“Singapore has moved from preventing cyber threats to assuming breaches have occurred”, said Josephine Teo, Minister for Communications and Information, Singapore. When Minister Josephine Teo made this statement in Estonia during the Tallinn Digital Summit, she underscored the need to have a strong cybersecurity posture. Singaporeans have not forgotten the cyberattack in 2018, where a quarter of the city-state’s population healthcare records were breached during a cyberattack against the country’s healthcare system.
It was after the 2018 data breach that Singapore’s position on cybersecurity changed from one of trying to prevent attacks to one that assumes that an attack has already occurred. “It’s just a question of ‘when’, it’s not a question of ‘if’,” explained Minister Teo.
Without a doubt, the pandemic has drastically and unexpectedly accelerated the need for a new network security model. Zero trust security is not a new concept, but it has now taken centre stage and security leaders agree that it will improve security and simplify security processes for distributed teams and hybrid networks.
A widespread move to remote work and the corresponding need for better remote workforce security has spurred investment in zero-trust security. The ability to authenticate and monitor all traffic, regardless of its position inside or outside of an organisation’s network, promises to reduce or eliminate many security risks. However, rolling the model out has proven to be complicated, presenting organisations with a mixed bag of successes and obstacles. One key reason is that zero trust adoption is a logistical challenge, not just a technical one. Security modernisation often depends on the progress of user identity consolidation and cloud transformation, both complex and long-term projects.
Moreover, organisations are facing challenges with overall cloud transformation. Organisations have accelerated their cloud adoption plans but are not fully prepared. When large chunks of data have not yet moved to the cloud from isolated data centres, it can become harder to secure using a single security tool. Identity and access management (IAM) complexities also proved equally challenging for zero trust adoption. Teams are struggling to shift to a zero-trust approach due to the complexities of user access needs in their organisation.
Zero trust relies on a single source of truth for identity management, yet larger organisations, in particular, have often accumulated multiple incompatible identity providers over the years. They must also understand access patterns across a huge number of applications — most of which cannot be shut down even for a moment to be migrated to a new identity platform.
The pandemic has further exposed the weaknesses of the traditional ‘castle-and-moat’ security model. Remote work has expanded attack surfaces infinitely outwards – more than ever, agencies need to start from the assumption that their ‘castle’ is already compromised. Zero Trust has emerged as a compelling security framework to address the failures of existing perimeter-based security approaches.
This leads to fundamental questions: what does it take to adopt and deploy zero trust architecture? Are organisations equipped to enhance the efficiency and security of their mission-critical applications and websites?
This was the focus of OpenGovLive! Virtual Breakfast Insight on 1 December 2021, which aimed to impart knowledge on how to deploy the zero-trust model seamlessly and to overcome common obstacles in zero-trust adoption.
Embracing the security imperative in a hybrid world
Mohit Sagar, Group Managing Director and Editor-in-Chief, OpenGov Asia, kicked off the session with his opening address.
COVID-19 has fundamentally changed culture, Mohit asserts. With remote working entrenched in the new normal, hybrid work is the new reality. For him, the world cannot and will not go back to what it used to be – to demand employees return to physical work in offices in the name of security will not bode well.
Organisations must learn how to keep individual secure where he or she is working while keeping the work environment secure. “Culture has shifted and we must evolve with it,” Mohit is firm.
Singapore is embracing a Zero Trust strategy. According to the Singapore Cybersecurity Strategy 2021, the three strategic pillars are: building resilient infrastructure, enabling safer cyberspace and enhancing international cyber cooperation.
Mohit observes that the prevailing priorities of the public sector are to roll out innovative and secured digital services quickly, encourage inter-agency collaboration, enable a hybrid workforce and increase availability and security.
There is no doubt that rapid digitalisation increases the risk that organisations will face. In May 2021, Asia Pacific experienced a 168% YoY increase in cyber-attacks. There were reported malicious attacks that destroyed data in destructive/wiper-style attacks (average cost of $4.52 million) and ransomware attacks ($4.44 million).
“But just because it is a little bit hard, it does not mean that organisations should go back in time and revert to the old model,” Mohit says. Instead, he stresses, organisations need to embrace the challenges of security head-on instead of eschewing them. There is no turning back when it comes to digitalisation. Organisations can no longer hide behind the word “security” as an excuse not to modernise.
Although the challenges of the future abound, Mohit remains optimistic because of partnerships that can enable organisations to expand their capacities. He urges delegates to partner with organisations with a wealth of expertise and experience that can make the journey of security far easier to manage and navigate.
Hedging against cyber-attacks with Zero Trust
Fernando Serto, Chief Technologist and Evangelist, Asia Pacific, Japan and China, Cloudflare spoke on the ways Cloudflare can support agencies in building a secure Zero Trust architecture.
Cloudflare is a global network located in 250 cities in more than 100 countries, one of the fastest, that is trusted by millions of web properties. With direct connections to nearly every service provider and cloud provider, the Cloudflare network can reach 95% of the world’s population within 50 milliseconds.
As a company, Cloudflare provides Zero Trust Services, Cloudflare Network Services and Cloudflare Application Services. With the Zero Trust Services, Cloudflare helps to secure internal operations on a single global network by providing ZTNA with private routing, remote browser isolation, SWG with CASB and identity/endpoint integration.
Most people know Cloudflare for their application services such as WAF with API protection, rate limiting, load balancing, bot management, L7 DDoS protection, CDN and DNS. However, Fernando explains that Cloudflare also offers an integrated global edge platform and harnesses its unified software stack to run all its services. With the network services, Cloudflare offers WAN-as-a-Service, Firewall-as-a-service, L3 & L4 DDoS protection, network interconnection, and smart routing.
On the topic of Zero Trust Services, Fernando explains that the key concept is that it assumes that the network has been breached or that a breach is inevitable. Zero Trust is centred on requiring continuous verification through real-time information. Organisations need to identify and be able to decouple users from the network.
Yet the challenges are aplenty, Fernando warns delegates. He observes that today’s corporate WAN architecture is broken. Perimeter security is a bottleneck and does not work, applications are in the cloud and have a high latency for remote users. It is also difficult to scale and expensive. If anything, Fernando opines, “COVID-19 has taught us that the old model does not work.”
The security perimeter is and will be, constantly susceptible to vulnerabilities. Pulse Connect Secure VPN software has reportedly been exploited by attackers and many are targeted by accident. He adds that applications inside the WAN are also at risk, citing numerous reports of cyberattacks and system breaches. Vulnerabilities will always exist, but, how quickly organisations patch them will make the difference. Regardless, patching vulnerabilities takes time.
For Fernando, the switch to Zero Trust network access with private routing can help to mitigate these issues. With Cloudflare’s offering, security and connectivity are optimised, driving agencies’ speed and security in a work-from-anywhere world.
Cloudflare’s Zero Trust platform offers solutions for two problems. Traditionally, multiple point products require multiple policy managers and multiple client deployments. Cloudflare, however, offers one seamless platform that uses one policy manager and one client deployment. The other issue with traditional approaches is that platforms only integrate one identity provider (IdP) repeatedly and inconsistently. To address this, Cloudflare integrates many IdPs and tenants of the same IdP just once.
Concluding his presentation, Fernando emphasises the simple and effective threat defence that Cloudflare offers. In a fast-changing environment and changes in work models and culture, Cloudflare secures the networks of agencies working with a remote workforce seamlessly.
Starting a Zero Trust Government
Jeffrey Brown, Chief Information Security Officer, State of Connecticut spoke next on the establishment of a zero-trust government in his work in Connecticut.
The state of Connecticut has over 50 state agencies and three branches – executive, legislative and judicial. The key industries are financial services and insurance; aerospace and defence; bioscience and healthcare; film, TV and digital media; and advanced manufacturing.
In terms of management, the state government has the responsibility of handling a 24/7 Digital government, election infrastructure, 911 network, state critical infrastructure, healthcare, finance, transportation and the trust of 3.5 million citizens.
For Jeffery, the “chewy centre”, perimeter security model, whereby everyone inside the corporate network is trusted, is dead. Zero trust is now the dominant model of cybersecurity. The assumption with Zero Trust is that the network has already been compromised. It is an approach that deems networks both inside and outside as critical. There is a stricter identity verification process whereby every user and device has to prove that they are not a cyber attacker.
Jeffery believes that trust is a vulnerability that can be mitigated and that no one can achieve perfect trust. For him, “it is a balance.” He outlines three approaches that the state of Connecticut has undertaken:
- Know that all zero trust schools of thought make sense only if they support the business
- Learn about the most common frameworks (NIST 800-207)
- Understand that zero trust is a marathon, not a sprint. Not everyone can achieve zero trust, but everyone can adopt it.
In pursuing zero trust government, there were many lessons that Jeffery learnt along the way. In essence, it is a process with different components such as implementing multifactor authentication (MFA) everywhere, having 24/7/365 security monitoring, addressing identity and access management, leaning on federal partners and ultimately planning for the future.
Before closing his segment, he encourages delegates to take a risk-based approach to ensure that the most important pieces are first addressed and look at how Zero Trust can be implemented within their agencies to enable the government to do more.
Understanding the fundamentals of Zero Trust architecture
Gerald Caron: The nuts and bolts of Zero Trust architecture
Gerald Caron, Chief Information Officer & Assistant Inspector General for Information Technology U.S. Department of Health and Human Services, Office of the Inspector General, shared the various aspects and characteristics of Zero Trust architecture.
While most people focus on the identity aspect of Zero Trust, Gerald believes that it is the data that organisations are trying to protect – that is the goal of Zero Trust. Beginning with Zero Trust core principles, Gerald notes that Zero Trust hinges on five core principles related to trusting no one and having the protection of the right size.
Trust no one
- Know your people and your devices: Validate identity at every step
- Design systems assuming they are all compromised: Distrust everything, so when a breach happens you are as protected as you can be
- Use Dynamic Access Controls: Access to services must be authenticated, authorised, encrypted at all times, and can be revoked during a session
- Constantly evaluate risk: Include context in risk decisions; Monitor and log in every location possible; Aggregate log, system, and user data
Right size protections
- Invest in defences based on the classification of data: Spend more money defending the systems at greater risk
Gerald adds that not all data is equally important. Organisations need to identify what is important. Zero Trust recognises these differences and categorises data based on its sensitivity and mission criticality. This categorisation is considered when protecting the data and granting access.
Apart from that, the paths are also not equal. In a Zero Trust environment, the path the data takes between the client and host impacts the level of risk, thus impacting how much a connection can be trusted. Connections with higher risk either restrict access to data/services or require a higher level of authentication.
While traditional authentication checks a user’s credentials once and uses that initial authentication for any subsequent activity before log-out, identity authentication is much stricter in Zero Trust. Multiple factors are considered when validating access, including the user’s role and location, the state of the device attempting access, and the data or services being accessed. Organisations need to look at all these factors to develop a risk-tolerance framework to decide what a user can or cannot do.
At the same time, Zero Trust assesses the state of each device attempting to access the network – for example, the device’s operating system version and patch level – to ensure that the client does not introduce additional risk to the environment.
Zero trust architecture features dynamic access control. While traditional authentication happens once, at the start of the session, and remains in place, Zero Trust authenticates dynamically each time new data is accessed or when something triggers a change in risk.
Gerald shares that a Step-up event in a Zero Trust environment can mitigate some of the potential risks a client may introduce. During the event, the system requires an additional authentication that can help control, although not entirely offset, the risk introduced by a client.
As for monitoring, continuous, detailed monitoring and logging are critical elements of Zero Trust as they contribute to a holistic picture of each user’s session and the overall environment. Data collected from monitoring and logging is linked with known threats and data/system sensitivity to drive cyber protections.
Gerald emphasises the importance of understanding the baseline and knowing what “normal” looks like – only then can organisations react to “abnormal.” As for risk evaluation in a Zero Trust environment, the authentication is evaluated dynamically, each time new data or resources are accessed or when something triggers a change in risk level.
Before ending his presentation, Gerald cautioned against being caught up with the tools and technology. He emphasises the importance of first understanding the organisation’s risk tolerance, methodology and threshold for risk. He also recommended his capability model as a way to understand the organisation’s functional capability and identify where the gaps are.
Gerald hopes that his presentation offered a quick overview of Zero Trust architecture that could help kick start the journey for delegates thinking about adopting a Zero Trust approach.
After the informative presentations, delegates participated in interactive discussions facilitated by polling questions. This activity is designed to provide live-audience interaction, promote engagement, hear real-life experiences, and facilitate discussions that impart professional learning and development for participants.
A delegate asked the speakers about their experience of working within Zero Trust architectures. For him, the Zero Trust environment have caused people to be dispossessed of the services that they used to enjoy.
In response to that, Gerald points out that “humans are the weakest point” and it is not always a malicious person but someone trying to get their job done. It is vital to understand how users work and what data is needed. He sees Zero Trust as an opportunity to improve operations. By looking into various technologies, the government is essentially optimising processes and performance enhancements. However, he stresses the importance of understanding the user in the process of implementing new systems and not limiting it to the IT domain.
Fernando adds that implementing frameworks with legacy technologies that it where there will be a negative user experience. The end goal is to make the user experience as seamless as possible. Therefore, addressing legacy technology will be important in this process.
Mohit is convinced that it is not only about legacy technology but also legacy governance and processes. Change and transformation have to be holistic, encompassing all aspects.
The first poll inquired how delegates plan to implement Zero Trust across their extended environment. Most (34%) indicated that they have already started implementing zero trust with a primary focus on identifying our critical assets, followed by delegates who are not yet ready to implement zero-trust due to the lack of resources and skills needed(19%). The rest of the delegates indicated that they work with multiple security partners to build a practical and pragmatic roadmap to implement zero-trust (14%) or have made huge investments in different technologies and are not sure where to start due to operational complexities (14%).
A delegate observed that the consideration for Zero Trust needs to be ground in yielding a particular business value. At the same time, the end-user friction needs to be considered – the processes need to be made less difficult for everyone in the company.
Fernando opines that the user experience needs to lubricate the process of building a Zero Trust architecture. The technology is there to allow people to move faster. Mohit felt that there was resistance when the cloud-first came out but governments are slowly changing their policy to embrace the cloud.
On their organisation’s current security priority, over half the delegates indicated that enabling Endpoint Mobile Management & Protection (EMM) / BYOD/ IAM is their highest priority (55%). The rest of the equally divided between employing DDoS, Web Application Firewall, Bot Management, Data Loss Prevention (15%), ensuring secure access to applications hosted on cloud service providers (e.g. Microsoft, Amazon, Google) (15%), and ‘others’ (15%)
In response to the results, Fernando observes that the emphasis on the end-point could be because of the hybrid situation that organisations are in.
Exploring key drivers for their organisation in initiating and augmenting an identity access / Zero Trust management programme, exactly half the delegates indicated security/data protection/ breach prevention was the key driver. That is followed by internal/industry/regulatory compliance (19%), response to audit or security incidents (13%). The rest of the votes were split evenly between operational efficiency (6%), reduce endpoint, insider and IoT security threats (6%) and others (6%).
On the best scenario that describes their organisation’s journey, nearly 3 out of 5 of the delegates are of the view that ZTNA solution will work alongside VPN serving different use cases for years to come (59%). Other delegates felt that they see shifting users gradually from a VPN to a ZTNA solution but will always keep VPN for a core set of users (29%). Just over a tenth (10%) acknowledged they would migrate all users to a ZTNA solution (12%).
Looking at the polls, Fernando opines that the reason why people might have a foot on each side in ZTNA and VPN is due to the focus on user and identity in the marketing of services. Gerald adds that it might have to do with culture and the resistance to change. He believes that VPN is not iron-clad and that he would rather be effective than compliant.
When asked about the Zero Trust tenets that are most compelling to their organisation, just under a third (30%) placed continuous authentication, authorisation/Trust earned through entity verification at the top. This was followed equally by end-to-end access visibility and audit (21%) and data protection, e.g. secure connection (21%). The rest of the delegates were compelled by the facilitation of least privileged access (14%), no trust distinction between an internal or external network (7%) and others (7%).
The final poll inquired on the most likely approach that the delegate’s organisation might take in evolution to SASE (Secure Access Service Edge). An overwhelming number of delegates are likely to take a best of breed approach to select partners that are most appropriate to my organisation’s needs (77%). The remaining delegates were split between staying with existing partners and consolidating as necessary (15%) and looking for partners who can provide a complete SASE solution (8%).
In closing, Mark Huang, Product Director, Securecraft, acknowledged the mounting challenges in a drastically changed world. He emphasised that the journey of setting up a Zero Trust architecture need not be taken alone – Cloudflare at Securecraft can help government agencies with the task of making their services more secure.
Before ending the session, Mark thanked the delegates for the robust discussions and invited delegates to reach out to him and the team if they wanted a deeper understanding of how to get started on securing the government.
As the local distributor of Cloudflare, Mark emphasised that Securecraft would be more than happy to offer any support that delegates might need in their digital transformation journey.
The Infocomm Media Development Authority (IMDA) is spearheading an initiative to propel the nation’s capabilities in healthcare, Industry 4.0-driven manufacturing, and supply chain and logistics through the transformative power of 5G. This groundbreaking endeavour, known as the S$30 million 5G Innovation Programme, is not just a step forward but a giant leap into a future where innovation reshapes industries.
Launched in 2021, the 5G Innovation Programme is a testament to Singapore’s commitment to embracing emerging technologies. IMDA has forged strategic partnerships with key enterprises, including the National University Health System (NUHS).
In the healthcare industry, Singapore’s forward-thinking tech innovators, in collaboration with NUHS, have harnessed 5G to revolutionise patient care. The introduction of Mixed Reality-based Holomedicine in operating theatres stands out as a groundbreaking achievement.
This innovative approach not only enhances patient care but also redefines the entire healthcare experience. Announced in 2022, the initiative marks the Asia Pacific’s inaugural deployment of indoor private Enterprise 5G mobile edge computing (MEC) for Mixed Reality and Holomedicine capabilities in health tech.
A significant stride in healthcare also involves a collaboration with Republic Power to deploy 5G-enabled unmanned medical booths. These “Medbots” represent Asia’s first 5G-enabled unmanned pre-screening and teleconsultation medical booths. Equipped with state-of-the-art hygiene and safety systems, these booths support remote health screening and video consultations, offering an enhanced user experience that aligns with the demands of a digital era.
The impact of 5G extends beyond healthcare, permeating the realms of Industry 4.0-driven manufacturing, supply chain, and logistics. Collaborations with ST Engineering and DB Schenker have given rise to groundbreaking applications.
For instance, Singapore’s first 5G-enabled Digital Twin has been implemented for a logistics and supply chain company transforming warehouse and manufacturing operations, quality control, and customer experience. Simultaneously, ST Engineering’s 5G-Enabled Industry 4.0 Smart Factory boasts one of Singapore’s first 5G-enabled collaborative robots, revolutionising manufacturing processes.
Dr Ong Chen Hui, Assistant Chief Executive of the Biztech Group at IMDA, emphasised the agency’s commitment to architecting Singapore’s digital future. The goal is to build capabilities in various sectors powered by emerging technologies like 5G. IMDA’s collaboration with forward-looking companies signifies a concerted effort to unlock the full spectrum of benefits that 5G offers across a wide range of sectors.
As Singapore propels itself into the future, the 5G Innovation Programme stands as a testament to the nation’s dedication to progress. The partnerships with key enterprises underscore a collective effort to reshape, redefine, and transform industries across the country.
Singapore is not merely embracing change; it is pioneering a future where technology catalyses innovation and progress. The journey has just begun, and Singapore is at the forefront, shaping the narrative of a technologically advanced and future-ready nation.
The comprehensive initiative serves as a catalyst, propelling Singapore into a new era of digital prowess. It is not merely an adoption of advanced technologies; rather, it is a strategic alignment with the needs of the future, recognising the pivotal role technology plays in shaping economic landscapes on a global scale.
The 5G Innovation Programme signifies Singapore’s commitment to sustainable economic growth. By embracing technology as a driver of progress, Singapore is not just securing its current standing; it is laying the foundation for a resilient and forward-thinking economy. The emphasis on sustainability in this digital transformation ensures that growth is not just rapid but also enduring, with an eye towards environmental and social responsibility.
In an era where technology increasingly shapes the way we manage daily life, its impact on crucial legal matters is often neglected. A commonly overlooked concern revolves around decision-making in unique situations.
If an individual becomes incapable of making decisions, it’s important to note that their next of kin doesn’t automatically assume legal authority to oversee their affairs. Instead, they’re required to undergo a lengthy and cumbersome court process to gain access to bank accounts or manage insurance payouts.
With this in mind, Singapore offers an option to deal with such circumstances. The Lasting Power of Attorney (LPA) is a crucial legal document allowing individuals to designate someone to act on their behalf if they become incapacitated. Recognising its pivotal role, the partnership between GovTech’s Services team and the Office of the Public Guardian (OPG) under the Ministry of Social and Family Development (MSF) in Singapore has led to a remarkable digital transformation in the LPA application process.
The collaborative solution from the Office of the Public Guardian Online (OPGO) is a pioneering platform aimed at simplifying and automating the LPA application process. This digital overhaul not only slashes the processing time from three weeks to a mere 15 minutes but also revolutionises the user experience.
The development of OPGO was not a mere technological leap; it was a carefully curated process. The team embraced design thinking methodologies, engaging stakeholders, conducting usability workshops, and even pilot-testing with various demographics, including medical professionals and legal experts.
The integration of the National Digital Identity platform brought forth Secure Electronic Signatures, eliminating the need for physical signatures and ensuring a secure environment for document verification. Data security measures were rigorously implemented to safeguard sensitive information, offering citizens peace of mind when engaging with the platform.
The OPGO team is eager to explore more avenues to ease citizen’s lives. They’re on a mission to integrate artificial intelligence and machine learning into document processing, anticipating even faster processing times and improved user experiences. By employing predictive analysis, they aim to broaden coverage with reduced manpower.
The agile methodology adopted, coupled with technology like low-code platforms, continuous integration and delivery practices, automated testing, and cloud technology, ensured adaptability and quality assurance throughout the project lifecycle. These measures were instrumental in refining OPGO’s usability before its launch and continue to facilitate its evolution.
The journey from manual processing to digitalisation has not only simplified bureaucratic procedures but also empowered individuals to take charge of their future in a technologically advanced, efficient, and secure manner.
In essence, the evolution of LPAs through technology is not just about paperwork; it’s a testament to how innovation can transform legal processes, making them accessible, efficient, and reliable for the benefit of society.
Since its launch in November 2022, over 57,000 individuals have used the OPGO portal to submit their LPA applications. The platform’s success surpassed key benchmarks for customer satisfaction, e-payment integration, digital signatures, and data pre-fill, proving its intuitive interface and functionality were well-received by citizens.
Until March 2026, citizens have the opportunity to benefit from a waived $75 application fee for LPAs, enabling them to use the efficient and user-friendly OPGO platform to secure their future.
Singapore recognises that technology has the potential to better people’s lives. They also understand that all segments of society should be able to understand, access and participate in an increasingly digital world.
OpenGov reported on the government’s commitment to supporting Singaporeans in this quest for perpetual learning. Senior Minister of State Tan Kiat How underscored the pivotal role of continuous learning and skills acquisition in navigating the dynamic landscape of the modern world. He shared the Forward Singapore report, a comprehensive guide to the nation’s major developmental shifts, urging those unfamiliar with it to explore its insights.
In the nation’s critical infrastructure landscape, K-12 schools are pivotal, serving as the foundation for future success and playing an indispensable part in the lives of millions of children, families, and communities. Recognising the importance of ensuring the safety and well-being of students, educators, and staff, the Cybersecurity and Infrastructure Security Agency (CISA) leads the annual Critical Infrastructure Security and Resilience Month. This initiative aims to educate and engage all levels of government, infrastructure owners and operators, and the American public about critical infrastructure’s crucial role in the nation’s well-being and the need to strengthen security and resilience.
Digital technology has become an integral aspect of modern education, and as schools navigate the complex landscape of security and resilience, leveraging digital tools and strategies becomes paramount. The intersection of education and technology presents various challenges and opportunities, especially in an evolving threat environment that includes cyberattacks alongside more traditional hazards.
As CISA encourages a Resolve to be Resilient, the emphasis extends to the education community, urging several measures and investments in resilience. The agency acknowledges threats’ increased frequency and intensity, encompassing natural disasters, targeted violence, and cyberattacks. The call to action is clear: prepare today to withstand or recover quickly in the event of an incident tomorrow.
To address the challenges an interconnected world poses, CISA collaborates with several federal agencies and non-government partners to provide actionable guidance, evidence-based practices, and digital tools. The goal is to empower school leaders to navigate the complexities of the digital landscape while fostering a secure and resilient environment for students and staff.
One critical resource CISA offers is the K-12 Bystander Reporting Toolkit, developed in partnership with the U.S. Secret Service National Threat Assessment Centre. This toolkit equips schools with simple strategies to implement and enhance safety reporting programmes, leveraging digital communication channels to facilitate reporting and response.
The K-12 School Security Guide Product Suite, another digital resource, offers districts and campuses tools and strategies to evaluate vulnerabilities, strengthen security measures, and enhance the protection of school communities. This suite reflects a comprehensive approach to digital and physical security in educational settings.
Recognising the importance of cybersecurity, CISA’s Cybersecurity for K-12 Education provides schools with tools, information, and resources to guard against cyber actors and reduce the likelihood of successful cyber incursions. Addressing systemic cybersecurity risks becomes an integral component of school safety plans as technology advances.
Further, CISA’s Tabletop Exercise Packages, designed to examine and test safety processes and plans through simulated exercises, incorporate digital scenarios to ensure that schools are prepared for various threat scenarios, including cyber incidents. This proactive approach helps schools identify digital resilience and response capabilities gaps.
The agency’s regionally based security advisors further contribute to building resilience by providing various risk management and response services, including guidance on addressing evolving digital threats. These advisors play a crucial role in ensuring that schools are equipped to handle the dynamic challenges posed by the digital landscape.
In the digital age, where information is shared at unprecedented speeds, CISA administers SchoolSafety.gov, a Federal interagency website serving as a one-stop access point to school safety information, resources, and tools. This platform covers various topics and threats, offering a holistic approach to creating comprehensive and sustainable school safety plans.
Critical Infrastructure Security and Resilience Month reminds the entire school community to unite in advancing safety efforts. The focus on digital resilience highlights the need for ongoing preparedness and adaptation to changing risk conditions. Throughout this month and beyond, CISA reaffirms its commitment to assisting school communities in maintaining safe, secure, and resilient learning environments in the digital era. The agency’s dedication to leveraging digital technology to benefit education underscores the importance of an inclusive and collaborative approach to cybersecurity and resilience in the nation’s schools.
In a meeting with the Private Sector Advisory Council (PSAC), President Ferdinand R. Marcos Jr. pledged support for pivotal legislative measures recommended by the PSAC Digital Infrastructure Group. These measures, aligned with the Philippine Digital Transformation Framework, aim to fortify cybersecurity efforts within the nation.
Expressing his commitment during a Palace gathering, the President affirmed his intention to prioritise and expedite the passage of three bills pending in the Senate. These bills, including the Cybersecurity Act, Anti-Mule Act, and the Online Site Blocking Act, are integral components of the nation’s strategy to bolster cybersecurity and safeguard digital assets.
“The structural requirements in legislation are evidently crucial. Let’s focus on the Cybersecurity Act, Anti-Mule Act, and the Online Site Blocking Act. Collaborating with the Legislature’s leadership, we aim to swiftly progress these bills,” explained the President to PSAC officials.
The bills, currently pending at the Senate, encompass vital aspects crucial for the country’s digital security and protection against cyber threats. The Cybersecurity Act, in particular, carries provisions designed to enhance the country’s cybersecurity resilience, fortify critical information infrastructures, and impose penalties for non-compliance with digital asset protection standards.
Recent cyber threats targeting government entities have underscored the urgency of passing the Cybersecurity Act, aligning with the administration’s commitment to securing public digital assets.
Citing statistics from a tech giant, a significant 85% of Philippine companies anticipate potential disruptions to their operations due to cybersecurity attacks within the next 24 months. Additionally, data from the Department of Information and Communications Technology (DICT) underscores the Philippines’ prominence as the fourth most targeted country globally, with approximately 3,000 cyber incidents reported between 2020 and 2022, half of which targeted government institutions.
Moreover, the proposed Anti-Mule Act aims to curb fraudulent activities related to bank accounts, e-wallets, and other financial platforms. The legislation seeks to criminalise activities like using fake identities to open accounts, unauthorised account transfers, and recruiting individuals for fraudulent account purposes. It will also enforce stricter penalties and delineate jurisdiction for law enforcement agencies.
Simultaneously, the Online Site Blocking Act, if passed, will combat online content piracy by instituting measures to block websites hosting pirated content. Advocates highlight the importance of safeguarding the creative industry and consumers from the perils of online piracy, emphasising the potential revenue loss and risks posed by pirate websites.
PSAC stressed the significance of fortifying laws to protect the creative economy, ensuring artists can create content without fear of theft. They underscored the necessity of empowering the Executive branch to implement these laws effectively.
The collective urgency to fortify cybersecurity measures and protect digital assets underscores the critical need for the prompt passage of these bills. President Marcos Jr.’s endorsement signifies a pivotal step toward reinforcing the country’s digital infrastructure and safeguarding its cyber landscape for the future.
Earlier this year the Asian Productivity Organization (APO) convened a pivotal training session focused on enhancing cybersecurity across its member countries. Intending to foster the adoption of robust cybersecurity practices among IT professionals, the event encompassed representatives from diverse nations. Notably, among the forty-four participants, fourteen were delegates from various Philippine National Government Agencies alongside active participation from the private sector.
The four-day intensive training facilitated addressed the pressing need to fortify defences against evolving cyber threats and shed light on the escalating complexity of cyber threats. With the proliferation of artificial intelligence (AI) in augmenting the capabilities of cyber assailants, the landscape has become more treacherous, amplifying the vulnerabilities of existing cybersecurity defence mechanisms.
Established in 1961, the APO stands as an intergovernmental organisation committed to fostering mutual cooperation and sustainable socio-economic development across the region. Serving as a think tank and offering policy advisory services, the APO has consistently spearheaded initiatives spanning diverse sectors. In its unwavering dedication, it plays a crucial role in enhancing the cybersecurity resilience of member countries.
In a stirring address at the Emerging Enterprise Awards (EEA) 2023, Senior Minister of State Tan Kiat How underscored the pivotal role of continuous learning and skills acquisition in navigating the dynamic landscape of the modern world.
Emphasising that education should be viewed as a lifelong journey, extending beyond formal academic years, he articulated the need for individuals to adapt to the evolving demands of an ever-changing workplace.
Acknowledging the government’s commitment to supporting Singaporeans in this quest for perpetual learning, Tan Kiat How also appealed to business owners and industry leaders to create an enabling environment for employees to upgrade their skills. He highlighted the Forward Singapore report, a comprehensive guide to the nation’s major developmental shifts, urging those unfamiliar with it to explore its insights.
The Senior Minister of State asserted that embracing technology as a strategic enabler is integral to overcoming traditional constraints and enhancing competitiveness. He underscored Singapore’s pioneering role in digital technology adoption, dating back to the 1980s when the nation became one of the first in the world to integrate computers into its public service and workplaces.
Singapore places a paramount emphasis on the pivotal role of digitalisation in revolutionising its educational landscape. With a focus on enhancing learning experiences, fostering global competitiveness, and preparing students for the future workforce, the nation is embracing innovative teaching methods and personalised learning through advanced digital tools.
The integration of technology not only streamlines administrative processes but also facilitates seamless transitions between in-person and online learning models. This commitment to digitalisation reflects Singapore’s dedication to staying at the forefront of educational innovation, equipping students with essential technological skills for the evolving global landscape.
This commitment to technological advancement has persisted, forming the bedrock of Singapore’s digital foundation. Senior Minister Tan shed light on the government’s SMEs Go Digital programme, an initiative integrating emerging technologies like artificial intelligence (AI) and cloud services into Industry Digital Plans (IDPs).
These IDPs serve as roadmaps, guiding businesses across various sectors in adopting digital solutions and upskilling their workforce. In a recent example, the Tourism (Attractions) IDP incorporated AI to streamline workflows and provide data-driven insights, enhancing decision-making for attraction operators.
The government’s holistic approach extends beyond specific sectors, with a thorough examination of industry disciplines sector by sector. This involves updating strategies, incorporating emerging technologies, and ensuring that small and medium-sized enterprises (SMEs) can boost productivity and competitiveness while navigating the complexities of digital transformation.
Senior Minister Tan cited the Chief Information Security Officers-as-a-Service initiative, where cybersecurity consultants aid firms in enhancing cyber resilience through “check-ups” and tailored health plans.
Encouraging firms and networks to actively engage with these programmes, Senior Minister Tan emphasised the need for Singapore to embrace its agency in shaping its future. He urged the nation to leverage its strong foundation and the strategic roadmap outlined in Forward Singapore.
As Singapore charts its digital odyssey, the EEA 2023 serves as a platform not just for acknowledging achievements but for inspiring a collective commitment to a future where technological innovation and lifelong learning propel the nation to new heights.
The Senior Minister of State added that Singapore’s exceptionalism relies on collective ambition, hard work, and unity, ensuring that the nation continues to defy the odds and stand as a beacon on the global stage.
Singapore’s Senior Minister of State for Defence, Heng Chee How, and Senior Minister of State for Communications and Information and Health, Dr Janil Puthucheary, recently visited the Critical Infrastructure Defence Exercise (CIDeX) 2023, underscoring the government’s commitment to fortifying national cybersecurity.
The exercise, held at the National University of Singapore School of Computing, witnessed over 200 participants engaging in operational technology (OT) critical infrastructure defence training.
Organised by the Digital and Intelligence Service (DIS) and the Cyber Security Agency of Singapore (CSA), with support from iTrust/SUTD and the National Cybersecurity R&D Laboratory (NCL), CIDeX 2023 marked a collaborative effort to enhance Whole-Of-Government (WoG) cyber capabilities. The exercise focused on detecting and countering cyber threats to both Information Technology (IT) and OT networks governing critical infrastructure sectors.
This year’s edition boasted participation from DIS, CSA, and 24 other national agencies across six Critical Information Infrastructure (CII) sectors. With an expanded digital infrastructure comprising six enterprise IT networks and three new OT testbeds, participants operated on six OT testbeds within key sectors—power, water, telecom, and aviation.
CIDeX 2023 featured Blue Teams, composed of national agency participants serving as cyber defenders, defending their digital infrastructure against simulated cyber-attacks launched by a composite Red Team comprising DIS, CSA, DSTA, and IMDA personnel. The exercises simulated attacks on both IT and OT networks, including scenarios such as overloading an airport substation, disrupting water distribution, and shutting down a gas plant.
The exercise provided a platform for participants to hone their technical competencies, enhance collaboration, and share expertise across agencies. Before CIDeX, participants underwent a five-day hands-on training programme at the Singapore Armed Forces (SAF)’s Cyber Defence Test and Evaluation Centre (CyTEC) at Stagmont Camp, ensuring readiness for cyber defence challenges.
On the sidelines of CIDeX 2023, the DIS solidified cyber collaboration by signing Memorandums of Understanding (MoUs) with key technology sector partners, expanding its partnerships beyond the earlier agreement with Microsoft earlier in the year.
Senior Minister Heng emphasised the importance of inter-agency cooperation, stating, “CIDeX is a platform where we bring together many agencies throughout the government to come together to learn how to defend together.” He highlighted the collective effort involving 26 agencies and over 200 participants, acknowledging the significance of unity in cybersecurity.
Dr Janil echoed this sentiment, emphasising CIDeX’s role in the Whole-of-Government (WoG) cyber defence effort. He remarked, “Defending Singapore’s cyberspace is not an easy task, and it is a team effort.”
He commended the strong partnership between the Cyber Security Agency of Singapore and the Digital and Intelligence Service, recognising the exercise as a crucial element in strengthening the nation’s digital resilience and national cybersecurity posture.
By leveraging collaboration, innovation, and a robust defence strategy, Singapore aims not just to protect its critical infrastructure but to set a global standard in cybersecurity practices.
CIDeX 2023 serves as a compelling embodiment of Singapore’s unwavering dedication to maintaining a leadership position in cybersecurity practices. This strategic exercise underscores the nation’s commitment to cultivating collaboration and fortifying its resilience against continually evolving cyber threats.
Beyond a training ground for sharpening the skills of cyber defenders, CIDeX 2023 encapsulates the government’s profound commitment to adopting a robust, collaborative, and forward-thinking approach to safeguarding the integrity and security of the nation’s critical infrastructure in the dynamic landscape of the digital age.
The Chief Dental Officer of the Ministry of Health (MOH), Associate Prof Chng Chai Kiat highlighted their role in fostering collaboration, exploring innovation and propelling oral health into the future. Digitalisation, a key element of this transformation, takes centre stage providing a vibrant space for scientists to delve into technological advancements shaping the future of oral health.
Over the next few days, 60 local and international speakers will unravel cutting-edge technologies, artificial intelligence (AI), digital dentistry, biomaterials, orofacial devices, therapeutics, and more.
Oral diseases, affecting 3.5 billion globally, not only compromise health but also pose a substantial economic burden. In Singapore, the 2019/2020 National Adult Oral Health Survey revealed high prevalence rates, emphasising the need for effective strategies.
Assoc Prof Chng underlined the significance of oral health surveillance studies, crucial for policymaking and health system planning, while research becomes a driver for innovation in delivering quality oral care.
Population health takes precedence, aligning with Singapore’s healthcare reform through the Healthier SG initiative. The ageing population becomes a focal point, prompting the need for preventive care to ensure good oral health. Population oral health studies become instrumental in understanding responses to interventions across generations, contributing to effective policymaking.
A notable endeavour is the SG70 cohort study, “Towards Healthy Longevity,” integrating oral health research into mainstream public health initiatives. Led by the National University of Singapore, it examines the effects of biological, lifestyle, and socioeconomic factors on healthy ageing. A representative sample of 3,000 Singaporeans aged 70 and older will be followed for the next 10 to 15 years.
Digital dentistry solutions take a leap forward with the ongoing development of a clinically integrated workflow to produce removable partial dentures efficiently. Spearheaded by SingHealth-Duke NUS Medical School, this research proposal employs 3D dental prosthesis printing, biomaterials, and regenerative dentistry, catering to the oral needs of an ageing population.
Industry collaboration has become integral, and a noteworthy example is the development of an antiseptic mouth rinse with anti-viral properties. Originating during the COVID-19 pandemic, the study by the National Dental Centre Singapore has successfully partnered with a homegrown oral care brand, showcasing a synergy between oral health research expertise and industry knowledge.
Digital dentistry solutions have revolutionised dental practices by offering precision, efficiency, and enhanced patient experiences. Utilising advanced technologies such as intraoral scanners and CAD/CAM systems, these solutions ensure precise measurements and accurate diagnoses.
Digital workflows streamline traditional processes, significantly reducing chair time and enabling same-day restorations. This benefits practitioners in terms of time efficiency and enhances the overall patient experience, as digital impressions replace traditional materials, providing a more comfortable and less intrusive procedure.
Customisation and aesthetics are paramount in modern dentistry, and digital tools like CAD/CAM systems allow for the creation of highly customised dental prosthetics tailored to individual patient anatomy. The precise colour-matching capabilities of digital technologies contribute to restorations that closely resemble natural teeth, achieving superior aesthetic outcomes.
Additionally, improved communication between dental professionals is facilitated through digital platforms, enabling seamless collaboration on multidisciplinary cases. The ease of sharing digital records with laboratories, specialists, and other team members fosters better coordination in delivering comprehensive patient care.
Beyond the immediate benefits, digital dentistry offers long-term advantages such as cost-effectiveness, as reduced material costs and increased efficiency offset initial investments.
The accessibility and secure storage of digital patient records contribute to better continuity of care, while ongoing technological advancements, including the integration of artificial intelligence (AI) and 3D printing, ensure that dental practices remain at the forefront of emerging trends.
Hence, digital dentistry has become an essential component of modern dental care, providing practitioners with tools to deliver high-quality, patient-centred services in a technologically advanced environment.