has been designed to maintain the balance of technology and the importance of practical scenarios.

Secretary, Ministry of Law, Anoop Kumar Mendritta emphasised the increased participation of prosecution and judicial officers and the need to move towards Data Investigation from Data Governance to increase in disposal rate. He said that 22% of cases are disposed of due to lack of evidence with high pendency and low conviction rate which requires increased participation. He pointed out that there was a complete mismatch between Investigation and Judicial officers which will be addressed by creating a pool of digital forensic experts and increased academic collaboration.

Secretary-MeitY-Shri Ajay Sawhney, who inaugurated the programme, said that this curriculum is a first-of-its-kind designed after consultation with many experts in collaboration with academia and a state-of-the-art forensic lab playing a role in imparting skillsets to all officers and this was just the beginning of Skill and Capacity Building in Cybercrime in future.

The Defence Science and Technology Agency of Singapore celebrated it’s 20th-anniversary last week. The Defence Science and Technology Agency (DSTA) implements defence technology plans, acquires defence equipment and supplies, and develops defence infrastructure for the Ministry of Defence.

Deputy Prime Minister, Coordinating Minister for Economic Policies and Minister for Finance Heng Swee Keat made a speech at DSTA’s 20th Anniversary outlining the many achievements and contributions DSTA has made to keeping Singapore safe.

The Minister also announced during his speech that the government will be investing heavily into science, research and innovation. “We are finalising our Research, Innovation and Enterprise 2025 plans, and will be investing more than 20 billion dollars in science, research and innovation over the next five years.”

Technology keeping Singapore’s fighting capabilities ahead of the curve

“DSTA has grown by leaps and bounds since then. You have built a range of deep expertise – from our air, naval and land systems, to C3 and cybersecurity. Our locally designed and built platforms – like the Hunter Armoured Fighting Vehicle and Littoral Mission Vessel – are a testament to your ability to translate technology and plans into reality. These capabilities have kept our fighting capabilities ahead of the curve.”

The Hunter is the first fully digitalised armoured fighting vehicle. The Hunter fleet not only has better firepower, mobility and protection but also requires fewer operators compared to its predecessor, the Ultra M113.

DSTA has used virtual reality to provide a higher level of training, as seen in the Navy’s Littoral Mission Vessel Simulation Centre.

DSTA has also developed advanced cybersecurity solutions. Leveraging AI, to be able to better detect anomalies in their systems, and to learn and adapt as threats evolve.

“The Smart Air Base that is under development is one example of how we are heading in this direction. Together with our Air Force and other partners, you have taken an innovative fusion of AI, data analytics, robotics and other emerging technologies.”

DSTA investing in the youth and the future of STEM

The Minister acknowledge how DSTA has been actively building a pipeline of future engineers and scientists, by nurturing an interest in STEM among students to realise these possibilities.

The Young Defence Scientists’ Programme and BrainHack has given students the opportunity to view the possibilities, for example in unmanned and space technologies.

How DSTA step up in times of crisis

“Time and again, the men and women of DSTA have gone beyond the call of duty in times of crisis. In 2003, you adapted military technology to develop thermal scanners for temperature screening during SARS. In our ongoing fight against COVID-19, you have likewise contributed various solutions to support critical operations – from co-developing temperature self-check systems and Mobile Swab Stations to tapping your networks to procure emergency healthcare supplies amidst global supply chain uncertainties.”

To support the resumption of activities post-Circuit Breaker, DSTA also developed solutions to aid contact tracing, and medical and routine swabbing operations. Some of you also stepped forward to volunteer in swab testing operations and served as safe distancing ambassadors.

Digital transformation is the process of adopting the current and/or emerging digital technology in driving the business through strategic plans and organisational change to augment or adapt services, delivery and revenue.

Respondents of a 2020 Asia Pacific small, medium business digital maturity study acknowledged the crucial role of digital transformation in the businesses. The study, covered Australia, China, Hong Kong, India, Indonesia, Japan, Malaysia, New Zealand, the Philippines, Singapore, South Korea, Thailand, Taiwan and Vietnam as markets. Conducted at the beginning of the year, the study had 1,400 respondents from across the commercial landscape exploring various industries from financial services, telecommunications, media, manufacturing, construction, transportation, retail to wholesale.

It found that digitally mature small and medium businesses (SMBs) have higher benefits in terms of revenue and increased productivity, contributing to their growth and economic recovery. Data revealed that digitally mature SMEs could enjoy up to 16% increase in revenue and a 14% increase in productivity, allowing for a greater contribution to a nation’s economy. The study showed that 31% of SMEs in the Asia-Pacific region are still in the first stage of the digitalisation process, called the digital indifferent stage. Meanwhile, 53% are in the observer stage, 13% in the digital challenger stage and only 3% are in the digital native stage.

A senior industry head opined that Philippine SMBs are eyeing improved customer experience and service delivery through digitalisation. Lack of budget and shortage of skilled talents are the key challenges for Philippine SMBs. They also had to deal with the lack of necessary technologies, lack of insight into operational or customer data, cultural resistance to change, among others.

The pandemic has entirely changed the context, scope and nature of transactions done by people. Enterprises need to learn, adapt and maximise the use of technology, especially now that most people rely on it to continue their businesses and lives in the new normal.

Business process outsourcing (BPO) companies, for instance, continue their services remotely, while most organisations have implemented work-from-home (WFH) strategies that rely on a digital workspace. In this scenario, businesses rely heavily on telecommunications service, cloud and cyber resilience services increasingly.

About 70 % of SMBs in the study said they are accelerating digitalisation in response to the coronavirus disease COVID-19 pandemic. Well over half (62%) of the respondents are looking at digital platforms, services and solutions to launch new products and services. They recognise that staying ahead of the competition remains an important factor.

A local entrepreneur confirmed how dependent the business is on technology and how poor digital services,  like intermittent or low-bandwidth internet, could affect service and revenues. Unreliable internet connectivity results in a delay in receiving inquiries from potential clients. If not serviced promptly, this translates into a lost opportunity. As such, it is critical for the internet connection remained stable, especially when products were being uploaded online. To ensure this, they consistently monitor the internet connection speed using an app. Similarly, the business uses a money manager app to monitor the cash flow and expenses, as well as consistently upgrades phones/cameras to be able to take good photos.

Data from the survey show that respondents plan to invest in cybersecurity, information technology infrastructure upgrade and cloud. The pandemic has increased the technology investment priorities on customer experience and video conferencing solutions and artificial intelligence (AI). In the Philippines, 18% of respondents shared they are looking to invest in AI, while 15% have prioritised IT or software upgrade. Another 15% answered that cloud would be the main focus of their technology investment.

The study suggests that accelerating the digitalisation process could add US$1.3 trillion to the region’s GDP in 2024. The pandemic brings an opportunity for SMEs to accelerate their digital transformation, as the process will not only help them solve problems but also sustain their growth in the long run.

New Zeland has seen a recent surge of increasingly sophisticated malware attacks that are affecting everyday New Zealanders as well as large organisations. A malware campaign which is being spread through attachments or links in emails is currently affecting New Zealanders. The attacks have the potential to cause widespread disruption and loss of revenue and data.

CERT NZ has received intelligence from one of its international partners that approximately 800 New Zealanders have been affected by this malware.

If the recipient opens the attachments or links in the email, the malware gains access to their email account and can send emails out to the contact list to keep spreading the malware. Once an entry has been gained into the target computer, the malware steals login details, sends fake invoices to businesses customers, etc. It can even block access to files and demands money to grant access again.

CERT NZ, the government agency which supports organisations and individuals affected by cybersecurity incidents, says the virus, known as Emotet, installs malicious software (malware) onto a computer without the owner knowing. The attack is typically financially motivated and can result in significant financial loss or data loss through ransomware infections.

Ransomware like those affecting the healthcare sector in the United States. Federal agencies have warned that the US healthcare system is facing an “increased and imminent” threat of cybercrime, and that cybercriminals are unleashing a wave of extortion attempts designed to lock up hospital information systems, which could hurt patient care just as nationwide cases of Covid-19 are spiking.

“Computer malware is a common theme that people have to protect against. However, this particular one is quickly and continually evolving globally,” says CERT NZ’s Deputy Director, Declan Ingram.

The tricky thing is these malicious emails often do not come from spam email addresses, which is usually a sign that an email is suspicious, said Ingram.

Recovery from this type of virus is not straightforward. If affected, CERT NZ recommends disconnecting the affected computer from any network immediately and contacting the IT support team.

If systems have been infected by Emotet malware, CERT NZ recommends the following mitigation tasks :

  • Isolate the infected computer as soon as possible
  • Inspect and clean all computers connected to your network
  • Notify everyone in contact lists and advise them not to open any emails that appear to come from you
  • Run an anti-virus scan across the device
  • Change all your passwords and logins on a non-infected device
  • Implement two-factor authentication where possible

In cases of personal device being affected, CERT NZ recommends reporting the matter to them via their online reporting tool. An incident responder will make contact directly, to talk through the various options available.

“If anyone is concerned that either they or their business may be affected and is unsure what to do, reach out to us here at CERT NZ and we can assist you on what to do next,” says Mr Ingram.

CERT NZ has issued an alert on its website with information on what to do if you have been affected and how you can best protect yourself from a virus like this.

Earlier in June this year, Cert NZ cautioned people of businesses compromised through remote access systems – software that allows staff to access the business’ network remotely. Attackers were using this software to gain access to business networks, extract sensitive data, and encrypt files and then demand payment for the data.

The Ministry of Information and Communications (MIC) recently held a ceremony to promote the VNPT electric know your customer (eKYC) solution, which can detect abnormal features on ID cards and other personal documents.

It is part of a series of events aimed at introducing Vietnamese-made services in the nation’s national digital transformation until 2025 with a view to 2030. VNPT stated that among several other capabilities,  eKYC can spot fake IDs, validate documents, authenticate portraits, detect invalid papers, and identify customer video calls, thanks to a large Vietnamese-specific database and the high accuracy of its optical character recognition.

According to a news report, the company says that the solution can warn about ID cards that have been tampered with, helping to reduce risk, shorten check-in times, and enhance security in information validation. eKYC has been developed based on cutting-edge technologies such as artificial intelligence (AI), blockchain, and biometric recognition.

At the ceremony, the Director of the Authority of Information Technology Application, Nguyen Huy Dung, praised the solution as a passport for entering the digital world.

Ngo Dien Hy, the General Director of VNPT-IT, noted that eKYC can be applied in many sectors such as banking and insurance whilst noting that the identity verification might not be completely accurate but can significantly minimise fraud.

The country has been prioritising the development and implementation of industry 4.0 technologies, including 5G. Earlier this month, the military-run Viettel High Technology Industries Corporation and VinSmart Research and Manufacture Joint Stock Company signed a cooperation agreement to create a 5G gNodeB base station system at a ceremony in Hanoi.

The signing ceremony took place under the direction of MIC. The Viettel Group and VinGroup plan to research and develop 5G technologies to successfully commercialise 5G broadcast stations owned by Vietnamese people. Accordingly, VinSmart is responsible for developing and supplying an 8T8R radio unit (RU); an 8T8R antenna; and a Massive MIMO Radio 64T64R (integrated with both RU and Antenna); VHT research and development of signal processing equipment (CU-DU); 5G core network system; providing 5G service and new technologies such as Beamforming and Multi-User Massive Mimo, which also provides high-speed services to many users.

The two sides agreed to complete the set of specifications for 5G base station products and complete two laboratories for each side. In November, the two sides will make the first test call on the 3,600 – 3,800 MHz frequency band.

The goal of VHT and VinSmart is to successfully commercialise the 5G gNodeB 8T8R base station on 30 June 2021 and the 5G gNodeB 64T64R base station on 30 June 2022, these will be the first high-quality 5G broadcast stations that are jointly owned by two Vietnamese technology groups.

Addressing the event, Member of Party Central Committee and MIC’s Minister Nguyen Manh Hung, the Deputy Head of the Party Central Committee (PCC)’s Communication and Education Commission, asked VinGroup to focus on developing radio. Viettel will focus on signal processing, the core network, and integration into commercial products.

OpenGovLive! Virtual Breakfast Insight

Are your Business Operations Resilient Enough? – Thriving in VUCA World