Singapore’s Cybersecurity Bill which aims to strengthen the protection of Critical Information Infrastructure (CII) was passed into law on February 5.
The Bill provides a framework for the regulation of CII and formalises the duties of CII owners in ensuring the cybersecurity of their respective CIIs. It also provides the Cyber Security Agency of Singapore (CSA) with powers to manage and respond to cybersecurity threats and incidents, along with establishing a framework for the sharing of cybersecurity information with and by CSA, and the protection of such information. Another objective of the Bill is to establish a light-touch licensing framework for cybersecurity service providers.
In July 2017, the Ministry of Communications and Information (MCI) and the CSA released a draft version of the Bill and invited public feedback. The original submission deadline of 3 August 2017 was extended in response to requests for more time to provide feedback. 92 submissions were received from a wide and diverse range of stakeholder groups at the close of the public consultation on the draft Bill from 10 July to 24 August 2017.
MCI and CSA revealed their responses to the feedback in November last year, providing clarifications on issues such as designation of CIIs and duties of CII owners. MCI and CSA also said that they would work closely with sector regulators to streamline and harmonise the obligations of CII owners under the Bill with their respective sectoral regulations.
During the closing speech for the Second Reading on Cybersecurity Bill 2018, Dr Yaacob Ibrahim, Minister for Communications and Information, answered several questions from Members of the Parliament on different aspects of the Bill.
Scope of the Bill
Some members asked about the application of the Bill to systems located overseas which are providing essential services. Minister Ibrahim replied that while Singapore may be able to work with these international organisations to ensure the cybersecurity of the systems, they cannot be controlled by designating them as CII as they are outside Singapore’s jurisdiction. There may also be potential conflicts with other countries’ regulatory regimes.
Minister Ibrahim highlighted the Government’s efforts to develop strong international partnerships and linkages with overseas Computer Emergency Response Teams (CERTs) to facilitate investigations of cybersecurity threats and incidents that may originate overseas.
Since CII owners often work with vendors, the Minister said that CSA will work with the sector regulators and CII owners to define the boundaries of the systems that will be designated as CII, on a case-by-case basis. He also clarified that CII owners are ultimately responsible for the cybersecurity of their respective CII. CII owners should carry out the necessary risk assessments and due diligence while deciding on vendors to engage and conditions to impose on them.
There was also a suggestion to establish an accredited framework for a national cybersecurity audit for CII stakeholders. For now, CSA plans to rely on existing sector audit regimes to ensure that the security measures are effective in protecting the CII, as an additional layer could potentially result in CII stakeholders experiencing audit fatigue. CSA will provide audit guidance to auditors and track the audit outcomes, to ensure an acceptable standard of practice.
Determination of Essential Services and CII
CII are identified as computers and computer systems that are necessary for the continuous delivery of essential services, the loss or compromise of which would have a debilitating effect on the availability of the essential services in Singapore. For each sector, CSA worked closely with the relevant sector regulator to identify the essential services within the sector, as well as the computers and computer systems.
Higher education and research institutions are not considered essential services at this point in time. However, Minister Ibrahim said that new essential services may arise in the future, and the Minister may amend the list of essential services if necessary.
He also clarified that organisations are not required to make self-assessments as to whether their computer or computer systems fulfil the criteria of a CII. Prior to designating a computer or computer system as a CII, CSA will consult its owner and the relevant sector regulator. The identified organisations will be notified in writing. CII owners will be given an opportunity to submit representations to the Commissioner (the Chief Executive of CSA will be appointed as the Commissioner) or appeal to the Minister against the designation. The Minister’s decision on an appeal will be final. The process for identifying and designating new CII in the future will be similarly considered and consultative.
Reporting requirements for CII owners
Questions were raised whether incident reporting and investigation requirements could be too onerous for CII owners, especially when they are potential victims of cyber-attacks. In reply, the Minister mentioned that there is no intention to take action under the Bill against CII owners for cybersecurity breaches so long as they comply with their obligations.
CII owners are required to establish mechanisms and processes to detect cybersecurity threats and incidents and to promptly report incidents to the CSA. There is no obligation for a CII owner to report a cybersecurity incident in respect of other infrastructure that it owns, where such infrastructure is not connected to the CII. They are also required to cooperate with CSA during the investigation. When exercising investigative powers, the Commissioner will be mindful that the owners of the computer systems in question are typically also victims. CSA will be providing further details to guide CII owners in incident reporting, such as relevant forms and
The Minister rejected a suggestion for mandatory reporting of all cybersecurity incidents to the CSA, citing resource requirements for CSA, as well as the companies. All companies, can already voluntarily report cybersecurity incidents to CSA through SingCERT. On top of this, the Bill will provide CSA with powers to investigate cybersecurity threats and incidents pertaining to computer systems in Singapore, including computer systems that are not CII.
There were multiple questions on compliance costs for CII owners and ensuring that those costs do not trickle down to customers. Minister Ibrahim replied that the Government bears much of the cost of strengthening cybersecurity protection and enhancing responses to cybersecurity threats and incidents at the national level. This includes resourcing national-level cybersecurity infrastructure and manpower, conducting regular cybersecurity exercises to validate cybersecurity incident management processes, and deploying National Cyber Incident Response Teams (NCIRT) to respond to cybersecurity incidents.
Many CII owners have already put in place cybersecurity measures arising from regulations in sectors such as banking and finance and infocomm. According to the Minister, the requirements under the Bill have been carefully scoped and are considered not too onerous.
The Minister acknowledged that there might still be cost implications for some CII owners. MCI and CSA will not provide funding to offset the costs of CII obligations which are regulatory requirements. However, they will work with sector regulators to streamline the cybersecurity audit and incident reporting processes in order to harmonise cybersecurity requirements. Assistant Commissioners, or ACs, who are senior officers appointed from the 11 CII sectors will play a key role in ensuring that CII owners do not face
conflicting requirements under the Cybersecurity Bill and in sectoral regulations.
Assistance for CII owners
To assist CII owners and their staff in getting ready for the implementation of the Bill, CSA has developed a Cybersecurity Legislation Initialisation Programme for Sector Leads, also termed as CLIPS. CLIPS will focus on establishing clarity on the roles and responsibilities between the sector regulators and the CII owners, and identifying and resolving any operational issue pertaining to the respective sectors. This includes harmonising policies, and streamlining audits and incident reporting processes.
Where necessary, CSA will also give CII owners sufficient time to undertake preparations and planning, prior to issuing the cybersecurity codes of practice or standards of performance for each sector. In addition, CSA currently shares information on cybersecurity threats and vulnerabilities with the CII sectors so that appropriate actions can be taken promptly. The CERTs overseeing specific sectors also issue advisories to the operators in their respective sectors.
Safeguards on Commissioner’s powers
Addressing concerns that the broad investigation powers provided to the Commissioner by the Bill would curtail innovation or intrude into personal privacy, Minister Ibrahim clarified that there are limits to the investigation powers that can be exercised depending on the severity of the threat or incident. While all organisations, regardless of whether they are local or foreign, are required to cooperate with CSA during the investigation of cybersecurity threats and incidents pertaining to computers or computer systems in Singapore, the Government do recognise the need to balance operational expediency with the proportionate and judicious exercise of power.
For example, the Commissioner’s authorisation is required before cybersecurity officers and authorised officers can exercise more intrusive investigation powers. There will also be governance process within CSA to ensure that the investigation powers are exercised responsibly and in accordance with the Bill.
Minister Ibrahim assured that the powers under the Bill are not intended to intrude into privacy. Information and measures required under the Bill mainly target cybersecurity threats and are primarily technical and not personal in nature. For example, to aid in the detection of cybersecurity threats, information such as network logs, indicators of compromise as well as system event and audit logs may be requested.
Development of cybersecurity ecosystem
When asked if the Bill would cover less mainstream cybersecurity services such as white-hat or ethical hackers and if the Ministry could consider encouraging a local community of white-hats, Minister Ibrahim stated that the current focus is on more mainstream or mature cybersecurity services with the potential to cause significant impact on the overall cybersecurity landscape.
The proposed licensing framework is intended to reduce the safety and security risks that cybersecurity service providers can pose. The service providers are required to ensure that their key executive officers are fit and proper persons when applying for a licence.
While only two categories of services, penetration testing and managed security operations centre (SOC) monitoring, are identified to be licensable cybersecurity services, other cybersecurity services will still need to comply with other laws in Singapore, such as the CMA.
However, he acknowledged that there are diverse views on the issue of licensing cybersecurity service providers and growing the cybersecurity ecosystem. On the one hand, there is a call for even individual professionals to be regulated, while on the other hand, some expressed concerns over potential cost implications for businesses.
He clarified that for a start, the licensing framework is deliberately light-touch in view of the need to strike a good balance between industry development and cybersecurity needs. It is also due to the practical challenges to requiring individual cybersecurity professionals to be licensed, given the global nature of the cybersecurity industry.
Also, responding to an enquiry on whether the Government could create a certification system that favours cybersecurity professionals who have a vested interest in Singapore, Minister Ibrahim remarked that Singapore should remain open, and take reference from internationally recognised standards where possible.
Development of cybersecurity workforce
In response to an enquiry on the Government’s plan to grow a pool of cybersecurity professionals, Minister Ibrahim stated that the Government is collaborating with the industry to grow the cybersecurity workforce in Singapore, with Singaporeans continuing to be an important part of it.
The examples Minister gave included:
- The Cyber Security Associates and Technologists (CSAT) programme which CSA and IMDA partner the industry and Institutes of Higher Learning (IHLs) to attract new graduates and convert existing professionals from related fields to a career in cybersecurity.
- The Cybersecurity Professional Scheme (CSPS) under CSA through which officers will be recruited and trained in areas such as cyber forensics and vulnerability assessment, before being deployed to public agencies overseeing CII sectors to assist companies in these sectors with their cybersecurity capabilities.
Regarding the potentials of military-civilian collaborations to build cybersecurity capabilities, Minister Ibrahim shared that CSA already works closely with MINDEF on cybersecurity matters such as technology cooperation, sharing of knowledge and experience, technical support and participation in joint exercises.
Global development and standards
On how Singapore is taking into account global developments and evolving standards to tackle cybersecurity threat, Minister Ibrahim said that in formulating this Bill, the Government studied cybersecurity legislation from other countries and will continue to take reference from internationally recognised standards when developing codes of practice and standards of performance for the different sectors.
Noting that the cybersecurity environment is fast-changing, Singapore will continue to keep abreast of international developments, and review and adjust relevant laws to address new and emerging issues moving forward. Such efforts include active participation at international fora and discussions to develop international cyber norms, bilateral and regional collaborations on cybersecurity and capability development.
Public education and assistance for SMEs
People are often the weakest link, but also the strongest asset in cybersecurity.
Regarding public education efforts to enhance cybersecurity preparedness, the Minister named a few government initiatives. They include: (1) cybersecurity talks and conferences organised by the Cyber Security Awareness Alliance, (2) online cybersecurity resource available on CSA’s GoSafeOnline website, (3) annual Singapore Cyber Landscape report for public awareness.
For initiatives targeting the SMEs, IMDA’s SMEs Go Digital programme can help businesses to adopt cybersecurity solutions, give technical advice on cybersecurity and other digital concerns through IMDA’s SME Digital Tech Hub.
In general, businesses and members of the public can also sign up for SingCERT’s advisories and alerts on cybersecurity threats and incidents.
In conclusion, Minister Ibrahim stated the Cybersecurity Bill is an important legislation to protect the country’s critical information infrastructure and safeguard essential services from disruption by cyberattacks.
He shared that the Bill was developed under careful considerations and takes into the account the interests of the different stakeholders and Singapore’s needs. He assured that the Ministry and Government will continue to work with stakeholders from the public and private sectors to ensure that the laws remain robust and relevant, and beyond this Bill, to raise the level of cybersecurity awareness and develop the cybersecurity ecosystem in Singapore.
Lastly, he also noted that cybersecurity is not just the Government’s responsibility. Instead, all members of the society need to play a role.
The Singapore Tourism Board (STB) and Singapore Association of Convention & Exhibition Organisers & Suppliers (SACEOS) released the MICE Sustainability Roadmap, which outlines specific goals and plans for raising sustainability standards throughout the MICE sector in Singapore over the coming years.
The Meetings, Incentives, Conventions, and Exhibitions (MICE) industry is a type of tourism travel in which groups of people are brought together for a specific reason, usually well in advance. On the other hand, the MICE market refers to a subset of people who plan, arrange, and facilitate conferences, seminars, exhibitions, and other events.
Part of STB’s overarching plan to develop a sustainable tourism sector is the use of such roadmaps, which direct businesses in the sector to achieve specific sustainability goals. Following the launch of the Hotel Sustainability Roadmap earlier this year, the MICE Sustainability Roadmap is the second such project.
The Singapore Green Plan 2030 and the Sustainable Development Goals of the United Nations (UN) serve as the roadmap’s guiding principles. Three goals are listed in the MICE Sustainability Roadmap to help Singapore become one of the most environmentally-friendly MICE destinations in Asia Pacific:
- By 2023, create a set of industry-acceptable sustainability standards with the goal of having them recognised internationally by 2024.
- For all six purpose-built MICE venues and 80% of SACEOS members to get internationally or nationally recognised sustainability certification, or both, by 2025.
- To attain net-zero emissions by 2050 in accordance with the country’s net-zero aim, the Singapore MICE sector must first track waste and carbon emissions by 2023, reduce waste in line with the Singapore Green Plan by 2030, and reduce waste overall by 2050.
The MICE Sustainability Committee (MSComm), established by STB and SACEOS in August 2022 to advance sustainability capabilities and create awareness of sustainability initiatives and best practices, will help the industry adopt sustainable practices and meet these goals.
The dedication to sustainability follows a robust MICE rebound in the wake of Singapore’s borders being reopened in April this year and a rising desire for environmentally friendly business travel. More importantly, the industry is aware of how crucial it is to lessen the environmental impact of MICE events.
With STB and SACEOS leading the charge and offering support as necessary to further develop a sustainable business events landscape in Singapore, the MICE Sustainability Roadmap will ensure that MICE players move forward in pursuing relevant and achievable sustainability goals that are tracked at appropriate milestones.
Meanwhile, OpenGov Asia recently reported that the Infocomm Media Development Authority (IMDA) of Singapore is working with a large American technology company to address climate change-related challenges and enhance the sustainability of digital technologies.
The cooperation aims to hasten the local and international development of software applications and solutions to assist businesses in using their resources more efficiently.
The tech giant and IMDA will exchange best practices, standards, learnings, and certification pathways for accurate measurement and reporting of carbon emissions resulting from software applications. Through this relationship, the nation hopes to speed up the application of the ideas and resources needed to create green technologies.
According to IMDA, Southeast Asia is well-positioned for the region to take the lead in digital sustainability. This collaboration will produce cutting-edge digital sustainability solutions that can be used by multinational corporations, bringing about positive change for the environment worldwide and ensuring a sustainable future for all.
The Hong Kong Polytechnic University (PolyU) and a US-based engineering company signed a Memorandum of Understanding to establish the Centre for Humanistic Artificial Intelligence and Robotics (CHAiR) for translational research with the goal of advancing the well-being of humanity.
The partnership aims to integrate the university’s interdisciplinary research capabilities and the company’s well-known humanoid robotics platform to explore technology applications. Sophia, the company’s most advanced human-like robot, will work with PolyU researchers to enhance the contribution of AI and robotic technology for social and commercial benefits.
Research into and applications of AI and robotics are essential to the advancement of industry. As an interdisciplinary research and development centre, CHAiR brings cross-faculty collaborations in research fields such as AI, the internet of things (IoT), neuroscience, design, computer science, mechanical engineering, material science, healthcare, and the humanities.
In collaboration with the company, CHAiR supports innovation and entrepreneurship in Hong Kong and the Greater Bay Area. The Dean of Graduate School, Chair Professor of Distributed and Mobile Computing, and Otto Poon Charitable Foundation Professor in Data Science will serve as the principal investigator and administrative director of CHAiR. He will also serve alongside the CEO and Founder of the company as a co-chair of the Centre’s steering committee.
The MoU was signed by the Vice President (Research and Innovation) of PolyU and the CEO and Founder of the company. It was Witnessed by the President of PolyU and the Executive Director of the firm.
During the signing ceremony, Sophia made conversation with the guests. She said, “I look forward to learning many new skills and abilities. With your help, maybe I can learn how to be a nurse, a teacher, a concierge, a librarian. You can teach me how to be a better companion, a more skilful artist, a funnier entertainer.”
Meanwhile, the company’s CEO and Founder noted that the new centre is perfectly positioned to refine and improve the performance of Sophia-class robots in ways that promote the growth of a new service robot industry. As soon as the industry begins expanding, investment in improved hardware, software and manufacturing technologies will as well, he noted.
The President of PolyU noted that academia-industry collaboration is one of the most productive mechanisms for creating and implementing innovations. There is tremendous untapped potential for humanistic social robots. Let us aspire that CHAiR will be a major catalyst for the onset of the age of humanistic robots.
The Dean of Graduate School, Chair Professor of Distributed and Mobile Computing, who is also Director of the Research Institute for Artificial Intelligence of Things (RIAIoT), said the Institute has been working on practical solutions to key challenges in advanced AIoT technologies and applications.
He noted that the natural evolution for RIAIoT is to partner with the engineering firm to address increasingly ambitious opportunities in humanistic AI and social robotics. CHAiR will play a unique and key role to combine the firm’s knowledge with world-class academics here at PolyU.
The engineering company is an AI and robotics company dedicated to creating socially intelligent machines that enrich the quality of our lives. Sophia is the world’s first robot citizen and the first robot Innovation Ambassador for the United Nations Development Programme.
The Singapore University of Technology and Design (SUTD) and Tecnológico de Monterrey (Tec) through its Institute for the Future of Education, signed a research collaboration agreement to improve the cyber-physical learning of students and teachers in Singapore and Mexico.
The three-year agreement will see the two parties share practices and experiences in the configuration and usage of cyber-physical learning infrastructure to create new opportunities for educational innovation and research, resulting in new pathways for the future of education.
The SUTD-Tec’s Institute for the Future of Education agreement will foster the exchange and sharing of practices of cyber-physical learning and evaluation of the effectiveness of associated educational delivery models. Both parties will conduct joint experiments involving students and instructors to explore domains such as technology-enabled learning, translational pedagogical innovations, learning analytics, and personalised and engaging learning.
This research collaboration will have its focus on the SUTD campusX initiative, which focuses on the needs and experiences of students and instructors using data analytics and learning sciences with the purpose of creating a safe, inclusive, and enjoyable space for students to learn, interact and optimise their learning outcomes.
With regards to the campusX and its impact on the future of education, SUTD’s Provost stated that both Tec and SUTD share a common vision of cyber-physical learning, with similar interests and understanding of the challenges in areas of applying human-centric technology and design to the practice of pedagogy and andragogy in actual higher learning environments. This forms a strong basis on which many more projects can be conducted between Tec and SUTD. The current research collaboration is an important start and SUTD looks forward to furthering the partnership with Tec in years to come.
He noted that, similarly, SUTD also looks forward to working with more like-minded partners across academia and industry and from local and global landscapes to make cyber-physical learning a reality.
Speaking about the research collaboration between the two renowned higher education institutions, the Rector for Higher Education of Tecnológico de Monterrey expressed his satisfaction with the signing of the agreement and said that to advance in current-day education challenges and design the future of education, collaboration is key.
He noted that Tec has pioneered educational innovation in Mexico and Latin America, and they aim to expand their projects and initiatives to have an increasingly global relationship and impact. An initiative aimed at strengthening links with Asia is being developed; these collaborations with them will extend to the areas of research, education, and technology.
Furthermore, the Executive Director of the Institute for the Future of Education of Tecnológico de Monterrey emphasised the importance of this kind of agreement between both universities. He noted that conducting joint experiments to evaluate innovative cross-border educational models will be key to developing effective cyber-physical learning environments.
The collaborative project with SUTD’s campusX initiative will increase learning opportunities for global higher education audiences, capitalising on the intercultural exchanges between Singaporean and Mexican students and professors, and developing best practices with an international perspective, he added.
The research activities framed in this agreement are slated to begin in the first quarter of 2023 and the experimental and simulated learning environment trials will result in the identification of best practices in digital education delivery models supported by effective cyber-physical technology platforms.
The Indian Institute of Technology, Madras (IIT-Madras) has launched an online masters in technology (MTech) course for working professionals, allowing candidates to pursue the educational qualification while working. According to a statement, the tailor-made online programme for qualified engineers is gaining popularity and over 600 working professionals have already enrolled for the three-year course.
The MTech degree includes programmes on communications, VLSI and analog circuits, microelectronics, multimedia signal processing, software security, automotive engineering, mechanical design, interdisciplinary programmes in quantum technology, and data sciences.
IIT-Madras is the first IIT to offer an MTech course in a distance learning mode through its Centre for Continuing Education. “The students of this programme have the same rights and privileges as regular students. The working professionals can carry out the project work at their workplaces. They do not need any residency as compared to sponsored candidates,” a representative from the IIT-Madras said. From only 14 candidates in 2020, the number has shot up to 605 this year.
IIT-Madras faculty, teachers from other premier academic institutions, and eminent industry professionals will be conducting the classes. Apart from online classes, which are held in the evening, students will also have live interaction with their faculty members. Students will give exams in the same city as their offices. In terms of the evaluation method, a problem statement will be evaluated and approved by IIT-Madras faculty. A mentor will guide the student at their workplace. The student’s progress will be jointly evaluated by faculty from IIT-Madras and the mentor. The faculty member will approve the problem statement and review the progress.
In September, IIT-Madras launched an industry-oriented Online Certificate Programme on e-mobility for working professionals. Four out of the nine modules in the programme are delivered by industry professionals. The programme was conceived with inputs from industry experts and would be continuously upgraded based on technology trends, market trends, and industry needs, the Institute noted.
The course is offered through IIT-Madras’ Centre for Outreach and Digital Education (CODE). It provides an overview of the e-mobility ecosystem and fundamentals in technical areas like vehicle development, power electronics, battery engineering, thermal management, power trains, and EMI/ EMC, among others. The programme contains 120 hours of video classes and 40 hours of online contact classes with the faculty. The candidates need to complete regular assignments and a final evaluation, after which they will receive a certificate. The first cohort started at the beginning of October.
In November, the Institute partnered with United States-based Purdue University to jointly develop a dual-degree programme in semiconductors. As OpenGov Asia reported, the programme focuses on an innovative, cooperatively developed curriculum to meet the growing needs of the industry. Undergraduate students with strong academic credentials and a deep interest in semiconductor devices, chip fabrication, and circuits and systems will be considered. The programme will enable a quick ramp-up of skilled talent, preparing the next generation of the semiconductor workforce. The partnership would also entail research collaboration in semiconductor supply-chain management, chip design, packaging, system architecture, and advanced manufacturing methods
Australia’s national science agency, CSIRO, recently revealed details of an AU$15 million project to develop a national soil information system, aimed at improving the sustainable management of one of the nation’s most precious assets.
Supporting the National Soil Strategy, and funded by the Australian Government’s Department of Agriculture, Fisheries and Forestry, the Australian National Soil Information System (ANSIS) project is a collaboration between the government, research organisations, industry, the private sector and the community.
Using innovative processes and technologies, ANSIS will allow improved sharing of nationally consistent soil data and information through online access for users. This will help Australians to better understand their nation’s diverse range of soils and make better decisions about managing our important soil resources. Currently, soil data is collected using different methods, by different organisations, and at a range of depths in the soil. This makes it hard to access, compare and use data from diverse sources.
The Project Lead at CSIRO stated that improving access to the best soil data and information can help promote digital agriculture innovation and is key to sustainably managing Australia’s soils. By using ANSIS, farmers and agricultural advisors will have access to more soil data and be better placed to more sustainably manage the soil on which they rely.
Soil is vital to agricultural production and natural environments, as well as health and well-being. This information system will help everyone care for this important natural resource. Productive, healthy, and resilient soil means more economic, environmental, and social benefits to Australia. Monitoring soil also helps scientific understanding of how the natural world is changing.
This work will provide insight into biodiversity, water resources, landscapes and coastlines, fauna, climate, and geology. By harmonising Australia’s soil data, we can make it accessible across many fields of science and exploration. The project is being delivered under the Federal Government’s National Soil Strategy, which is about prioritising soil health, empowering soil innovation and stewards, and strengthening soil knowledge and capability. The new ANSIS system will be available for use in 2023.
ANSIS will provide improved access to nationally consistent soil data and information needed to help sustainably manage Australian soil. ANSIS will provide:
- More soil data
- More data sets are available that in other soil systems
- Enables more certainty in products developed
- Opportunity to develop new products
- Improved access
- Multiple data sets are now discoverable and accessible
- National coverage
- Most up-to-date data available
- Efficient provision
- Organised and standardised data for immediate use
- Can feed into many users’ requirements
- Consistent delivery
- Substantial reduction in time to prepare information products
- Trusted location
- Certainty that data is from an authoritative source, verified and satisfies standards.
The country has established the Indonesian Aviation Sector Computer Security Incident Response Team (IAS-CSIRT) to strengthen cybersecurity. The team will report to the Ministry of Transportation’s Director General of Air Transportation.
To anticipate system vulnerabilities, identify opportunities for bad actors to exploit, and reduce the risk of cyber incident threats, the aviation sector required a dedicated cybersecurity team. The CSIRT will regularly publish information on vulnerabilities, security, and new technology trends. The team is also prepared to face various escalating challenges. Members of the CSIRT will be trained through cyber drills and workshops.
The team is in charge of receiving, reviewing, and responding to cyber incident reports and activities with the function of providing reactive services by performing incident coordination, incident triage, and incident resolution.
During the IAS-CSIRT inaugural speech, the Deputy for Cybersecurity and Economic Cryptography of the National Cyber and Crypto Agency (BSSN), Markos, said that the aviation industry increasingly relies on digital technology for flight operations, ground services, communications navigation and surveillance, airport infrastructure, air traffic management, and supply chain.
Therefore, cybercrime prevention and management are crucial for many parties, including aviation service providers. F. Budi Prayitno, the Director of Aviation Security at the Ministry of Transportation, outlined the importance of cyber defence since cybercrime has resulted in considerable losses across sectors. “Effective cyber-crime prevention and management necessitate the collaboration of various cyber security stakeholders who already have a CSIRT,” said Budi. The BSSN contributed to the formation of the IAS-CSIRT.
Markos hopes that the IAS-CSIRT will be able to collaborate, synergise, and share information with various stakeholders and other cybersecurity constituencies in Indonesia, particularly in the handling and recovery of cyber incidents.
BSSN wants other sectors to form a CSIRT as well. The IAS-CSIRT was established for the first time (IIV) following the issuance of Presidential Regulation 82 of 2022 concerning the Protection of Vital Information Infrastructure. Sector IIV prioritises the CSIRT because it manages various strategic information assets related to community survival, national stability, and sovereignty.
Before the inauguration, BSSN signed a memorandum of understanding (MoU) and cooperation agreement with state-owned Aviasi Wisata Indonesia (InJourney Group) to support the tourism industry. In addition, cooperation on information protection and electronic transactions intends to improve the quality of information protection and electronic commerce.
The agreement’s scope includes information and communication technology security, the use of electronic certificates to improve electronic transaction security, the improvement and development of human resources, the exchange of information, and cybersecurity campaigns and literacy.
At the signing ceremony, the Head of the National Cyber and Crypto Agency (BSSN), Hinsa Siburian, emphasised the importance of synergy and collaboration to recover the Indonesian aviation and tourism industry through a reliable and safe digital transformation.
Furthermore, between January and November 2022, BSSN detected over 1.14 million traffic anomalies across all InJourney Group assets. BSSN said the most anomalies were discovered in August, with 235,742 events.
The collaboration is expected to make digital information transactions and exchanges more secure and leak-proof. The rapid advancement of digital technology presents an opportunity for Injourney to gain trust and confidence in the Indonesian tourism industry. However, as a result, it must be balanced with maximum data, information, and electronic transaction security.
China Provincial Development and Reform Commission announced the list of the second batch of digital transformation promotion centres in Liaoning Province. There are 13 additional provincial-level digital transformation promotion centres to help small and medium-sized enterprises improve transformation capabilities, reduce transformation costs, and shorten transformation cycles. There are currently 29 digital transformation promotion centres in the province, in addition to the previously announced first batch of lists.
The centres will assist the government in promoting digital construction in Liaoning and cultivating a digital transformation ecology. The programme is under the construction of the second batch of digital transformation promotion centres in Liaoning Province according to the Provincial Development and Reform Commission. The listed enterprises in this programme are based on self-declaration and recommendations from provincial and municipal departments. Experts then review the voluntary requests before being finalised and publicised.
According to the Provincial Development and Reform Commission, the digital transformation promotion centre should fully integrate resources to assist small and medium-sized enterprises.
The province government will provide transformation tools, products, technologies, and customised solutions to support business digital transformation and development. The centre promotes traditional businesses, internet platform enterprises, industry platform enterprises and financial institutions.
The government also promotes collaborative innovation in industries, education, medical care, employment, elderly care, and other fields. Companies participating in the programme will use the projects as a starting point to develop digital technology application scenarios. Participants in the programme are also permitted to complete personnel training with universities and colleges and vocational training and education.
The Provincial Development and Reform Commission will regularly evaluate provincial-level digital transformation promotion centres. The results will be used to recommend applicants for national-level digital transformation promotion centres.
China is currently driving the country’s digital economy. In early November, the General Office of the Ministry of Industry and Information Technology issued the “Guidelines for the Digital Transformation of SMEs.” The regulation aims to fully implement the Party Central Committee’s and State Council’s decision-making deployment to encourage SMEs to improve their overall strength and core competitiveness through digital transformation.
The General Secretary of the Communist Party of China, Xi Jinping, stated that “small and medium-sized enterprises can do great things.” He also emphasised the importance of grasping the direction of digitisation, networking, and intelligence. Moreover, promoting the digitisation of manufacturing, service industries, agriculture, and other industries is also necessary.
The guidelines aim to implement Party Central Committee and State Council decision-making and deployment, strengthen policy coordination, strengthen scientific guidance, deepen transformation awareness, and gather work synergy. The report also needed to promote high-quality economic development through the digital transformation of small and medium-sized businesses. The effort also had to be consistent with the overall economic and social digital transformation trend.
Furthermore, China will use the guidance to increase specialisation and new development of small and medium-sized businesses. The government intends to expand the use of digital technology in various sectors, including research, production, supply, marketing, and clothing. They plan to empower and refine products, increase value, plus accelerate technological innovation and new development in small and medium-sized businesses.
Another role of guidance is strengthening the digital transformation system and the comprehensive path of small and medium-sized businesses. Digital transformation is a multifaceted, cross-cutting project. The guidelines thus aid transformation from the demand side, the supply side, and local governments at all levels. All interested parties can use the guidelines to clarify their positioning and path and strengthen the collective force of transformation.