The U.S. National Institute of Standards and Technology (NIST) has drafted a set of cybersecurity criteria for consumer software in an effort to improve consumers’ ability to make informed decisions about the software they purchase. The criteria in this document are based on extensive input offered to the NIST workshop and position papers submitted to NIST, along with the agency’s research and discussions with organisations and experts from the public and private sectors.
The document, “Draft Baseline Criteria for Consumer Software Cybersecurity Labeling”, forms part of NIST’s response to the Executive Order (EO) on Improving the Nation’s Cybersecurity. The EO specifies that NIST “shall identify secure software development practices or criteria for a consumer software labelling program” — criteria that reflect a baseline level of cybersecurity and that focus on ease of use for consumers.
We are establishing criteria for a label that will be helpful to consumers. The goal is to raise consumers’ awareness about the various security needs they might have and to help them make informed choices about the software they purchase and use.
– Michael Ogata, NIST computer scientist
Part of the challenge is the sheer vastness and variety of the consumer software landscape. Software is an integral part of life for the modern consumer. Nevertheless, most consumers take for granted and are unaware of the software upon which many products and services rely. While enabling many benefits to consumers, software, too, is subject to cybersecurity flaws or vulnerabilities that can directly affect safety, property, and productivity.
There is no one-size-fits-all definition for cybersecurity that can be applied to all types of consumer software. The risk associated with software is tightly bound to that software’s intended use (both in function and operating environment), as well as its post-deployment configuration.
While NIST’s assignment is straightforward — to establish the criteria that should be the basis for a software label — NIST is not designing the label itself, nor is NIST establishing its own labelling program for consumer software. The EO calls for a voluntary approach, and it will be up to the marketplace to determine which organisations might use cybersecurity labels.
Currently, the agency is seeking public input about the baseline of technical requirements for the software and the related label. As proposed by NIST, in order to qualify for a label, the software provider would first need to meet all of the technical requirements. The document refers to these requirements as “attestations,” or claims about the software’s security, which the document organises into four categories:
- Descriptive attestations — information about the label itself, such as who is making the claims about information within the label, what the label applies to and how the consumer can get more information.
- Secure software development attestations — how the software developer adheres to security best practices. By fulfilling requirements in this category, the provider communicates to consumers that they can be more confident about the development process.
- Critical cybersecurity attributes and capability attestations — features expressed by the software’s functionality, and other attributes that consumers should know, such as whether the software is free from known vulnerabilities or whether encryption is used.
- Data inventory and protection attestations — information about data that consumers may identify as having high cybersecurity-related risk, and the software provider’s descriptions of mechanisms used to protect that data. This data might relate to personally identifiable information, device location information, or any other data the provider has spent time and effort safeguarding.
A software label would not necessarily spell out all of these details, but the overall labelling effort should aim to educate consumers about what the label means and indicate where they can readily get additional information about those cybersecurity attributes.
Researchers at Murdoch University’s Harry Butler Institute have partnered with a global technology leader to deliver novel ways to monitor the environment in remote locations. The monitoring technique provides a wireless solution to observe environmental conditions in areas that lack reliable networks and could pave the way for remote detection of bushfires and other potentially damaging scenarios.
The Harry Butler Institute Business Manager stated that said many remote locations in Western Australia and beyond lacked 3G and 4G internet coverage, posing a challenge for suitable communication solutions. The team has been investigating a cost-effective wireless IoT [Internet of Things] solution known as LoRaWAN, that offers low power, long range, wide area network data sensor technology. The network also succeeds alternatives such as WiFi and Bluetooth, as it doesn’t require cellular network coverage, making it ideal to reach remote areas including national parks.
A pilot program had already successfully moved data between Murdoch University’s South Street campus and the city. Two of the team’s researchers were able to move environmental data such as temperature, soil moisture and air quality data, but also demonstrated further innovation by moving images over LoRaWAN – something this network wasn’t even built for.
This innovative and efficient technology solution could provide researchers and emergency personnel the ability to monitor remote locations from anywhere, at any time. Senior Lecturer David Murray said the pilot has given researchers the confidence to pursue further technological developments to assist in the early detection of smoke and fire.
The team is now determining how cost-effective cameras can be developed to monitor bushfires using artificial intelligence models to identify the risk of smoke and fire, and by sending alerts via a LoRaWAN network, he said.
It was noted that this approach, in addition to weather sensors and low-resolution images that can be sent over the network for manual validation, could alert emergency workers to fire threats much earlier.
The network could also be deployed in other diverse scenarios including animal monitoring, with testing previously conducted at Murdoch to monitor the presence of quenda populations at its South Street campus.
The Pro Vice Chancellor of the Harry Butler Institute stated that the low-cost technology option was an exciting prospect for the future of environmental surveillance. This real-time technology could pave the way for monitoring networks not only in Western Australia but globally, he said.
LoRaWAN provides the option of overcoming limitations, saving time, money and resources and its potential environmental applications, including supporting emergency bushfire personnel and researchers monitoring vulnerable species such as quenda, will be significant.
The project further enhances the partnership between Murdoch University and the global tech leader and strengthens both organisations’ commitment to developing technology that can aid the environment and safeguard the sustainability of the planet.
Australia’s bushfire season currently lasts for 130 days a year, lengthened by almost a month in the past four decades, according to new research. Recent wildfire outbreaks across the globe have sparked concern that climate change is increasing fire incidence, threatening human livelihood and biodiversity, and perpetuating climate change.
Various climate models highlight that the prevalence and extremity of fire weather have already emerged beyond its pre-industrial variability in the Mediterranean as a result of climate change, and emergence will become increasingly widespread at additional levels of warming. Moreover, several of the major wildfires experienced in recent years, including the Australian bushfires of 2019/2020, have occurred amidst fire weather conditions that were considerably more likely due to climate change. The report notes that advances in the observation of fire and understanding of its controlling factors support the addition or optimisation of a variety of processes in models.
The first-ever Innopreneur Experience Journey co-organised by the Federation of Hong Kong Industries (FHKI) and Hong Kong Science & Technology Parks Corporation (HKSTP), aims to gather over 30 students from local secondary schools under a new programme that aims to enable their technology, creativity and new industry.
Over the four days, students will visit various companies and obtain real job experience to develop their understanding of the latest development and opportunities of new emerging industries, cultivate their passion for innovation and technology (I&T) and broaden their horizons and prepare them for further studies and future careers.
The programme has attracted 30 participating companies, which are FHKI member companies and a variety of HKSTP partner companies at Science Park and INNOPARK. The participating companies will offer executive shadowing, site visit and on-the-job experience to the students, demonstrating a concerted effort of industries in fostering future pillars.
The Kick-off Ceremony was held successfully at FHKI headquarters. The Under Secretary for Home and Youth Affairs, and corporate representatives attended the ceremony to witness the students commencing their extraordinary journey.
The FHKI and HKSTP Chairman stated that talent is an indispensable part of building up Hong Kong as an international I&T hub. HKSTP and FHKI are committed to cultivating local talent via various educational events which allow students to be exposed to I&T and related industries at an early stage and be inspired by I&T fellows and industrialists.
The Deputy Chairman one of the sponsoring companies and Chairman of the Hong Kong Innovation Foundation stated that innovation is the key to the long-term success and sustainable development of Hong Kong as our city grows into an international innovation and technology hub.
Talent development is, therefore, particularly crucial. The Hong Kong Innovation Foundation aims to provide a holistic innovation ecosystem, catering to the diverse needs of various sectors of the community. The Deputy Chairman thanked partners at the Federation of Hong Kong Industries and the Hong Kong Science Park for developing this important platform.
The Closing Graduation Ceremony, including sharing sessions of participating students and company representatives, will be held on the last day of the journey. To nurture a new generation of young talent for the I&T and industrial sectors, we hope to organise more Innopreneur Experience Journeys in future to create opportunities for students to get exposure to new emerging industries. HKSTP and FHKI will continue to join hands in bringing together people from different backgrounds and experiences, creating a diversified and vibrant I&T and industrial ecosystem in Hong Kong.
InvestHK notes that talent is a crucial factor in growing the economy, and nurturing a powerful, talented I&T generation is viewed as the priority. As such, Hong Kong is investing resources into STEM teaching and innovation in every phase of education from primary to secondary and tertiary.
The HKSAR Government and other relevant institutions have launched various funding schemes/programmes to support the I&T sector. The Innovation and Technology Fund (ITF), administrated by the Hong Kong Innovation and Technology Commission (ITC), includes different schemes to support I&T research activities; facilitate technology adoption; nurture technology talent; support technology start-ups and foster an I&T culture.
Both the Hong Kong Science and Technology Parks and Cyberport have set up individual incubation/acceleration programmes and funding schemes for assisting I&T start-ups and nurturing talent.
Other industry-specific schemes that target the I&T development of segments such as environment protection, construction, logistics, Chinese medicine and transport are being rolled out. Moreover, there are schemes tailor-designed for small-to-medium enterprises (SMEs) regarding market development and loan guarantee as far as their I&T activities are concerned.
Singaporeans, particularly those who enjoy benefiting from and contributing to the wisdom of the crowd or sharing their thoughts on government policies, will undoubtedly enjoy CrowdTaskSG, a newly created crowdsourcing web service that taps Singaporeans’ collective knowledge.
Citizens will discover many possibilities to contribute their ideas and feedback to government entities on CrowdTaskSG. Citizens can take part in various tasks, such as surveys on government policies and national identity. Citizens may also be assigned duties to test prototype items, such as new government websites, and provide comments on areas for improvement.
The portal is a one-stop shop, collecting duties from across the government and making them easily accessible to those who are interested. With their Singpass account, all Singapore citizens and Permanent Residents aged 18 and over can use the portal.
Aside from hearing people’s ideas, the procedure is intended to be enjoyable. The app’s goal is to be as enjoyable as popular online games. Users can earn virtual coins by completing activities on CrowdTaskSG and trade them for real-world rewards such as coupons.
Recognising that Singaporeans are the ultimate users of government services, agencies have begun including the public early in the workflow of product or policy production to ensure that their opinion is considered from the outset. GovTech believes that citizens are co-creators in building a strong society.
The current crowdsourcing scene may be seen as fragmented, making it difficult for Singaporeans to have an overview of all the options available, while agencies struggle to discover the correct target participants. CrowdTaskSG addresses these difficulties by consolidating all government crowdsourcing jobs on a single website.
To reach their desired demographic, agencies can also use the tailored assignment tool. For example, if they want to test how user-friendly a product is for elderly users, they may quickly screen for older volunteers.
The CrowdTaskSG team is also trying to expand the number of tasks available, such as polls and A/B testing, and is reaching out to other agencies to learn how the platform can better support their crowdsourcing initiatives.
In addition, GovTech is all about using technology to make everyone’s lives better. CrowdTaskSG is based on the idea that Singaporeans are not only people who benefit from things but also people who can make important contributions.
The agency is asking everyone in the country to help solve problems by using their knowledge and skills. They are hoping that the input and ideas of the public will be the best part of the government’s next digital product.
Meanwhile, OpenGov Asia reported earlier that more users are finding it easy to do business in their native language now that Singpass supports Singapore’s four official languages, which are English, Tamil, Malay, and Chinese. By choosing their preferred language in the app’s settings, more users can enjoy the convenience of doing transactions in their native language. It was also the job of the legal divisions and other government departments to make sure that the texts follow the rules that are already in place.
Even though the multilingual feature has been successfully released, more work needs to be done. When a spreadsheet is used to help with translations, translators can’t see how the app looks and what is being translated side by side. This can slow down translations.
Singpass is one of the eight national strategic projects overseen by GovTech that help Singapore achieve its goal of becoming a “Smart Nation.” Over 2,000 government and business sector services are accessible conveniently and securely online and in person thanks to a Singaporean resident’s digital identification.
The Ministry of Finance has announced it would develop a foundation for a modern and transparent digital financial ecosystem based on big data and open data by 2025. The initiative will be carried out under the Ministry’s digital transformation plan aimed for 2025, with orientations to 2030. It was newly signed by Finance Minister Ho Duc Phoc.
By 2030, the Ministry strives to establish a developed digital financial ecosystem with enhanced cybersecurity and efficiency. The overall objective of the plan is to accelerate digital transformation in tandem with building a sustainable, advanced, and globally-integrated national financial system. The move is expected to boost growth, enhance the resilience of the economy, and maintain macro-economic stability and financial security.
The Ministry will apply fourth industrial revolution technologies and leverage the progress that’s been made with the development of the e-government to transform the finance sector. It will offer more digital financial services to bolster the digital economy and digital society. The finance sector will play a vital role in creating, connecting, and sharing data, digitising platforms, and optimising the digital information of the government, people, and organisations.
The Ministry will cut down the number of public administrative procedures, and reform, simplify, and standardise public financial services to reduce costs and improve service quality and productivity by 2025. Accordingly, the delivery of most public administrative services will be shifted online, providing citizens with a paperless and convenient experience. The Ministry also intends to step up the implementation of the National Single Window system and the ASEAN Single Window system to facilitate trade.
Further, the Ministry has plans to set up a modern, public, and transparent digital financial platform by 2025, based on big data and open financial data. By 2030, the Ministry claimed a digital financial ecosystem will be formed in all fields, ensuring administrative effectiveness and the safety of information. Civil servants and public employees will be trained in digital skills to facilitate the process.
The rate of financial technology adoption in the country is gradually and significantly increasing. The number of subscribers of the government’s Mobile Money initiative has quadrupled since the service was launched in January this year. 67% of these subscribers reside in rural, mountainous, border, island, and remote areas.
As OpenGov Asia reported, subscribers with at least one Mobile Money transaction by the end of June exceeded 1.72 million, accounting for 97.3% of the total. Additionally, the number of households with fibre optic connections in the first half of this year increased by 9% compared to the same period of 2021 and by 17% against that of 2020. According to the Ministry of Information and Communications (MIC), the goal of having 75% of households using fibre optic services this year is achievable. Vietnam also aims to have more than 50% of the population own digital payment accounts.
In deploying Mobile Money, the government has taken advantage of existing infrastructure and data and telecommunications networks. This has reduced social costs and expanded cashless payment channels on mobile devices. Industry experts have stated that the COVID-19 pandemic highlighted the need to universalise digital payments. Regardless of an Internet connection or bank account, and with just phone numbers, users can easily make cashless transactions through their Mobile Money account. The pandemic also greatly boosted the e-commerce market, with non-cash payments accounting for 70% of total retail transactions in Vietnam last year.
While nursing education mainly consists of classroom teaching and clinical practice, face-to-face teaching and clinical placements at medical institutions have been affected as a result of the COVID-19 pandemic. Thus, to develop the training and learning experience of nursing students, a research team led by Dr Justina LIU, Associate Professor of School of Nursing, and Dr Kitty CHAN, Senior Teaching Fellow of the same school, has developed a virtual learning system “Virtual Hospital” that uses virtual reality (VR) technology to offer an innovative experiential approach to nursing education.
Virtual Hospital is the first-of-its-kind virtual learning system in Hong Kong that simulates the complex and chaotic environment of a real-life hospital ward. With a total of 11 games, the system provides five scenarios, namely “Clinical Practicum Orientation”, “Challenges of Delirium”, “Managing Multitasks”, “Prevention of Errors” and “Potential Heart Attack”.
Over 1,200 combinations of randomised situations and multiple choices make it difficult for students to predict the tasks they will be handling, while they are required to provide instant responses to multitasks and make appropriate nursing decisions through assessing a patient’s condition and interpreting their medical information.
It was noted that the majority of existing VR learning systems are skill- and procedure-focused and adopt a single patient management setting. The PolyU-developed Virtual Hospital requires students to handle multiple beds and take care of multiple patients at the same time. Unexpected incidents and clinical pitfalls are generated to test the student’s ability to apply their knowledge and prioritise nursing tasks amid various disruptions within a limited time.
Through VR experiential learning, students can improve the soft skills that are essential for their clinical practice, including situation awareness, flexibility to handle emergencies, as well as decision-making and communication skills.
Virtual Hospital allows users’ responses and decisions to be displayed on a TV monitor for group participation, while their communication with the virtual patients can be recorded for review. By answering multiple-choice questions, the student can reflect on the judgements and decisions made. In addition, the game data and the automated assessment function of the system also provide convenience for teachers in tracking students’ progress and evaluating learning outcomes.
Since its launch in January 2022, Virtual Hospital has benefited over 450 nursing students. With Virtual Hospital, students are provided with a cooperative case-based learning opportunity. Supplemented with current practice on patient simulators, it is hoped that Virtual Hospital can further help students master the skills necessary for clinical nursing and most importantly for reducing errors in actual clinical situations.
The team is pleased that the virtual learning system has received positive feedback from students, and looks forward to incorporating interprofessional and interdisciplinary elements in the future, as well as introducing the system to other nursing institutions in Hong Kong and the Greater Bay Area.
A Year-3 student from PolyU School of Nursing noted that she was impressed by the fidelity of the Virtual Hospital in terms of the environmental details. The VR learning experience strengthened her confidence in clinical practice as the system allowed every student to deal with nursing problems on their own, which helps them better prepare for the stressful work situation faced by nurses in the real clinical environment, she said.
The Cybersecurity and Infrastructure Security Agency or CISA has announced the “Protecting U.S. Elections: A CISA Cybersecurity Toolkit,” which provides state and local election officials with free services and tools to improve the cybersecurity and resilience of their infrastructure.
“I am very proud to announce another valuable resource that can help officials further reduce their cyber risk and improve their security posture,” says Jen Easterly, Director, CISA.
She added that the state and local election authorities must deal with challenges to their infrastructure daily from things like insider threats, malicious actors, and foreign involvement. This is just another tool to aid them in their continuous efforts to maintain the security and resilience of the American election processes.
CISA regularly collaborates with state and local election officials to safeguard their systems as the principal federal agency in charge of election security. In addition, CISA provides several services, information products, and other resources.
As the principal federal agency in charge of overseeing national election security, CISA has assembled a toolkit of free services and tools through the Joint Cyber Defense Collaborative (JCDC) to assist state and local officials, election officials, and vendors in enhancing the cybersecurity and cyber resilience of the U.S. election infrastructure.
The free tools, services, and resources offered by CISA, JCDC members, and other members of the cybersecurity community are included in this toolbox. These free resources were assembled by the JCDC of CISA, which collaborated with organisations from the public and private sectors, including the election community, and JCDC alliance members. The toolkit’s broad categories are arranged to assist election officials: Utilise an Election Security Risk Profile Tool created by CISA and the U.S. Election Assistance Commission to evaluate their risk; locate tools for securing voter data, websites, email systems and networks. Also, safeguard assets from assaults such as phishing, ransomware, and distributed denial-of-service (DDoS).
The most recent tool that CISA and its partners have created to aid the election community is the toolkit. To counteract the disinformation, CISA’s website provides a wealth of information and advice on topics ranging from cybersecurity to physical security for polling places and election officials.
The organisation collaborates with election authorities in all 50 states, the District of Columbia, and the territories to provide cybersecurity services, technical help, and guidance as well as to frequently share relevant and useful information and intelligence.
The following steps should be taken to create the cybersecurity baseline before employing the toolkit to handle risks, according to CISA: Use the free CISA Cyber Hygiene Services Vulnerability Scanning; prioritise patching known exploited vulnerabilities; maintain updated systems and software, adhere to best practices for password management, such as using multifactor authentication and a password manager; and create offline backups of your data.
Meanwhile, the White House Office of Science and Technology Policy (OSTP) is seeking public input on how to safely progress and adopt the Privacy-Enhancing Technologies (PETs). This can enable the future by embracing data-driven technologies like AI while safeguarding privacy.
PETs are tools that let researchers, clinicians, and anyone with permission glean insights from sensitive data without ever having access to the data itself. The fundamental value of PETs lies in their ability to keep data “hidden” from researchers while allowing analysis of that data.
It may enable new types of collaboration and norms for the appropriate use of personal information. Agencies may facilitate greater collaboration across entities, sectors, and borders to address shared concerns, so contributing to the development of solutions in areas such as health care, climate change, financial crime, human trafficking, and pandemic response.
The Philippine Space Agency (PhilSA), the Department of Science and Technology Advanced Science and Technology Institute (DOST-ASTI), and the Bangko Sentral ng Pilipinas (BSP) have begun testing satellite internet service in two rural banks in Batangas province.
“PhilSA and DOST-ASTI will process data to look at the network performance against the actual connectivity needs of the banks. Information from these reports will be utilised by BSP as we move this partnership forward,” says Ma. Victoria Gazmin-Basto, Officer-in-Charge, PhilSA Space Business Development Division.
The stated banks were previously recognised by the Department of Information and Communications Technology (DICT) as being in Geographically Isolated and Disadvantaged Areas (GIDAs), where the installation of new terrestrial networks to improve connectivity may be impractical.
The provision of technical assistance to BSP is consistent with PhilSA’s mandate of assisting other government agencies or departments, as well as the private sector, in carrying out their responsibilities using space science and technology applications and satellite data.
To collect data, a Weather and Performance Monitoring System (WPMS) equipment built by DOST-ASTI was placed up near the two banks. The WPMS includes a network performance monitoring device that is linked to the satellite internet user equipment installed at the banks.
Among other things, the device measures network metrics such as upload and download speeds, throughput, latency, and jitter. Furthermore, the WPMS includes weather stations that monitor meteorological parameters such as rain, temperature, humidity, and pressure at the same time. The obtained data will subsequently be analysed to investigate and evaluate the satellite internet service’s performance and reliability under local weather conditions.
According to Bryan Paler, Senior Science Research Specialist at DOST-ASTI, his agency encourages collaboration with PhilSA and BSP to demonstrate ASTI’s locally developed technologies in applications that benefit the Filipino people.
Aside from the WPMS, they are investigating how they may put other homegrown technologies to use, such as bridging the digital divide and promoting financial inclusion. DOST-ASTI intends to capitalise on the partnership’s benefits in the future by educating people about financial literacy.
The organisations intend to use the digital TV technology and internet infrastructure that they are constructing to teach people in the unserved and underserved areas about financial literacy in addition to doing research on the usefulness and efficiency of satellite internet services for banks. The Philippine government aims to provide rural areas with cutting-edge technology while also teaching residents how to use it for their own benefit. Out of the country’s 1,634 municipalities, 33% or 533, are still unbanked and do not have access to financial inclusion services.
The Philippines believes in satellite technology’s ability to improve connectivity in rural areas, hence increasing banks’ capacity to deliver digital financial services and encourage greater financial inclusion in unserved and underserved areas. Digital financial services such as remittances, bill payments, and opening transaction accounts, among others, would become more inclusive and accessible with improved connections in rural areas.
A Memorandum of Understanding (MoU) has been signed between PhilSA, DOST-ASTI, and BSP to encourage access to high-quality financial services enabled by internet connectivity. As transactions and services move to online platforms, this endeavour will increase digital inclusion.
Internet connectivity is recognised as a crucial enabler of financial and economic inclusion, as financial activities and services migrate to online platforms. As internet connection is increased, banks and other financial service providers will be able to better serve rural areas with additional internet-connected access points, such as automated teller machines and cash agent services.