Alex, could you start by telling us about the origins of your department?
We’re quite a new department which was formed when three other departments merged in January 2015. I’ve been here since August 2015 and one of the particular challenges I’ve noted is forming a strong and cohesive operational service systems base. It’s a massive department, even bigger than we expected as there are five major business units and 46 agencies and portfolio entities, some of which are large organisations in their own right.
When three individual departments are brought together, they all have their own processes, systems and resources. There is duplication at certain points and there are other things that nobody is doing at all. Shaping all of this into an effective and functioning operation is a challenge. This goes for the entire corporate structure of the department, of which the ICT function is only a part. In ICT, we implement systems, support operations and the technology vision for all the departments, like HR, finance, procurement and others. They are trying to work off multiple systems and trying to come up with a single process that’s effective for the whole department and for all the people within the department who might not be familiar with each other’s processes.
I think that’s been a learning experience for the department as a whole. It sounds really simple: “Let’s all get onto one system”, but in reality it’s quite challenging. It implies internal change management for everybody in the department and they have to adapt to new ways of working. There is an enormous amount of systems activity required just to get everybody trained and logged on and to get everything consistent. That’s the background to what the department has had to deal with. Of course, technology in any organisation and in government as much as any industry, is a big source of opportunity in terms of innovation. So the other aspect of the ICT function is to try and look for these opportunities and to turn them into investments, and then ultimately to deliver them.
What projects are you focused on now in your department?
We are doing two kinds of projects at the moment. The first is establishing a strong operational base for the organisation, in some cases from scratch. In that we’re nearer to the end than the beginning, but I wouldn’t say we are there yet.
Then there’s the ongoing agenda to deliver new technologies which is the fun and interesting part. We cover government functions that are related to economic development. But sometimes what those functions actually do is very, very different across the different parts of the department. We have an economic development and innovation group which deals with overseas trade missions, small business and grants. It also provides industry support so it’s like a Chamber of Commerce for government.
There’s also agriculture and resources. For farm services, we have 80 regional offices across Victoria. Their work ranges from genetic research to the dairy industry, from biosecurity to forestry. We also provides services and support to the agriculture industry right across the state. A lot of their innovations are globally significant and we’re doing some really strong research work in Australia across a number of different areas of agriculture. A lot of that is underpinned and made possible by technology. Then there is the Transport group. Public transport in particular is huge and that is part of this department. PTV, VicRoads, all of these agency organisations ultimately roll up under the Ministers that our department serves. Some of those organisations like VicRoads, on their own are bigger than this department.
We also have Creative Victoria. That’s museums, galleries, the film industry and the cultural plan for the state. We are trying to make the state a contemporary, cultural destination. It also involves supporting the tourism industry for Melbourne and for Victoria more broadly. Finally we’ve got the coordinator general, that’s affiliated to transport. It includes the level-crossing removal authority and the Melbourne metro rail authority. Those organisations have budgets in the billions, they’re growing their staff base rapidly as they ramp up massive projects that are run for over a decade. So when you look at what this department actually does and you think about how to apply technology to this, one of the answers you come up with is, well we cannot possibly be the central experts in farm services technology, public transport network planning, the film industry and economic development.
The diverse applications of technology across the types of activities the department undertakes are very broad. The challenge for a central IT function is to think about what we can do to enable the department to get the greatest benefit from the technology that it needs in all of these areas.
What we can’t do is the old school kind of centralised model where anybody who wants something out of IT has to go through us and we have to project manage it. We have to be the architects, because the specialisation or the expertise required is far too great to try to jam it into one corporate function. It’s also quite inefficient to do so. To have a single corporate function attempt all those different things wouldn’t allow cohesion within the business unit and IT will become a roadblock. Unfortunately in other organisations, there are stories of this happening all too often.
We try to find a balance between driving capability and technology and driving efficiency in the sharing of investments that we’ve already made.
There are a lot of examples of two or three different parts of the department all trying to buy the same piece of software and we centralise this.
The other thing we’ve been trying to do is to put some government structures in place behind this like the Portfolio Management Office (PMO). I’ve set up a PMO from scratch, which started operating from January 2016. Already we’ve a full picture of every IT or every IT-related project that’s going on within the department. It might sound really simple and people might ask, how can we not have such a thing, but again you bring three departments together with no PMO – and you’ve got no visibility at all over what range of projects are being carried out. A PMO is a standard function within a corporate IT team but in our case, we’ve set it up particularly because the portfolio of projects is so diverse.
So has the merger in terms of IT, been successful in terms of integrating the three onto a single system? Is the process complete now and what have the benefits been?
That’s a massive question. We talk about it a lot at the higher-executive level of the department. The whole point of bringing them together was to drive consistency and derive benefits. You wish that it would come immediately but it takes time to realise. We can see the signs of it being realised. From an organisational point of view, just things like aligning cultural events with transport facilities or tourism facilities, where you’ve got different parts of the department who previously worked in totally different organisations now are better able to collaborate. On the corporate side, the IT teams from different parts have somewhere to go to now. A significant number of these sub-groups came with little IT teams of their own. But the executive parts of those departments didn’t necessarily understand exactly how to plan for and run their IT functions. Nor was it advisable for all of those IT teams to be sucked into a central corporate group, which is a mistake organisations have made in the past and will probably make again. They talk about this thing called shadow IT, where any IT-related work being done in the organisation that doesn’t report directly into the CIO, is somehow called shadow IT and should be stopped. If we try to do that in this department, everything will just come to a complete standstill.
So instead we provide services, we provide forums for them to come together and talk about the things that they’re doing and find out if they can help each other. So we play a facilitative role. We tell them, “If you want to run a project, here are some templates, here’s a methodologies and we can find you a project manager. We can help you with your budgets and the vendor management.” Things like aligning licenses between different parts of the department who originally purchased them independently wouldn’t happen without the existence of this corporate group.
The real trick, I think, is in having the right approach to what you try to bring together and what you allow to happen independently. That’s the tricky judgment call and at the moment, I’m quite happy with how it’s going though.
How do you juggle the various needs of the department and in particular, the legacy technology that’s in place with the new technologies are coming about? Everyone wants something new but you’ve already got such a big infrastructure of existing IT so how do you balance the needs of everybody?
I will say the great majority of budget and the effort that goes into our IT is on legacy systems. Legacy could mean 30 years old at worst or it could mean only 3 years. By legacy we just mean systems that are already there and need to keep running or be enhanced because every year, you’ve got new policies, new processes, new requirements so you’ve got this kind of multiple enhancement processes on your existing systems. I would guess that many government departments and many private sector organisations are in the same situation, where the majority of the work they’re doing is keeping the infrastructure they’ve got running and refreshed. Sadly it doesn’t leave a lot of bandwidth for the exciting new technology that everybody wants to get hold of.
In many cases, we’re years behind. We’re just trying to get a consolidated, active directory standard operating environment on a supported version of Windows and email for the department. I think that’s one of the hardest conversations for a CIO. It’s trying to get that balance between what you can do with new technology (today’s new technology is tomorrow’s legacy) versus how much you need to spend on actually keeping your legacy going and to what extent is it really fit for purpose?
Again, given such a broad department and many subsets, how do you use technology to create the workplace of the future?
We’ve done a lot of work during last year on improving our video conferencing facilities. Now the software that supports it is bundled into most major packages and you don’t have to go out to buy bespoke software. A lot of it is just about actually installing the facilities so that people can have meetings and utilise it. It helps our remote offices around the region and internationally to communicate effectively. We are also working on a project we call ‘Business Mobility and Collaboration’, which is the very simple sounding matter of you can access your document from anywhere and any device. You can also share it with anyone and it has proper security behind it. It’s compliant with records management and all of the other standards that you need to apply to often sensitive documents.
We don’t have that where we want it yet but within six months, we should have a much improved setup. We had an explosion of mobile devices in the department over the last year and a half. We’ve got a couple of thousand of them now, and everybody wants to access their material from those devices. We need the technology to catch up with that and I think this could be a good productivity driver. It’ll also help people to collaborate better than they can today.
Are you happy with the current level of your security and how much of your budget do you allocate to security and is it enough?
Security is a bit of a cops and robbers thing, I believe. No matter what you do, somebody comes up with something to find a hole in it. So you have to do it again, like you buy a better security device, somebody wrecks it, you buy more. It’s a never-ending undertaking and I think it will always be that way. Security is like an insurance policy – we certainly cannot have the strategy of “Let it be”. Just don’t spend anything and see what happens. Not many organisations do that, but again if you are lucky, nobody will do anything to you. On the other hand, you can spend gazillions and still have security problems.
The judgment call is to go how far in security, I don’t know if there is a formula for it. We take it seriously in the department. At the same time as we’re trying to improve our security, the privacy and data protection legislation is also evolving. They are trying to come up with more sensible constructs that allows us to use the frameworks for what we protect and how. That at least give us some standards for what we should be protecting against or shouldn’t. Having standards everyone can sign up to provides consistency. Then you try to implement technology that complies to those standards but there could be complications. To take an example there is a lot of migration to the cloud, although many organisations still have on-premise legacy systems. So what’s the difference in terms of security for cloud vs on-premise? Many people argue that the cloud is more secure because the organisations that are running it have dedicated effort and capabilities specifically to make themselves secure as opposed to on-premise where it’s up to you. I think that’s quite a compelling argument actually and I think that’s the trend everybody’s going to go to eventually.
I think all of the tools that are needed for security exist and you just have to decide how far to go because the more secure you want to make something, the less easy it is to collaborate.
What does success look like for you in three years’ time?
Our strategic vision for IT is a workplace environment and public services enabled by effective modern ICT. We have to maximise the amount of benefit that the organisation can get from technology. There are productivity type tools available that will uplift the performance and efficiencies of the department as a whole. I would like to sort these collaboration, desktop mobility kind of areas within a couple of years. We’re already on the way. We have to do something about our backend systems. The Victorian government IT strategy as a whole is looking towards consistency across financial and HR procurement systems. I think that’s going take some time, It would involve large scale ERP improvements which for something as diverse as the whole government could really take quite a long time. I think we need to resolve something for this department in the 3-year timeframe. We are working on a strategy now and we’ll start implementing that probably in the new year.
Getting the backend systems sorted out so we don’t have to keep refreshing them every three years, could possibly mean cloud in the end. The promise of cloud is that it releases you from legacy. Maybe it could upgrade itself in the future. Hopefully that kind of infrastructure transformation that’s happening in the industry as a whole now will actually put us in a place, where maybe we will spend less time focusing on legacy five years from now than we have to today. Though it doesn’t sound sexy, in terms of a long-term investment, reducing the proportion of time we have to spend on refreshing legacy would provide a huge and lasting benefit.
In the rapidly evolving digital landscape of today, organisations are increasingly turning to multi-cloud systems to take advantage of their flexibility, scalability, and cost-efficiency. However, this shift often brings about complex challenges in the realms of identity management and security.
To fully capitalise on the benefits of cloud computing while safeguarding their data and operations, businesses are now placing a high priority on certain objectives. These include automating security measures, mitigating risks, and effectively managing identities within the multi-cloud environment.
Enhancing security in multi-cloud systems heavily relies on automation. Automation empowers enterprises to promptly address threats, identify vulnerabilities, and maintain continuous monitoring of their cloud infrastructure. Automated security systems possess the capability to analyse extensive datasets, pinpointing trends and anomalies that may go unnoticed by human observers.
By taking a proactive approach, businesses can not only reduce downtime and financial risks but also significantly lower the chances of data breaches. Mitigating risks in a multi-cloud setting calls for the implementation of a comprehensive strategy. This encompasses establishing robust encryption, access control, and data loss prevention protocols across all cloud providers and applications.
Additionally, it is crucial to adopt a unified security framework that provides centralised visibility and control over the entire multi-cloud ecosystem within an organisation. Such an approach streamlines risk management by ensuring consistent policy enforcement, threat detection, and incident response procedures.
Identity management plays a vital role in multi-cloud security, especially when individuals like customers, partners, and employees access resources from various devices and locations. Identity and Access Management (IAM) assume a pivotal role in this context, enabling organisations to enforce precise access controls, ensuring that only authorised users can access resources.
Furthermore, IAM systems offer single sign-on (SSO) capabilities, which not only enhance security but also simplify the user experience by allowing users to access multiple resources with a single set of credentials.
As businesses increasingly embrace multi-cloud architectures to protect their data, assets, and reputation in today’s interconnected digital landscape, the adoption of automation and robust security practices becomes imperative.
A comprehensive cloud strategy that encompasses automated security measures, risk reduction strategies, and effective identity management in multi-cloud environments is foundational. Prioritising these elements empowers organisations to mitigate risks and fully harness the benefits of multi-cloud setups.
The OpenGov Breakfast Insight on 26 September 2023 convened Singapore’s leading technology experts at the Voco Orchard Singapore to discuss the latest developments in digital integration, cybersecurity, cloud computing, and data governance.
Mohit Sagar, the CEO and Editor-in-Chief of OpenGov Asia believes the role of IT automation in bolstering cybersecurity has never been more critical, particularly in the face of the growing sophistication of cyber threats.
He highlights the escalating intricacies of modern business infrastructures, compounded by the proliferation of remote work, mobile devices, and the Internet of Things (IoT). These developments have introduced vulnerabilities that traditional security approaches find challenging to combat.
Recent data breaches in Singapore, a global financial and tech hub, also underscore the urgency of robust security measures, highlighting the severe consequences of inadequate security practices in the face of evolving cyber threats.
In this context, Mohit underlines the revolutionary nature of Zero Trust Security, which eliminates the inherent trust traditionally placed in both internal and external entities. The importance of rigorous identity verification for users, devices and applications, emphasising the use of multiple-factor authentication as a core principle of this approach, is key.
“Continuous monitoring serves as a rapid anomaly detection mechanism, while micro-segmentation effectively constrains lateral network movement, ultimately minimising the impact of potential breaches,” he elaborates. “Here, automation assumes a critical role by swiftly analysing data, enforcing access controls, and providing real-time responses to incidents.”
According to Mohit, the adoption of automation is paramount for organisations looking to bolster their security measures. Automation accelerates processes, minimises errors, and empowers proactive threat detection and swift incident responses through real-time analysis.
Additionally, automated patch management guarantees timely updates, thereby reducing exposure to vulnerabilities, while orchestration optimises security tools and processes for efficient threat management
“To defend against modern cyber threats, organisations should employ a comprehensive approach that includes secure coding, infrastructure hardening and Zero Trust principles,” Mohit is convinced. “This strategy safeguards applications with secure coding, regular testing, and continuous monitoring.”
Infrastructure hardening serves to diminish attack surfaces while extending the principles of Zero Trust through stringent access controls and identity-based authentication, thereby fortifying the overall defence. This comprehensive approach integrates application-centric security, infrastructure hardening, and the Zero Trust Architecture, offering a multi-faceted defence against a wide range of threats.
A seamless identity-based framework begins with the establishment of robust Identity and Access Management (IAM) practices, which form the cornerstone of modern security. IAM effectively manages digital identities for users, devices, and applications, enabling precise control over resource access.
Mohit stresses the importance of access control policies that are structured around roles and responsibilities, emphasising their role in mitigating unauthorised access risks. He also underscores the significance of continuous monitoring of user activities, as it bolsters security by identifying unusual behaviour and potential breaches.
Additionally, he recommends that organisations prioritise the security of credentials for critical systems and data. This can be achieved through the implementation of robust password policies and user education. He also suggests that the adoption of password management tools can prove highly beneficial in this regard.
Elevated access management includes securing privileged accounts with strict controls, regular reviews, and just-in-time access. Data encryption safeguards sensitive information at rest and in transit, making unauthorised access ineffective. Continuous monitoring, with real-time alerts for strange behaviour, enables rapid response to possible breaches and improves security overall.
“In today’s evolving cybersecurity landscape, a comprehensive approach is key,” Mohit concludes. “From IT automation to Zero Trust Security and robust identity management, organisations must implement security measures to defend against modern cyber threats and safeguard critical systems and data.”
Morgan Hite, the Area Vice President for Asia at HashiCorp, recognises the growing complexity of contemporary information technology infrastructure, underscoring the significance of safeguarding and preserving valuable assets for companies.
He agrees that advanced automation solutions can effectively address the intricate security requirements within hybrid and multi-cloud environments. These solutions offer valuable insights into secure asset management, threat detection, and incident response.
The ongoing shift towards cloud adoption is compelling organisations to transition from rigid to more agile infrastructure management, particularly within the public cloud domain. Consequently, IT operations teams are confronted with emerging hurdles.
These challenges include coping with sluggish manual workflows that can lead to errors and inefficiencies. Moreover, development teams may also find themselves burdened by intricate manual processes and less-than-optimal ticketing systems.
Moreover, the obstacles associated with implementing consistent policies not only hamper productivity but also elevate the risks an organisation must contend with. Consequently, having scalable and adaptable infrastructure automation becomes crucial in tackling these challenges effectively. Hence, many organisations opt for solutions that help them steer clear of such complexities.
Morgan explains that HashiCorp assists enterprises in resolving these issues by employing infrastructure as code principles for provisioning, compliance, and management across various domains, including public clouds, private data centres, and third-party services.
“Infrastructure automation plays a pivotal role in efficiently managing the progressively intricate cloud environments that organisations encounter,” he says. “This is a critical component in efforts to maintain security and protect critical assets in a frequently changing environment.”
In a dynamic cloud environment characterised by fluctuating demands, the capability to swiftly adapt and oversee resources emerges as a critical necessity. Automation assumes a pivotal role in guaranteeing efficient scalability, enabling organisations to effortlessly adjust their capacity as required without getting entangled in time-consuming manual processes.
Further, apart from scalability, operational efficiency stands out as another compelling rationale for the implementation of infrastructure automation. Automation empowers organisations to automate routine tasks like provisioning, scheduling, and resource management. Consequently, this not only lessens the burden of manual labour but also mitigates the potential for human errors.
Ultimately, it results in significant time savings when it comes to managing the intricacies of cloud environments.
“Security is another key factor that makes infrastructure automation very important. With automation, organisations can apply security policies consistently across their infrastructure,” Morgan elaborates. “This helps prevent vulnerable configurations and ensures compliance with required security standards. In a world full of security threats, automation helps keep cloud environments safe.”
Additionally, automation serves as a critical tool for enhancing infrastructure resilience. Its capacity to swiftly identify and respond to security incidents or infrastructure failures allows organisations to uphold the availability of their services. In this regard, automation proves invaluable in addressing the challenges that arise within the ever-changing landscape of a dynamic cloud environment.
Morgan strongly emphasises the fundamental importance of implementing infrastructure automation in today’s organisational landscape. He firmly believes that automation not only boosts productivity but also has the potential to curtail risk and optimise expenses, underlining its multifaceted value.
Automation has a positive impact on organisational productivity. By eliminating valuable time-consuming manual workflows associated with cloud infrastructure, organisations can experience significant time savings. That means less time is wasted on tasks like creating, managing and provisioning cloud infrastructure. As a result, the IT team and related staff can focus on more strategic and value-added tasks.
Automation further elevates the level of security by upholding rigorous operational consistency and ensuring compliance with established security policies. In this context, automation serves as a safeguard against the risk of security incidents stemming from human error or policy deviations. By automating security measures, organisations can execute them consistently and with high efficiency, providing a sense of confidence and peace of mind.
Additionally, automation enables organisations to pinpoint and curtail unnecessary or redundant utilisation of cloud resources, leading to significant cost savings. Organisations have the potential to realise substantial savings of up to 40% on their cloud infrastructure costs.
Such significant savings represent an opportunity to allocate budgets more efficiently towards other pressing needs. Consequently, investing in infrastructure automation can yield tangible economic benefits for organisations, freeing up resources for strategic initiatives and growth.
Morgan holds a firm conviction that infrastructure automation constitutes a strategic decision that delivers not only operational advantages but also risk mitigation and the intelligent and efficient allocation of budgets.
This proactive step has proven to have a positive and far-reaching impact on various aspects of an organisation’s operations and finances. In essence, automation acts as a multifaceted asset, enhancing security, reducing costs and streamlining operations for organisations operating in dynamic cloud environments.
Mary Wee, Director of Cloud Services and Support at CPF Board, reflected on the devastating impact of COVID-19 on countless people. The pandemic took many by surprise with its sudden shifts in employment and lifestyle. Consequently, access to essentials such as food, medical services, and education unexpectedly became more challenging for many.
She underscored the paramount importance of preserving continuity and well-being amid the prevailing uncertainty. In a post-pandemic era marked by unprecedented challenges and unforeseen disruptions, maintaining financial stability has emerged as an essential pillar of resilience.
Mary strongly advocates having sufficient financial savings to effectively cope with unforeseen emergencies, particularly those triggered by events like the pandemic. This financial cushion not only imparts a sense of security but also equips individuals and families to surmount economic hardships that may arise unexpectedly. It underscores the pivotal role played by institutions like the Central Provident Fund (CPF) in extending vital financial services to the community.
CPF stands as a pivotal mechanism for helping individuals and families enhance their financial planning. This encompasses a spectrum of considerations, from long-term investments and retirement savings to health protection. By cultivating well-managed financial savings, individuals are better poised to confront challenging circumstances such as a pandemic with a greater sense of readiness and resilience.
The CPF, in this context, serves as a valuable tool in fortifying financial security and enabling individuals to navigate the uncertainties of the future with greater confidence.
Mary also underscored the paramount importance of effectively safeguarding client data, particularly in the context of social enterprises. In an age where data serves as a linchpin for informed decision-making and enhanced client services, the preservation of data security and integrity emerges as a foremost concern.
CPF frequently handles the personal and sensitive information of their clients, including financial, medical and various other personal details. Consequently, they bear a substantial responsibility to shield this data from cyber threats and potential misuse.
The loss of data or a security breach can wield far-reaching consequences, impacting not only client trust but also the seamless functioning of an organisation. It underscores the imperative of unwavering diligence in preserving data security and ensuring the highest standards of data protection to safeguard both clients and the organisation itself.
“In an age where services and operations are increasingly tied to cloud technology, security cannot be ignored,” says Mary. “As such, upholding cloud infrastructure cybersecurity is our top goal since it boosts client satisfaction through quality support.”
When customers entrust their vital data and information to an organisation, they hold the expectation that this data will be handled and stored with the highest level of security. This is not merely a matter of practicality; it is a profound issue of trust.
Mary understands that when customers have the assurance that their data is securely managed within the CPF Board’s cloud infrastructure, their satisfaction with the service provided is assured.
Robust security forms the bedrock of customer trust, and this trust is unequivocally reflected in the quality of service delivered. It’s a symbiotic relationship where security breeds trust, and trust, in turn, elevates the calibre of service provided.
The CPF Board’s commitment to cybersecurity extends beyond the technical aspects; it focuses on instilling a sense of safety and confidence in customers regarding the security of their data. This approach not only engenders customer satisfaction but also contributes to cementing the CPF Board’s reputation as an organisation that is both responsible and trustworthy in its stewardship of client data.
In the multi-cloud era, there has been a significant shift in the locus of control. Instead of relying on physical controls, the emphasis is now shifting to trusted identities, Mary explains. This means each entity must go through an authentication and authorisation process to gain access to a system or resource. By adopting this identity-based framework, they can effectively navigate the complexities of securing dynamic multi-cloud environments while ensuring higher levels of security.
Mary reaffirms the CPF Board’s unwavering dedication to the utmost protection of their clients’ data. They have put significant measures in place by implementing stringent security protocols, which include leveraging the latest in security technology and providing comprehensive training to employees in identifying and mitigating cyber threats.
In addition to these initiatives, they have established rigorous policies governing data management and storage, ensuring compliance with all relevant privacy regulations.
“It’s a holistic strategy where technical prowess combines with a commitment to customer trust, fostering a solid and reliable image for the organisation,” Mary concludes. “This multi-faceted approach underscores CPF’s dedication to the highest standards of data security and privacy, further cementing its reputation as a responsible custodian of client information.”
Binny Peh, Head of Partners & Alliances Singapore Public Sector, Amazon Web Services (AWS) expressed her appreciation for the attendees’ perceptive and insightful event as they came together to explore the transformative power of technology in the public sector.
“The discussions and interactions we’ve had reaffirm the pivotal role that technology plays in shaping the future of our societies, and more importantly, in improving the lives of our citizens,” she acknowledges.
Binny confirms that Amazon Web Services is deeply committed to driving innovation and enabling digital transformation for governments and organisations worldwide. “Our mission is to empower you to leverage the cloud to build more agile, efficient, and citizen-centric services. But it’s not just about technology; it’s about the partnerships and alliances we form, the collaborative spirit we nurture, and the shared vision we pursue together.”
She believes that the success they have achieved in the public sector is a collective effort. It’s the result of collaboration between government agencies, industry partners, and technology providers like AWS, “Your insights, your commitment to excellence, and your tireless efforts to push the boundaries of what’s possible are what make this transformation journey so exciting and impactful.”
Binny encouraged the participants to continue fostering innovation, build strong partnerships, and embrace the opportunities that lie ahead. She emphasised the importance of pushing boundaries and harnessing technology to tackle the most critical challenges in communities, ultimately working towards a brighter and more interconnected future for everyone.
“Thank you once again for your participation, your passion, and your dedication to the mission of OpenGov Asia. Together, we can achieve great things, and I look forward to our continued collaboration in shaping a better tomorrow,” Binny ends emphatically.
Li Wen Chi, Group Chief Technology Officer at Cloud Kinetics, expressed his appreciation to OpenGov Asia and all attendees for contributing to the event’s success, highlighting OpenGov Asia’s role as a facilitator of knowledge exchange, innovation and collaboration.
“OpenGov Asia has consistently created effective platforms for sharing ideas, stimulating discussion, building relations and driving change,” he acknowledges. “And this year has been no exception!”
As usual, Wen Chi confirms, the event featured insightful presentations, thought-provoking interactions and valuable networking opportunities, showcasing the dynamic evolution of digital transformation in Asia and the enthusiastic embrace of technology by governments, businesses, and individuals to catalyse positive change.
“One recurring theme of this event has been the pivotal role of technology in addressing our most urgent challenges. We’ve witnessed inspiring instances of technology’s potential for the common good. It’s evident that we’re not merely envisioning the future; we’re actively constructing it collectively,” Wen Chi reiterates.
Cloud Kinetics firmly believes that the cloud represents more than just a technological shift; it embodies a fundamental shift in our approach to business and society. And they are dedicated to leading this transformation, aiming to equip organisations with cutting-edge cloud solutions to navigate the intricacies of the digital era effectively, he confirms.
He encouraged the attendees to take the knowledge, insights, and connections acquired during the event and to further collaborate, share, learn from one another, and collectively strive for an inclusive, sustainable future driven by technology for the betterment of all.
“Remember that innovation knows no boundaries, and together, we can overcome any challenge that comes our way,” Wen Chi concludes, “The road ahead may be uncertain, but with the spirit of collaboration and innovation, we can navigate it successfully.”
In closing, Mohit extended his sincere gratitude to all the esteemed speakers, participants, and partners who graced the event with their presence and wisdom. Their expertise and unwavering commitment to innovation not only illuminated the discussions but charted a course for the future.
“Together, we have explored the limitless possibilities that emerge when governments, industry leaders, and technology providers join forces. We’ve delved into the transformative power of cloud computing,” Mohit appreciates.
It’s crucial, he adds, to acknowledge the transformative potential of AI, cybersecurity, and data analytics in the realm of public services. These technologies are pivotal in shaping the future of government operations and service delivery in several ways
Moreover, Mohit remains strongly convinced that in this era of unprecedented change, collaboration is not just a buzzword; it is the cornerstone of success, “It is through partnerships, alliances, and the exchange of ideas that we can unlock the full potential of technology and effectively navigate the intricate challenges that lie ahead.”
He urged the attendees to persist in the spirit of collaboration, encouraging them to forge new alliances, nurture existing partnerships, and remain open to the opportunities that technology continually unfolds.
“Let us always bear in mind that our collective mission is to enhance the well-being of citizens and stimulate comprehensive growth, “Mohit concludes, “We must keep the broader purpose of our endeavours at the fore and pave the way for a more sustainable and inclusive future for everyone.”
The 16th Ministerial Meeting of the Global Governance Group (3G) convened on the sidelines of the recently concluded 78th session of the United Nations General Assembly, which brought together the Troika of the Group of Twenty (G20), representing Indonesia, India, and Brazil, to discuss collaborative approaches to addressing pressing global issues.
As India, in its capacity as the 2023 G20 Presidency, shared the outcomes of the G20 Summit held in New Delhi, there was recognition and applause for the successful Summit, which included the adoption of a consensus Leaders’ Declaration. This achievement underscores the importance of international cooperation and dialogue in tackling complex global challenges.
Singapore’s Prime Minister Lee Hsien Loong emphasised the significance of sustaining a rules-based multilateral trading system, embodied by the World Trade Organisation (WTO). He stressed the need for WTO rules to evolve with digital transformation to remain relevant in the modern economy. Additionally, he urged G20 participants to support negotiations on WTO reform, particularly the restoration of a fully-functioning dispute settlement system.
Digital transformation is at the forefront of these discussions, with a recognition that technological advancements require corresponding updates in international trade regulations. As nations leverage digital transformation to foster economic growth, the need for inclusive and equitable trade policies becomes imperative.
Likewise, the commitment of the G20 to sustainable development, low-carbon emissions, and climate resilience aligns with the global community’s efforts to combat climate change. The 3G’s support for these commitments underscores the importance of addressing environmental crises, especially those that disproportionately affect developing countries.
The 3G Ministers highlighted the strain on the rules-based multilateral system amid geopolitical tensions and rising protectionism. They reiterated the importance of upholding international law and human rights principles as embodied in the United Nations Charter. This commitment ensures that the multilateral system remains open, inclusive, and adheres to established rules.
The collaborative approach of the G20, including engaging non-G20 members like the 3G, reflects the importance of broader dialogue and perspectives when addressing global challenges. This approach enhances inclusiveness, coherence, and complementarity in setting global standards and mobilising collective action on shared challenges.
The collaboration also promotes innovative approaches to growing global concerns, ensuring that international governance stays relevant in a continuously changing world. It advances fair trade practices and reduces economic inequality, which benefits a country’s overall economic health.
Further, this partnership enhances international cooperation and diplomacy. It emphasises the value of diplomatic solutions to international problems and strengthens the notion that cooperation and diplomatic communication are essential for resolving difficult global issues.
Singapore believes that in an era of digital transformation and interconnectedness, the collaboration between the 3G and the G20 offers a promising path towards addressing the multifaceted challenges facing the international community.
By leveraging digital transformation, fostering inclusive trade policies, and upholding the principles of international law, these groups are contributing to a more resilient and equitable global governance framework.
As the world grapples with evolving global challenges, the commitment to inclusive and accountable global governance remains essential. The partnership between the 3G and the G20 exemplifies the spirit of international cooperation, where nations work together to navigate the complexities of the interconnected world, ensuring that no one is left behind in the pursuit of a better future for all.
A group of talented young engineers and researchers from the Asia Pacific University of Technology & Innovation (APU) has achieved international recognition for their groundbreaking innovation, RescueAI: Smart City Disaster Management System with AI and Aerial Robotics. They won a Gold Medal at the 12th World Invention Creativity Olympic (WICO) 2023.
The Turkish Inventors Association (TÜMMİAD) bestowed the Gold Medal Award upon RescueAI, further affirmed by recognition from the Toronto International Society of Innovation & Advanced Skills (TISIAS). WICO 2023, held in Seoul, South Korea, was organised by the Korea University Invention Association (KUIA) and sponsored by the National Assembly of the Republic of Korea.
RescueAI is the culmination of efforts by a team of experts and students from APU’s School of Engineering (SoE) and the Center for Research and Development of IoT (CREDIT). This project was led by Dipl-Ing. Ir. Narendran Ramasenderan, Mr. Krishna Ravinchandra, Ng Joo Kiat, Cajun Tai Ka Joon, Ang Jia Ze, and Cheng Yi Heng. Their prototype stands as a beacon of progress in the realm of disaster management.
The system’s core capabilities lie in its use of artificial intelligence (AI) and aerial robotics to gather real-time environmental data, encompassing critical factors like weather conditions, structural damage, and the precise location of individuals and assets. This data forms the foundation for the creation of a digital twin of the disaster-stricken area, enabling the simulation of diverse scenarios and the formulation of optimal response strategies.
The team is engaged in the commercialisation of RescueAI, and their aim is to make the system accessible to governments and enterprises worldwide, underscoring the global impact of their innovation.
While RescueAI is at the forefront of its achievements, APU is also making its mark in other arenas. Ng Joo Kiat, Chang Kah Boon, and Cheng Yi Heng, representing APU’s Team Delta, participated in the DB-SNUbiz Global Startup Challenge 2023. This competition featured RescueAI as a project addressing the challenges posed by climate change-induced extreme weather events such as heatwaves and floods.
In a significant departure from conventional 2D dashboards, Team Delta conceptualised a 3D Digital Twin model, offering a more intuitive representation of flood and fire disasters. This innovative model facilitates precise flood simulations, anticipating the spread and impact of floods on various locations with accuracy.
Drones equipped with sensors and pre-trained YOLOv8 models play a pivotal role in recording real-time data, which continuously updates the Digital Twin model to ensure data accuracy. Furthermore, the team is in the process of developing a mobile app designed for reporting flood and fire incidents. This app boasts AI detection and alarm functions, streamlining the reporting process and expediting emergency responses.
The achievements of the Asia Pacific University of Technology & Innovation (APU) team with RescueAI closely align with the Malaysian government’s larger goals. Malaysia aims to enhance disaster resilience and management, and the innovative Disaster Management System exemplifies this commitment.
Furthermore, by garnering global recognition and showcasing Malaysia’s technological prowess, RescueAI contributes to the government’s agenda of promoting innovation and technology as drivers of economic growth. The project’s success underscores Malaysia’s capacity for innovation, augments economic opportunities in AI and robotics, and positions the nation as a player on the global innovation stage, aligning with the government’s overarching development objectives.
OpenGov Asia reported earlier that a robotics company that provides intelligent unmanned delivery solutions for global enterprises recently forged a strategic partnership with the Asia Pacific University of Technology & Innovation (APU). This collaboration is poised to be a significant driver of academic, technological, and industry-sharing initiatives, with the ultimate aim of reshaping the field of robotics and automation.
The partnership was formally solidified through the robotics company’s Malaysian representative and distributor. The representative holds the exclusive distribution rights for service robots in Malaysia, and it also supplies a range of health and wellness products locally and internationally. The Memorandum of Understanding (MoU) was signed at APU’s state-of-the-art campus situated in the vibrant city of Kuala Lumpur.
Recently, the Digital Government Development Agency (DGA) and the Thailand Digital Government Academy (TDGA) have joined forces to provide training to raise awareness about cybersecurity. This collaborative effort is designed to enhance participants’ knowledge and comprehension of the fundamental principles and the significance of cybersecurity laws, regulations, and announcements. Moreover, the training seeks to promote awareness of information systems’ safe and secure use.
Panithan Khennanuay, Director of the Cyber Security Department, emphasised the increasing prevalence of cyberattacks in today’s digital landscape, affecting many sectors. As organisations transition into the digital realm, they become more susceptible to cyber threats. These threats can range from data breaches and hacking attempts to ransomware attacks and other malicious activities that can compromise sensitive information and disrupt essential services.
Recognising the evolving nature of these cybersecurity challenges, the collaboration between the DGA and TDGA underscored the importance of equipping individuals and organisations with the knowledge and skills to safeguard their digital assets. The training initiative aims to empower participants to proactively identify and mitigate potential cyber risks, thereby enhancing the overall cybersecurity posture of both the public and private sectors.
Panithan Khennanuay further emphasised that as digital transformation continues to reshape the governance, commerce, and communication landscape, it is imperative to prioritise cybersecurity as an integral component of this evolution. By fostering a cybersecurity-conscious culture and ensuring that individuals and organisations stay well-informed and vigilant, Thailand can better protect its digital infrastructure and sensitive data. “Ultimately, it will contribute to the country’s resilience in the face of cyber threats and bolster its position as a leader in the digital age,” he expressed.
Additionally, Khomkrit Khamsawat, Head of the Service Operations Team, added that the workforce and citizens are crucial to any cybersecurity strategy’s success. As the Head of the Service Operations Team, Khomkrit Khamsawat recognises that a well-informed and cyber-aware workforce is the first line of defence against cyber threats. Employees and citizens alike play pivotal roles in maintaining the security of digital systems and data.
In the ever-evolving landscape of cyber threats, individuals within organisations and the broader public must be educated and trained to recognise and respond effectively to potential security risks. It includes understanding the latest cyber threats, practising good cybersecurity hygiene, and adhering to best practices for secure digital behaviour.
Moreover, citizens and employees should be aware of cybersecurity laws, regulations, and guidelines. Compliance with these measures is essential for protecting critical infrastructure and sensitive information.
The collaboration between the DGA and TDGA not only aimed to equip individuals with the technical knowledge needed to defend against cyber threats but also strives to cultivate a cybersecurity mindset. This cultural shift toward cybersecurity awareness can help foster a safer digital environment for all.
Thailand is taking proactive steps to fortify its defences against cyberattacks by focusing on workforce and citizen education. These efforts will ultimately contribute to the country’s ability to harness the full potential of digital technologies while safeguarding its digital assets and interests.
“Cybersecurity is not just a technical issue but a shared responsibility. It requires collaboration across sectors, proactive measures to stay ahead of emerging threats, and a commitment to ongoing education and awareness,” Mr Khomkrit emphasised. “We are optimistic that with the concerted efforts of organisations, government agencies, and individuals, Thailand can build a robust cybersecurity ecosystem. This ecosystem will not only protect critical infrastructure but also promote innovation, trust, and economic growth in the digital age.”
In a proactive move to bolster digital resilience, Taiwan’s Ministry of Digital Affairs (moda) recently conducted its first-ever “disaster roaming” drill in collaboration with the nation’s three major telecommunications providers.
This exercise, held as part of the “2023 National Disaster Prevention Day Large-Scale Earthquake Disaster Response Mobilisation Exercise,” showcased the critical role of cross-network roaming in ensuring citizens’ access to basic and secure communication during emergencies.
The concept of “disaster roaming” differs from commercial roaming mechanisms. It is a government-driven initiative designed to ensure uninterrupted communication services for the public during significant disasters or emergencies.
In essence, it allows individuals to connect to operational mobile communication networks of other providers, irrespective of their original contracts. This initiative addresses a fundamental need: maintaining communication rights when they matter most.
The recent disaster roaming exercise took place in the Hsinchu County Sports Complex area, strategically chosen due to its high population density. Notably, the exercise was conducted without disrupting nearby base stations, using a “manual network selection” method to facilitate cross-network roaming.
Participants engaged in practical scenarios, from connecting with loved ones to accessing real-time news updates and evacuation information.
One of the key takeaways from this exercise is the importance of cooperation between moda and telecommunications providers. By developing Standard Operating Procedures (SOPs) and studying international cross-network roaming frameworks, Taiwan aims to further enhance the disaster roaming mechanism.
This forward-looking approach will ensure that the nation’s communication networks remain resilient and robust, even in the face of major disasters.
The significance of disaster roaming extends beyond mere convenience; it’s about safeguarding citizens’ well-being and ensuring they have access to crucial information during emergencies. This initiative is particularly relevant nowadays as societies become increasingly reliant on digital communication networks for information dissemination, emergency alerts, and coordination during crises.
During her visit to moda, President Tsai Ing-wen underscored the importance of such initiatives in enhancing Taiwan’s overall resilience. In an era where digital connectivity is integral to daily life and critical infrastructure, the ability to maintain communication rights during disasters is paramount.
The disaster roaming programme’s continuation from 2024 to 2025 demonstrates Taiwan’s commitment to preparedness and resilience. By studying global best practices and working closely with domestic telecommunications providers, the country aims to establish a robust disaster response framework. This proactive stance will serve as a model for other nations seeking to enhance their digital resilience.
Reports cited that Taiwan’s disaster roaming initiative stands as a beacon of innovation and preparedness. It reaffirms the government’s commitment to safeguarding its citizens’ communication rights and ensuring that vital information flows even when the unexpected occurs.
Many industries and organisations are subject to regulatory requirements regarding data protection and cybersecurity. Digital resilience helps meet these requirements and avoids legal and financial repercussions.
Also, it ensures that critical government systems and communication networks remain operational during emergencies and can withstand cyber threats from adversaries.
As digital technologies continue to evolve, so too must disaster preparedness strategies. Taiwan’s dedication to enhancing digital resilience through initiatives like disaster roaming demonstrates that the nation is not only adapting to the digital age but also leading the way in ensuring that no one is left disconnected when it matters most.
It is a testament to the nation’s unwavering commitment to the well-being and safety of its citizens, setting a commendable example for the world to follow.
The Queensland Earth Observation Hub (QLD EO Hub) convened a workshop in Brisbane that served as a significant step in harnessing the potential of Earth Observation (EO) technologies, data, and workflows for the benefit of Australia.
The initial findings from a comprehensive market engagement study were presented. This study spanned a diverse range of EO and industry sectors and aimed to illuminate both the challenges and opportunities that Queensland, and by extension, the broader Australian landscape, faces in embracing EO technologies not only in the present but also in the foreseeable future.
This market study embarked on an extensive consultation process, engaging with stakeholders across urban and rural Queensland. It encompassed the entire spectrum of the EO ecosystem, from data and service providers to end-users, as well as those contemplating the utilisation of EO in the years ahead.
The core objective was to gain profound insights into the current capabilities, hurdles, and potential avenues for growth within Queensland’s EO community. Additionally, it sought to cultivate a vision of what the future could hold in terms of EO technology deployment.
The preliminary findings of this study were shared with workshop participants, fostering constructive discussions, and eliciting valuable feedback. Notably, these findings unveiled several significant opportunities that Australia can capitalize on over the next 2-5 years:
- Collaboration and Alignment: A key opportunity identified is the enhancement of collaboration and alignment among research institutions, industries, and government entities. This entails improving communication to raise awareness of shared needs and capabilities while also facilitating the transfer of skills and knowledge between these sectors. Such collaboration can foster innovation and synergy.
- Commercialisation of Research: The commercialisation of research emerged as another promising avenue. By facilitating partnerships between research organisations and industries, pathways for the practical application of research outcomes can be forged. This approach can bridge the gap between academic research and real-world industry needs.
- Building Capacity for Global Markets: Queensland can further promote its capabilities in EO technologies and services, connecting local industries to national and international markets. This entails not only showcasing Queensland’s strengths but also attracting investments that can fuel the growth of this sector, contributing to the nation’s economic prosperity.
- Workforce Development: Facilitating access to new and in-demand skills and knowledge transfer is vital for nurturing a skilled workforce in the EO sector. Promoting careers in Earth Observation can bolster the human capital needed to support the sector’s growth and innovation.
The insights garnered from this study and the associated workshop will serve as the foundation for crafting a strategic roadmap. This roadmap will guide the Queensland EO Hub in its role of unlocking the future potential of the downstream EO sector, not just for Queensland but for Australia as a whole. Anticipated in the coming months is the release of the full report by SmartSat, which will provide a comprehensive overview of the study’s findings and recommendations.
In a parallel effort to advance the field of Earth Observation, a symposium titled “Advances in Earth Observation: Hyperspectral Data Analysis” was recently hosted by the University of the Sunshine Coast with support from the QLD EO Hub and SmartSat. The symposium aimed to showcase the strides made in remote sensing technology through lectures, hands-on demonstrations, and training sessions. This educational event empowered participants with the skills and knowledge needed to effectively work with spatial data using remote sensing tools, with applications spanning various domains.
The Chief Executive Officer of SmartSat delved into SmartSat’s activities in the realm of water quality, shedding light on initiatives like the AquaWatch mission. Additionally, he provided insights into the upcoming Kanyini mission, which promises to leverage Hyperspectral Imager technology coupled with Artificial Intelligence and Internet of Things connectivity. These cutting-edge advancements have the potential to revolutionise how we monitor and manage water quality, offering significant benefits to both Queensland and Australia as a whole.
Attendees had the opportunity to gain hands-on experience with tools such as R and ENVI for hyperspectral image analysis, equipping them with practical skills that can be applied to real-world challenges. This knowledge dissemination is vital for bolstering Australia’s technological capabilities in the EO domain.
A comprehensive overview of SmartSat CRC’s Maya Nula program was also presented. This program aims to develop continent-wide crop and yield monitoring capabilities, a critical aspect of agricultural management. By harnessing EO technologies and data, this initiative holds the potential to revolutionize agriculture in Australia, enhancing productivity and sustainability.
Special acknowledgements were extended to Associate Professor Sanjeev Srivastava from the University of South Australia and Dr. Prashant Kumar Srivastava from Banaras Hindu University, India, for their valuable contributions and leadership during the event. Dr. Srivastava’s attendance was supported through the SmartSat Visiting Fellowship scheme, exemplifying the commitment to international collaboration and knowledge exchange.
OpenGov Asia earlier reported that SmartSat, in conjunction with the ACT Government, unveiled a suite of research and development (R&D) projects, signalling a profound commitment to advancing space technology and capabilities in the Australian Capital Territory (ACT).
This collaboration has seen their joint investment in the ACT’s space endeavours soar past a significant milestone, reaching over AU$7 million. The announcement coincides with the launch of the ACT Space Update 2023, highlighting the organisation’s dedication to contributing to the region’s growing reputation as a hub for cutting-edge space research.
The National Security Agency (NSA) and its federal agency partners have released new guidance concerning a cybersecurity risk posed by deepfakes, a type of synthetic media. This emerging threat poses cybersecurity challenges for National Security Systems (NSS), the Department of Defence (DoD), and organisations within the Defence Industrial Base (DIB).
They have jointly published a Cybersecurity Information Sheet (CSI) titled “Contextualising Deepfake Threats to Organisations” to assist entities in recognising, safeguarding against, and responding to deepfake threats. NSA developed the CSI with the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA).
The term “deepfake” encompasses multimedia content that has been either artificially created or manipulated through machine learning and deep learning technologies, which are forms of artificial intelligence (AI). Other phrases used to describe such synthetically generated or altered media include “Shallow/Cheap Fakes,” “Generative AI,” and “Computer Generated Imagery (CGI).”
Candice Rockell Gerstner, an NSA Applied Research Mathematician with expertise in Multimedia Forensics, emphasised that while the tools and methods for altering authentic multimedia have been in existence for some time, the noteworthy shift lies in the ease and widespread adoption of these techniques by cyber actors. This evolving landscape introduces a fresh set of challenges to national security.
Gerstner pointed out that organisations, as well as their employees, must adapt to this changing environment. They need to identify the tradecraft and techniques associated with deepfakes. Moreover, it is essential to establish comprehensive plans to respond to potential deepfake attacks and mitigate their impact effectively. As cyber adversaries increasingly leverage these technologies, recognising and countering deepfake threats becomes paramount to ensuring national security and safeguarding sensitive information.
The joint Cybersecurity Information Sheet (CSI) provides valuable recommendations for organisations to address the challenges posed by synthetic media threats, particularly deepfakes. The CSI suggests implementing various technologies and strategies to counter this emerging threat.
One key recommendation is adopting real-time verification capabilities, which enable organisations to identify and respond to potential instances of deepfake content swiftly. Passive detection techniques are also emphasised for ongoing monitoring and early detection. Furthermore, the CSI highlighted the importance of safeguarding high-priority officers and their communications, as they are often the targets of deepfake attempts.
In addition to detection, the guidance underscores the significance of minimising the impact of deepfake attacks. This involves information sharing within and across organisations to stay ahead of evolving threats. It also advocates for comprehensive planning and rehearsing of responses to potential exploitation attempts, ensuring that organisations are well-prepared to mitigate the consequences of deepfake incidents. Personnel training is another crucial component, equipping individuals with the skills and knowledge to recognise and respond effectively to synthetic media threats.
The CSI underscores the diverse nature of synthetic media threats, encompassing techniques that jeopardise an organisation’s brand, impersonate its leaders and financial officers, and employ fraudulent communications to gain unauthorised access to networks and sensitive information. These threats highlighted the need for a holistic approach to cybersecurity.
Advancements in computational power and deep learning have facilitated the mass production of fake media, making it more accessible and cost-effective. This not only undermines brands and financial stability but also has the potential to incite public unrest by disseminating false information on critical issues such as politics, society, the military, and the economy.
The CSI draws attention to the concerning availability of deep learning-based algorithms on open-source repositories. These accessible resources pose a security risk, as their application requires minimal technical skill and can be executed using little more than a personal laptop. Consequently, the widespread availability of such tools amplifies the urgency of addressing synthetic media threats.
In light of these evolving challenges, the NSA, FBI, and CISA strongly encourage security professionals to adopt the strategies outlined in the report. By proactively implementing these recommendations, organisations can enhance their resilience to the growing threats posed by synthetic media and deepfakes. This collaborative effort among government agencies and security experts is vital to ensuring the integrity of digital information and safeguarding national security.