With the onset of the pandemic, there is no doubt that agencies and companies feel a more pressing need to ramp up cybersecurity infrastructure and network security models. Cyberattacks are getting more sophisticated, driven by accelerated digital transformation – moving to cloud, rolling out new applications and e-services at lightning speed – to address the needs of citizens and customers.
Combined with the surge in the use of end-point devices for remote working and the entry of new emerging technologies like IoT (Internet of Things), cybercriminals are having a field day, creating havoc in customer records, causing huge financial and intellectual property losses in public and private sector organisations alike.
The widespread move towards remote work and hence, the need for access and security have spurred investment in ZeroTrust security. The ability to authenticate and monitor all traffic, regardless of its position inside or outside of an organisation’s network, promises to reduce or eliminate many security risks.
The pandemic changed things and there is no turning back to an old reality. The question is: How can organisations keep up with the never-ending threat of cyberattacks and futureproofing themselves?
The 7th Annual Singapore OpenGov Leadership Forum 2022, Day 3, was held on 19 May 2022 at Singapore Marriott Tang Plaza Hotel. It convened digital leaders from the Singapore public sector and financial services industry to discuss, deliberate, share and plan for the next phase of transformation.
Security in a post-covid reality
Mohit Sagar, Group Managing Director, and Editor-in-Chief, OpenGov Asia, kicked off the session with his opening address.
“We’re in the age of the metaverse,” Mohit claims, pointing out the growing trend of the metaverse. “The metaverse is where all the information will be sitting very soon. Everyone who does not know cryptocurrency will think that it is bad.”
Being a digital-first nation, Singapore is at the centre of attention. If the nation is not future-ready, it cannot be said to be prepared at all, Mohit claims. And in a future-ready country, data is foundational. Safe and wide access to data then becomes the challenge and goal.
With consumers and businesses operating in a more distributed fashion, the attack surface has widened more than ever before as well. Like in other parts of the world, cyber-attacks are becoming increasingly common in Singapore, Mohit acknowledges. Ransomware cases in Singapore rose 154% in 2020, clearly becoming a growing threat.
Against this backdrop, a new ransomware economy has emerged for attackers, enabled by ransomware-as-a-service providers. Attackers have grown sophisticated in executing double extortion attacks whereby sensitive data is exfiltrated under threat of release.
“The world is not the same as it was, but are organisations keeping up with the changes?” Mohit asks. “ About 95% of all successful cyber-attacks are caused by human error.”
People need more intel because the threat is ongoing. Cyberthreats will continue to evolve, Mohit claims. People can no longer hide behind security o stifle development and innovation. Organisations must embrace the risks, plan for them and push the envelope as far as possible.
In conclusion, he feels, the best approach to safeguard data is to look for partners who are experts in their field of work who can help organisations keep their glass full so that they can focus on their business objectives.
Acknowledging the changing frontiers of technology
Bidyut Dumra, Executive Director & Head of Innovation DBS Bank spoke next on the rising trend of the metaverse.
In his current role, Bidyut looks after innovation in the bank and also furthers other areas of interest – metaverse, running an online gaming tournament and a network of gaming cafes. Bidyut begins by sharing his experience of working in different sectors.
As part of innovation at DBS, they do trend spotting and create a house field that dictates when to jump on a trend and how. According to Bidyut, the semblance of the metaverse came in 2019 and there were a few indicators that heralded it: 1) The typical persona of a gamer changed significantly. The number of gaming personas increased and the financial activity online has increased dramatically. 2) There was a dramatic increase in the popularity of e-sports and 3) Technology pushed that bridge between digital and physical experience.
Considering the trends, DBS began sponsoring championships, creating their team to compete and addressing gamer incentives. They invested heavily in understanding blockchain and went about creating their platform, tokens and digital assets.
“To put it simply, the metaverse is a digital reality,” Bidyut opines. “It is characterised by being real-time, its persistence and the experience of identity and assets. Within the metaverse, there can be multiple experiences of work, life, and play. With the metaverse, one can take on multiple avatars to mimic what people can do in their physical life.”
Each metaverse is a planet, where you can own land, assets (characters, clothes, etc.) and privileges, which can sometimes be transferred into the physical world. For instance, a ticket in the metaverse might grant you access to the physical world, and vice-versa. All transactions in the metaverse are stored in a blockchain – it is an underlying tech.
To serve and take advantage of this market and business opportunity, people are creating ancillary services and businesses, he notes. There are a lot of people are in the space – investments have gone up.
Ultimately, it is code, and code is built by people. This means that security falls back on the integrity of the code and the coder. He encourages delegates to take a closer look at metaverses because that is where the money and sentiment are heading towards.
Staying secure with Zero Trust
Scott Hesford, Director of Solutions Engineering, APJ, BeyondTrust elaborated on Zero Trust and how privileges can be applied.
“What is Zero Trust?” Scott begins. “It is an evolving set of cybersecurity paradigms that move defences from static, network-based perimeters to focus on users, assets, and resources.”
The Zero Trust framework is still fairly vague in terms of what specific technology is required and how to implement it. It has mostly been left up to technology vendors, agencies and organisations to determine what Zero Trust is. Consequently, it has become an industry buzzword that can mean many different things, depending on the vendor offering it.
Assets, users and devices are no longer confined in a physical structure behind a secured perimeter but instead scattered in a new cloud-based universe. Organisations can no longer rely on typical network controls for their security. Digital transformation – including cloud and workforce mobility – has vastly expanded the attack surface.
The Zero Trust model brings a lot of focus to the potential that something or someone within the network perimeter has been compromised.
Under the assumption that every user, request and server is untrusted until proven otherwise, a zero-trust solution dynamically and continually assesses trust every time a user or device requests access to a resource.
This approach prevents attackers from exploiting weaknesses in the perimeter to gain entry, and, once inside, move laterally to access confidential applications and data.
On the path to Zero Trust, NIST provides a clear playbook on how to adopt zero trust principles. He emphasises that zero trust is not a single set of technologies an organisation can purchase, but a guiding set of principles that organisations will gradually adopt as they shift resources from on-premises to the cloud and retire legacy architecture. In the implementation process, hybrid implementations are expected to continue, given the challenges of modernising legacy systems that may be incompatible with zero trust
In the adoption journey, the role of Privileged Access Management (PAM) is critical, Scott asserts. Applying the granularity of PAM to achieve Zero Trust objectives ensures all access is appropriate, managed and documented – regardless of how the perimeter has been redefined.
According to Scott, PAM enables Zero Trust in 8 ways:
- Continuously enforces adaptive and just-in-time access controls based on context
- Manages and enforces credential security best practices for all privileged passwords, secrets, and keys for accounts
- Applies least privilege controls for every identity and account – human, application, machine, employee, vendor, etc.
- Implements segmentation and micro-segmentation to isolate various assets, resources, and users to restrict lateral movement
- Secures remote access with granular least privilege and adaptive capabilities well beyond that of VPNs, RDP, and other common remote access technologies
- Secures access to control planes (cloud, virtual, DevOps) and sensitive applications
- Continuously monitors, manages and audits every privileged session that touches the enterprise
BeyondTrust and ZeroTrust are solutions that support the smart, practical implementation of NIST’s Zero Trust security model without disrupting business processes. BeyondTrust solutions can be implemented with a Zero Trust Architecture (ZTA). Scott concludes that the hybrid approach provides companies with the ability to select the parts of the Zero Trust model that make sense to implement in their environment with a common-sense approach toward long-term security. In closing, he urges the delegates to consider Zero Trust adoption – a vital framework to keep the data safe.
Cyber resilience in face of evolving challenges
Soh Kiat Hiong, Head of System Engineering, Rubrik, shared thoughts on cyber resilience in the new normal.
“As we all know, ransomware is a clear and growing threat,” Kiat Hiong observes. “With consumers and businesses operating in a more distributed fashion, the attack surface has widened more than ever before as well”
Agreeing with Mohit, he acknowledges that a new ransomware economy has emerged for attackers, enabled by ransomware-as-a-service providers. Attackers have grown increasingly clever in deploying double extortion attacks in which critical data is taken under threat of release. There is a shift from an opportunistic approach to a targeted approach.
Ransomware as a service is making it easier for criminals to commit crimes. There is also a rise in high-profile ransomware incidences. “How do we secure and eliminate the surface area and ensure that data is encrypted?” Kiat Hiong asks.
For Kiat Hiong, resilience is about having data security that aligns with the Zero Trust data security framework. It is not just about backup and recovery but about understanding the magnitude of impact – about understanding, identifying the sensitive data, and tiering the recovery. To do that requires one to streamline the valuable information, understand the high-value data that is impacted and prevent re-infection.
Additionally, Kiat Hiong shares that Rubrik is also able to offer insights on cyber-attacks. Rubrik saw an opportunity in understanding what has happened and what has changed. When data is ingested, it allows them to understand the environment and prevent ransomware from reinfecting customers.
He highlights the use case in the public sector in Singapore. Before Rubrik stepped in, there were legacy platforms without an air gap, which has a big surface area for attack due to the separation between the backup and storage. As such, Rubrik implemented zero-trust data security to eliminate the surface area for an attack so that no data is presented online.
With Rubrik’s Zero Trust Data Security, the organisation:
- Scaled-Out Simplicity with Zero Data Security
- Removed storage online or on the network (native logical air gap)
- Ensured that backups cannot be modified/encrypted (immutable file system)
- Integrated with AWS S3 Immutable Object Lock
- Guaranteed that major attacks are now recoverable events from the 1st copy
As a result, the organisation achieved:
- 80% Productivity Improvement
- Accelerated DevTest with API (application programming interfaces) automation
- Reduced Business Downtime with Instant Live Mount
- Near 100% success rate
In concluding his presentation, Kiat Hiong outlined the 3 key pillars of Rubrik’s Zero Trust Data Security – Data Resilience, Data Observability and Data Recovery. More importantly, Rubrik is also able to give insights, conduct ransomware investigation and sensitive data discovery, and carry out threat hunting. He encourages the delegates to speak with him to further understand how Rubrik can assist organisations in the security of their data.
Polling results in the morning session
Throughout the morning session, delegates were polled on different topics.
Delegates were then asked about what would have the bulk of their budget allocation in 2022 –2023. Under a quarter (23%) indicated embracing cloud technology, be it public or private as the bulk of their budget. One section was equally divided between allocating the bulk of their budget to the digitalisation of processes to deliver better or ‘Smart’ services (19%) and improving integrity and governance while reducing inefficiency (19%). The rest indicated they would invest in leveraging IoT to improve processes and productivity (15%), enhancing or adopting AI (Artificial Intelligence) and Analytics for improving outcomes through forecasting, prediction, and optimisation (12%) or fortifying resilience (12%).
On the main motivator that is driving digital transformation, most (40%) are influenced by the desire to speed up their time-to-market to fully capitalise on business opportunities or to serve citizens better. Just over a quarter (28%) see a growing need to maximise value/insights from an increasing amount of data assets as a motivator. Others were split between the improved capability to manage an increasing amount of data at the edge locations while ensuring security and compliance (16%) and providing a consistent and seamless cloud-everywhere experience across a distributed organisation (16%).
Inquiring about concerns in the consideration to move to cloud, over half (52%) were anxious about security and governance. Other delegates were focussing on the need to re-skill talent (28%), operational costs (17%) or vendor lock-in (3%).
The subsequent poll asked delegates what they saw as the biggest challenge in digitalisation and cloud migration. Over a third (38%) found people and skillset the biggest issue, under a quarter chose data classification/data sovereignty/data residency and just over a fifth (21%) went with security and compliance risk. One group of the remaining delegates was evenly divided over executive support/top management strategy (7%) and legacy infrastructure (7%) while the rest (3%) said the budget was of concern.
On their plans to implement Zero Trust across their extended environment, most (47%) are partnering with multiple security partners to build a practical and pragmatic roadmap to implement zero trust. Other delegates were split between implementing zero trust with a primary focus on identifying our critical assets (42%) and making huge investments in different technologies and not sure where to start due to operational complexities (11%).
On the key driver for their organisation’s initiating/augmenting an identity access/Zero Trust management programme, over half (58%) identified Security/Data Protection/Breach Prevention as a key driver. That is followed by the desire to reduce endpoint, Insider and IoT security threats (16%). The remaining delegates were split between internal/Industry/Regulatory compliance (11%), operational efficiency (11%), and addressing hybrid IT (Information Technology) security issues (5%).
When asked about the approach that is for their organisation in evolving to SASE (Secure Access Service Edge), an overwhelming majority would take a best of breed approach to select partners that are most appropriate to my organisation’s needs (73%), followed by looking for partners who can provide complete SASE solution (27%).
In conversation: Digital Sovereignty – the impact on your cloud strategy
The polling was followed by a conversation between Mohit Sagar, Group Managing Director & Editor-In-Chief OpenGov Asia, Kenny Seah, Head of Identity Access Management, Adnovum Singapore and Melvin Koh, Head of Sales Engineering ASEAN, Thales.
The rapid and pervasive development of digital technology has brought ‘digital sovereignty’ to the forefront of many governments’ policy agendas. Many countries have introduced digital sovereignty laws of varying scope on account of concerns about cybersecurity, data privacy and sensitivity and cyber capabilities, often imposing broad restrictions on cross-border data transfer or introducing local content requirements for digital-related services.
Melvin explains that digital sovereignty is about an organisation’s control over hardware software and data controlled by the organisation, which is related to the data privacy act. It shifts the responsibility to the organisation to protect the data. He notes that the prevailing data protection challenge lies in instances where data is shared outwards or in use and emphasises the importance of seeing where the data is shared.
Mohit was curious about Kenny’s thoughts on the impact of digital sovereignty on the deployment of cloud strategy, to which Kenny observes the trend that more organisations are embarking on a cloud strategy. However, the missing focus is on the migration process – knowing how to do it and choosing the approaches. Organisations need to be aware of the different strategies.
Mohit adds that it is not a lift-and-shift play and that organisations need to re-organise their data when they adopt cloud technology. Kenny believes that the process of determining whether data can migrate to cloud is understanding whether data is protected through encryption, generalisation, tokenisation, and anonymisation to maintain the control.
Besides data sovereignty, which was mentioned by Melvin, Kenny offers definitions of the other two terms: 1) Operational Sovereignty – maintaining resilience and having control over operations and managing incidence when a breach is detected and 2) Software sovereignty – propriety control over the software that organisations or their vendor have developed or co-sourced. That arrangement needs to be well-protected through legal means so that organisations will have ownership of the software
Melvin feels that when moving to cloud, it always begins as hybrid cloud. Organisations at the start of the journey will need to classify what can be moved to cloud. They will have to understand the security they have on-prem and on their cloud service provider. It would be crucial to maintain the same level of security for both systems.
For organisations already in the cloud and have multiple clouds, management becomes an issue. There needs to be a centralised component to manage both clouds and maintain the lifecycle of the key.
In conclusion, Kenny added that data classification and complexity of multi-cloud strategy are considerations for organisations planning their cloud strategy and Melvin added that it is a journey that will require time and patience.
Strengthening security through SaaS
Lim Wee Jian, Senior Solutions Engineer Public Sector, VMware talked about the SaaS approach toward security.
VMware’s goal is to run more with existing resources and make their business run faster. He notes that the cloud migration has made data more distributed and VMware’s mission is to help organisations run more apps on any of the cloud at scale.
Cloud technology has its own set of complications, Wee Jian believes. It can be an inconsistent experience for operations or development – applications are leveraging on a cloud-native architecture which makes running applications and multi-cloud complicated.
There are many compelling reasons for modernising applications. COVID-19 has brought about a radical change in how businesses operate and deliver to consumer expectations. Technologies like Grabfood, Shopping website, Netflix and most importantly, Tracetogether, are good examples of the user experience becoming a digitally driven one.
Digital transactions are the new currency for services and this requires modern applications and systems that support a digital ecosystem. The ability to deliver new features and services rapidly is essential.
For businesses to remain competitive and agile, they would require systems that are fast, automated, and repeatable capabilities. Capabilities such as automated application building and deployment within hours or minutes including all phases of code and security testing.
More importantly, a digital system drives the need for cultural and operational change, and this needs a digital ecosystem that is well integrated and automated.
While building our modern application using cloud-native approach, we will need to inject security during development or operation time.
DevSecOps is a way of approaching IT security with an “everyone is responsible for security” mindset. It involves injecting security practices into an organization’s DevOps pipeline. The goal is to incorporate security into all stages of the software development workflow. The obvious advantage of doing this is that organisations can identify potential vulnerabilities and work on resolving them sooner – the earlier you find any bugs, the cheaper it will be for you to fix them.
About the factors contributing to the SaaS trend, Wee Jian mentioned:
- Operational efficiency – Customers are looking at the time and cost benefits of using vendor-managed services.
- Security – Customer looking at a vendor to take up the responsibility to maintain and update the software to resolve security vulnerabilities
- Reliability – SLA is always sometime on top of our customer’s minds to ensure that the availability of services is guaranteed.
- Allow enterprises to focus more on business and less on maintaining operations, security, and high availability
Using the Tanzu portfolio, Wee Jian demonstrates the processes involved in the context of the day-to-day work of building, delivering, and managing modern apps – from how to support developer velocity to operating in production at scale.
Wee Jian emphasises that it is an effort that requires tight collaboration across development, security, and operational teams, ensuring each team’s needs are met, but with a clear separation of concerns so that each role can be optimised for their jobs. Developers can focus on delivering key business logic. Security teams can ensure security and compliance guardrails are inserted end-to-end (and automated), and operations teams (or platform teams) can focus on the platform —and the applications and clusters running there.
In conclusion, Wee Jian believes that great modern software is not just about the tools but about the people and culture. Tanzu Lab is a consultancy service that can help the team scale their practice.
Buttressing your cyber recovery capabilities
Marcus Loh, General Manager, South Asia Data Protection Solutions, Dell Technologies spoke next on cyber recovery.
Marcus begins by emphasising that people cannot afford to be walled off even though that is the most secure position – businesses need a productive solution that can be deployed in their environments.
Unpacking the concept of cyber resiliency, Marcus explains, “Cybersecurity describes a company’s ability to protect against and avoid the increasing threat from cybercrime. Meanwhile, cyber resilience refers to a company’s ability to mitigate damage (damage to systems, processes, and reputation), and carry on once systems or data have been compromised. In essence, cyber resilience is about reducing the impact of a cyber event.”
The explosion of data is a pressing issue that many organisations face. COVID-19 expedited the process because brick-and-mortar establishments are going online. However, most organisations do not know what info they have and why they are keeping them.
What is making data retention policy problematic is when organisations keep it forever. He shares that only 15% of all data are mission-critical. Keeping data increases the attack surface – and especially so because people are working from home.
What he also observes is the unequal attention on prevention but not on recovery. However, he highlights that ransomware has been designed to target the backup.
He believes that traditional strategies are not enough to do the following:
- Backup Server encryption
- Backup encryption
- DNS/AD down/corruption
- Recovery performance in massive change rate, full application recovery
- Full-stack recovery
- Primary data encryption
- Restore targets
It is easy to say that data recovery is about identifying the correct backup version and recovery but it is hard to tell if your backup is dirty. “How do you ensure that you have a clean backup copy?” Marcus asks.
In conclusion, he emphasises the importance of finding out the MVO (minimal viable organisation) of an organisation. He reiterates that organisations only need 15% of mission-critical applications to run their business in the event of a cyber event. “When you protect everything, you protect nothing,” Marcus claims.
Polling results in the afternoon session
Throughout the afternoon session, delegates were polled on different topics.
Delegates were then asked about what would have the bulk of their budget allocation in 2022 –2023. Half (50%) indicated embracing cloud technology, be it public or private as the bulk of their budget. The remaining delegates allocated the bulk of their budget to fortifying cyber resilience (22%), digitalisation of processes to deliver better or ‘Smart’ services (17%), improving integrity and governance whilst reducing inefficiency (6%) and enhancing or adopting AI and Analytics for improving outcomes through forecasting, prediction, and optimisation (6%).
On the main motivator that is driving digital transformation, delegates were equally divided between speeding up their time-to-market to fully capitalise on business opportunities or to serve citizens better (31%) and improving their capability to manage an increasing amount of data at the edge locations while ensuring security and compliance (31%). The rest of the delegates are driven by the need to provide a consistent and seamless cloud-everywhere experience across a distributed organisation (15%).
Regarding key concerns in the consideration to move to cloud, most (47%) were focused on the need to re-skill talent (47%), followed by security and governance (40%) while the rest were looking at operational costs (13%).
About what they saw as the biggest challenge in digitalisation and cloud migration, half (50%) found people and skillset the biggest issue. The rest of the delegates found data classification/data sovereignty/data residency (21%) and security and compliance risk (21%) challenging. The remaining delegates found budget (7%) to be of concern.
Inquiring about the cyber security concerns that organisations are most worried about, most delegates (40%) were concerned about attacks on public-facing websites and infrastructure. (e.g., SQLi, XSS, DDOS). A third (33%) are concerned about phishing and spear-phishing campaigns. The remaining delegates are bothered about social engineering campaigns targeting employees/partners/users (20%) and attacks on remote access infrastructure, e.g., VPN compromise (7%).
Asked about key drivers for their organisation’s initiating/augmenting an identity access/Zero Trust management programme, most (45%) identified Security/Data Protection/Breach Prevention as critical and was followed by internal/Industry/Regulatory compliance (18%). The rest of the delegates are evenly split between the desire to reduce endpoint, Insider and IoT security threats (9%), operational efficiency (9%), response to audit or security incidents (9%) and addressing hybrid IT security issues (9%).
Inquiring about the approach for their organisation in evolving to SASE (Secure Access Service Edge), an overwhelming majority (75%) would take a best-of-breed approach to select partners that are most appropriate to the organisation’s needs. The rest said they would be staying with existing partners, consolidating as necessary (17%) or are looking for partners who can provide a complete SASE solution (8%).
To conclude the day, Mohit stresses the importance of getting started on the journey of securing data and information. It is the only way to stay relevant in face of changing realities. For Mohit, there is a need to take a serious look at security and data recovery – attacks are inevitable. It is crucial because organisations are focusing on technologies to keep their most vulnerable populations safe and secure – kids, seniors, families and communities.
Singapore’s Infocomm Media Development Authority (IMDA) has recently updated its platform known as Chief Technology Officer-as-a-Service (CTO-as-a-Service). The platform enables SMEs to self-assess their digital readiness and needs at any time and from any location, as well as access market-proven and cost-effective digital solutions and engage digital consultants for in-depth advisory and project management services.
This is for any business entity that wants to know how to start going digital, understand what type of solutions to adopt for its specific business challenge, or choose the solution that best meets its needs.
An enterprise can benefit from CTO-as-a-Service through:
- Conduct a self-evaluation of its digital readiness and pinpoint its gaps and needs in terms of digitalisation;
- Study other Small and Medium Sized Enterprises (SMEs) that have carried out digitalisation projects successfully;
- Receive digital solution suggestions based on the business’s needs and profile; and
- Evaluate the features and costs of various digital solutions.
There are more than 450 subsidised digital solutions available for selection, including those that address industry-specific or general business needs, as well as those that serve to streamline operations, increase business sales revenue, or ensure business resiliency.
The business can also work with digital consultants from the designated operators through CTO-as-a-Service, for digital advisory to assist:
- Seek a deeper comprehension of its business priorities and needs;
- Create training plans and digital solutions specifically for its businesses;
- Include fundamental data usage, protection, and cybersecurity risks in the digitalisation process.
The business may also ask digital consultants to assist with project managing the rollout of its digitalisation initiatives.
Eligible businesses can use digital advisory and project management services for free for the first time. Should the businesses want to keep using digital consultants, future usage or service enhancement will be based on commercial agreements.
Any company that satisfies the requirements below is qualified to use free project management and digital advisory services for the first time:
- Licensed and active in Singapore;
- A minimum of 30 per cent local shareholding;
- Enterprise’s group employment size is no more than 200 employees, or the group’s annual sales turnover is no more than S$100 million;
- Has never previously used CTO-as-a-Service digital consultants.
Meanwhile, SMEs are the backbone of Singapore’s economy. They employ two-thirds of the country’s workers and contribute almost half of Singapore’s GDP. Since digital technology is changing every part of Singapore’s economy, SMEs need to take advantage of digital technologies to grow and do well.
The SMEs Go Digital programme, which was started by the IMDA in April 2017, is meant to make going digital easy for SMEs. More than 80,000 SMEs have used the programme’s digital solutions.
Enterprises can also use advanced and integrated solutions to improve their capabilities, strengthen business continuity measures, and build longer-term resilience. Solutions that are supported by government agencies solve common problems at the enterprise level on a large scale, help enterprises adopt new technologies, and make it easier for enterprises to do business within or across sectors.
IMDA works with sector-led agencies and industry players to find advanced and integrated digital solutions that can be supported and are relevant to their sectors. Companies that want to use these solutions can check the IMDA website to find out when they can apply for each one.
Costs for hardware, software, infrastructure, connectivity, cybersecurity, integrations, development, improvement, and project management can be covered by funding support. With this, the agency has kept helping businesses, and the list of solutions that are supported will grow, with an emphasis on AI-enabled and cloud-based solutions.
Taiwan City Science Lab @ Taipei Tech demonstrated a series of cutting-edge AI applications. The lab exhibit advanced AI applications and their research and development results, such as the mobile robot, a AI robotic fish and Campus Rover.
The cross-disciplinary R&D and teaching laboratory aims to be a global technology and talent exchange platform. Massachusetts Institute of Technology (MIT) and Taipei Tech are coming together to jointly established City Science Lab @ Taipei Tech.
“Through developing advanced AI technology and big data system, we plan to make Taiwan the island of high-end technology,” said Yao Leehter, Taipei Tech Chair Professor of the Department of Electrical Engineering.
Yao indicated that Taipei Tech alums highly support the lab. The lab also collaborates with Kent Larson, the leader of MIT City Science Lab, the City Science Lab @ Taipei Tech aims to be an international platform for technology and talent exchange.
Taipei Tech adopts and jointly promotes with MIT to implement the Undergraduate Scientific Research Programme. Known as UROP, the programme provides sufficient resources for students and cultivates a new generation of scientific researchers. The collaboration was initially rolled out in 1969 by MIT’s first President, William Rogers.
For students to learn the most modern and state-of-the-art technology applications, the lab provides advanced equipment for R&D purposes, such as mobile robots. The agile, mobile robot can adapt to complex terrains and is equipped with LIDAR, infrared, and stereo vision sensors, which can draw 3D point cloud maps in real-time and detect and dodge obstacles. The mobile robot is used in decommissioned nuclear power plants, factories, construction sites, and offshore drilling oil platforms. Another mobile robot use case is for patrol, troubleshooting, and leak detection.
In addition, the lab also showcased its R&D results which are the AI robotic fish to the advanced instrumental equipment. The robotic fish is a streamlined robot designed to resemble a real fish. The fish robot comprehends and mimics the motion model of swimming fish through machine learning.
The robot can swim underwater in a simulated way. To perfectly mimic the fish movement, researchers have spent significant time collecting massive movement data from real fish, documenting, and analysing the swimming performance. Afterwards, they utilised AI technology and programme coding to control the motoric movement of the robotic fish.
The team then spent a year adjusting the robotic fish to make the swim movement look like a real fish. Machinery fish propulsion efficiency and excellent swimming performance are considered one of the most critical subjects in bionics.
“The robotic fish is useful for biological research and can also be used to carry out underwater operations and examine water quality,” said Yao.
Recently, the fish robot was involved in movie production. During the designing process, the production house team suggested adding a “cloth” on the fish with fish skin and fish scale to make it more lifelike. The company also came up with the idea to use a magnet to stick the fish scale on the body of the robotic fish. Taiwan Textile Research Institute and the local design research group joined the brainstorming and production process to finish the golden fish’s final look onscreen.
Moreover, The Campus Rover, developed by the team of Professor Yao in cooperation with the Taipei Tech Department of Industrial Design, demonstrated practical AI applications in real life. For example, campus or express hospital service can use the self-charging robot to ensure delivery safety.
Around 30,000 rural homes and communities will soon have access to faster and improved connectivity with an expansion of the Rural Capacity Upgrade programme. 21 new contracts have been signed by Crown Infrastructure partners to accelerate upgrades to towers and broadband connections in areas with poor coverage.
The announcement was made by the Minister for Rural Communities, Damien O’Connor, and the Minister for the Digital Economy and Communications, David Clark. This round of the Rural Capacity Upgrade will see many existing towers upgraded and new connections established in rural areas experiencing poor performance. Areas that will benefit from these improvements include, but are not limited to, settlements in the Far North, Gisborne, the Manawatu-Whanganui region, Taranaki, Southland, and Waikato.
The project is expected to significantly boost the economic productivity of homes and businesses with a slow, unreliable, or unusable connection, Clark noted. The government is committed to improving rural connectivity and is on track to see 99.8% of New Zealanders receive access to improved broadband because of the Ultra-Fast Broadband rollout, Rural Broadband Initiative, the Marae Digital Connectivity programme, and the Mobile Black Spot Fund by the end of 2023, he explained.
The investment in rural connectivity will work alongside Land Information NZ’s rollout of the Southern Positioning Augmentation Network (SouthPAN) service. As OpenGov Asia had reported earlier, SouthPAN is the Southern Hemisphere’s first satellite navigation augmentation service. It will improve the availability and accuracy of positioning, taking it from 5-10 metres to as little as 10 centimetres across the country.
This will boost rural productivity through precision agriculture and horticulture, fenceless farming, and improve the safety of search and rescue in the backcountry. The government, along with private sector contributions, has invested more than $2.5 billion into improving digital connectivity to date.
The government has also released “Lifting Connectivity in Aotearoa”, which sets out the high-level connectivity vision for New Zealand over the next decade. This includes the goal that all New Zealanders have access to high-speed connectivity networks, and that the country is in the top 20% of nations with respect to international connectivity measures.
Last month, the government launched the Remote Users Scheme to provide broadband and connect New Zealand’s most remote communities. Clark had announced the scheme, noting that it would equip as many remote households as possible with the connectivity infrastructure needed to access broadband services. As reported on OpenGov Asia, the Remote Users Scheme will help connect people to online health services and educational tools. Through Budget 2022, $15 million was allocated towards funding the scheme, as part of the broader $60 million rural connectivity package announced earlier in the year.
The Crown Infrastructure Partners (CIP), which was established by the government, will administer the Remote Users Scheme and is calling for applications from potentially eligible households and communities. A request for proposal from Internet service providers will follow. It is expected that new broadband connectivity infrastructure for the eligible areas and households can begin being built in mid-2023.
In a process that could be compared to travelling through a wormhole, researchers from the Massachusetts Institute of Technology, California Institute of Technology, Harvard University, and other institutions sent quantum information across a quantum system. The Sycamore quantum processor device was used in this experiment, which pave the way for more quantum computer research into gravitational physics and string theory in the future.
Calculations from the experiment showed that qubits moved from one system of entangled particles to another in a model of gravity, even though this experiment didn’t produce a disruption of physical space and time in the sense that might understand the term “wormhole” from science fiction.
A wormhole connects two far-off regions of spacetime. Nothing is allowed to travel through the wormhole in the general theory of relativity. But in 2019, some scientists hypothesised that an entangled black hole-created wormhole might be passable.
By introducing a direct interaction between the distant spacetime regions and using a straightforward quantum dynamical system of fermions, physicists have discovered a quantum mechanism to make wormholes traversable. This type of “wormhole teleportation” was also created by researchers using entangled quantum systems, and the outcomes were confirmed using classical computers.
In this experiment, researchers used the Sycamore 53-qubit quantum processor to teleport a quantum state from one quantum system to another to send a signal “through the wormhole.” The research team had to find entangled quantum systems that behaved as predicted by quantum gravity while also being small enough to run on current-generation quantum computers.
Finding a simple enough many-body quantum system that maintains gravitational properties was a key challenge for this work. The team gradually reduced the connectivity of highly interacting quantum systems using machine learning (ML) techniques to accomplish this. Each example of a system with behaviour that is consistent with quantum gravity that emerged from this learning process only needed about 10 qubits, making it the ideal size for the Sycamore processor.
It was crucial to find such tiny examples because larger systems with hundreds of qubits would not have been able to function on the quantum platforms currently in use. The team observed the same information on the other 10-qubit quantum system on the processor after inserting a qubit into one system and sending an energy shockwave across the processor after doing so.
Depending on whether a positive or negative shockwave was applied, the team measured how much quantum information was transferred between two quantum systems. The researchers demonstrated that a causal path between the two quantum systems can be established if the wormhole is kept open for enough time by the negative energy shockwaves. It is true that the qubit that was inserted into one system also appears in the other.
The team then used conventional computer calculations to confirm these and other properties. Running a simulation on a traditional computer is not like this. A conventional simulation, which involves the manipulation of classical bits, zeros, and ones, cannot create a physical system, even though it is possible to simulate the system on a classical computer and this was done as described in this paper.
Future quantum gravity experiments could be conducted using more advanced entangled systems and larger quantum computers because of this new research. This research does not replace direct observations of quantum gravity, such as those obtained through the Laser Interferometer Gravitational-wave Observatory’s detection of gravitational waves.
Dr Andrew Lensen from the School of Engineering and Computer Science and Dr Marcin Betkier from the Law School are eager to ensure AI has a significant role in the justice system. The researchers based in New Zealand built an Artificial Intelligence (AI) algorithm that predicts the length of court sentences.
But the question that may arise is whether the AI algorithm is fair enough to hand down the sentences. In the current justice system, society trusts judges to hand down fair sentences to the accused based on their knowledge and experience.
But how about AI? Can it judge better because it can eliminate the potential for bias and discrimination? And can AI substitute the judge’s knowledge and experience with its ability to analyse and predict large amounts of data?
Dr Andrew is optimistic that AI can help better sentencing performance in the court. The confidence comes from the use of AI to predict some criminal behaviour, such as financial fraud. Even though he has not tested the algorithm model in the courtroom to deliver sentences, he is confident in his idea that AI can have a role in the sentencing process.
Dr Andrew says when judges handle a case in the court, they have some “inconsistency” when passing a sentence for a convicted criminal. The inconsistency comes from a judge’s consideration of individual circumstances, societal norms and the sense of justice.
The moral decision and the sense of humanity are based on their experience and even sometimes change the law. Each judge uses their prudence in deciding the outcome of a case. Another “undesirable inconsistency” occurs as bias or even extraneous factors like hunger. Research in Israeli courts has shown that the percentage of favourable decisions drops to nearly zero before lunch.
Judges must ensure similar offences should receive similar penalties in different courts with different judges. Usually, to enhance sentence consistency, the justice system has prepared guidelines as a reference. This inconsistency area is the pain point where AI can help.
How AI Helps Judges
Most modern AI is machine learning, a machine learning algorithm that could learn the patterns in a database to predict patterns and outcomes. Therefore, AI can provide better sentence suggestions after the computer algorithm learns the patterns within a set of data.
Dr Andrew’s machine learning algorithm trained with 302 New Zealand assault cases. The sentences in those cases are between 0 and 14.5 years of imprisonment. The model quantifies sentences based on certain phrases and terms when calculating the sentence. Then the algorithm built a model that can predict the length of a sentence for a new case and explain why it made certain predictions.
The relatively simple model worked quite well within the average error of the model in under 12 months. The model associates the words or phrases such as “sexual”, “young person”, “taxi” and “firearm” with longer sentences. While shorter sentences were given to cases with words like “professional”, “career”, “fire” and “Facebook”.
Beyond Decision Making
In the future, AI could be used as an evaluation tool for judges. They could understand better their sentencing decisions and perhaps remove extraneous factors. The models also have the potential to be used by lawyers, providers of legal technology and researchers, to analyse the sentencing and justice system. Moreover, AI also can be used for controversial sentences and help create some transparency around controversial decisions.
Of course, the use of AI in the justice system may still be controversial. Most people are still keen that the final assessments and decisions on justice and punishment should be made by human experts. But maybe it is the right time need to give an opportunity to an “algorithm” or “AI” in the judicial system for the common good.
New Zealand is not the only country that explores the use of Artificial Intelligence (AI) in courtrooms. Several other countries like China and Malaysia have done similar things. In China, robot judges can decide on a small case. While in Malaysia, some courts have used AI to recommend sentences for offences such as drug possession.
Da Nang city has topped digital transformation rankings for the third time so far and has been awarded the Best Vietnam Smart City Award 2022. The Vietnam Software and IT Services Association (VINASA) organised the event in Hanoi. The jury was chaired by the former Minister of Science and Technology, Nguyen Quan. The award was among the 43 given to cities, enterprises, and products considerably contributing to smart city building and national digital transformation.
Da Nang also received prizes for smart governance and management, smart transportation and logistics, startup and innovation city, and city with smart applications serving citizens and enterprises. Da Nang has implemented a number of technology-based applications and initiatives to aid public administration and enhance the quality and delivery of public services.
At the beginning of the year, Da Nang became the second city in Southeast Asia to deploy chatbot tech for tourism. As OpenGov Asia had reported, in an attempt to increase the variety of tourist self-service tools and information channels, the municipal Tourism Department coordinated with a private artificial intelligence (AI) developer to create and pilot Chatbot Danang Fantasticity, the first automatic tourism information search and support channel via text message conversation in Vietnam.
In September, an ambulance journey supervision and management utility was launched on DanaMap or the Danang Smart City application in the central city of Da Nang. The utility allows the municipal Emergency Centre, the Health Department, and residents to monitor the operation of ambulances. The Department is also launching videos that demonstrate how to carry out remote check-ups for patients on ambulances and a database of patients to help doctors check their disease history.
Apart from Da Nang, the cities of Da Lat, Pho Yen, and Dong Xoai were awarded the smart governance and management city award. The central province of Thua Thien-Hue obtained the startup and innovation city award, and Thai Nguyen the award for smart application city serving citizens and enterprises.
Meanwhile, 34 prizes were presented to technological solutions in 17 categories, including administration, transport, environment, health care, agriculture, construction, and tourism. Statistics for smart city building show that the 34 digital solutions have gained over VND 350 billion (US$ 14.3 million) in revenue.
Besides, the jury also selected nine outstanding solutions to grant the five-star rating. These solutions apply advanced technologies including big data, AI, 3D, and virtual reality/extended reality (VR/XR) to help with cities’ governance and management and bring about useful experiences for residents and businesses.
Vietnam has strong digital ambitions and is looking to be a regional digital hub. In 2020, Vietnam approved a National Digital Transformation Programme by 2025, with an orientation toward 2030. The strategy helps accelerate digital transformation through changes in awareness, enterprise strategies, and incentives toward the digitalisation of businesses, administration, and production activities. The plan aims to have 80% of public services at level 4 online. Over 90% of work records at ministerial and provincial levels will be online while 80% of work records at the district level and 60% of work records at the commune level will be processed online.
The Counter Ransomware Task Force (CRTF), which was formed to bring together Singapore Government agencies from various domains to strengthen Singapore’s counter-ransomware efforts, has issued its report.
Singapore’s efforts to promote a resilient and secure cyber environment, both domestically and internationally, to combat the rising ransomware threat are guided by the recommendations in the CRTF report.
According to David Koh, Commissioner of Cybersecurity, Chief Executive of CSA and Chairman of the CRTF, ransomware poses a threat to both businesses and individuals. Economically, socially, and even in terms of national security, it can be detrimental. Both internationally and across domains, ransomware is a problem.
“It requires us to collaborate and draw on our knowledge in a variety of fields, including cybersecurity, law enforcement, and financial supervision. It also necessitates that we work with like-minded international partners to identify a common problem and develop solutions,” David explains.
He exhorts businesses and individuals to contribute as well, strengthening the nation’s overall defence against the ransomware scourge.
Cybercriminals use malicious software known as ransomware. When ransomware infects a computer or network, it either locks the system or encrypts the data on it. For the release of the data, cybercriminals demand ransom money from their victims.
A vigilant eye and security software are advised to prevent ransomware infection. Following an infection, malware victims have three options: either they can pay the ransom, attempt to remove the malware, or restart the device.
Extortion Trojans frequently employ the Remote Desktop Protocol, phishing emails, and software vulnerabilities as their attack vectors. Therefore, a ransomware attack can target both people and businesses.
The ransomware threat has significantly increased in scope and effect, and it is now a pressing issue for nations all over the world, including Singapore.
The fact that attackers operate internationally to elude justice makes it a global issue. Ransomware has created a criminal ecosystem that offers criminal services ranging from unauthorised access to targeted networks to money laundering services, all fed by illicit financial gains.
Singapore must approach the ransomware issue as a cross-border and cross-domain problem if it is to effectively combat the ransomware threat.
Other nations should adopt comparable domestic measures to coordinate their financial regulatory, law enforcement, and cybersecurity agencies to combat the ransomware issue and promote international cooperation.
Three significant results were the culmination of the CRTF’s work. For government agencies to collaborate and create anti-ransomware solutions, they first developed a comprehensive understanding of the ransomware kill chain.
Second, it examined Singapore’s stance on paying ransom to cybercriminals. Third, for the government to effectively combat ransomware, the CRTF suggested the following policies, operational plans, and capabilities under four main headings:
Pillar 1: Enhances the security of potential targets (such as government institutions, critical infrastructure, and commercial organisations, especially small and medium-sized businesses) to make it more difficult for ransomware attackers to carry out successful attacks.
Pillar 2: To lower the reward for ransomware attacks, disrupt the ransomware business model.
Pillar 3: To prevent ransomware attack victims from feeling pressured to pay the ransom, which feeds the ransomware industry, support recovery.
Pillar 4: Assemble a coordinated international strategy to combat ransomware by cooperating with international partners. Singapore should concentrate on and support efforts to promote international cooperation in three areas that have been identified by the CRTF: law enforcement, anti-money laundering measures, and discouraging ransom payments.
The appropriate government agencies will take the recommendations of the CRTF under consideration for additional research and action.