An international team of researchers has developed a scanning tool to make websites less vulnerable to hacking and cyberattacks. The black box security assessment prototype, tested by engineers in Australia, Pakistan and the UAE, is more effective than existing web scanners which collectively fail to detect the top 10 weaknesses in web applications.
UniSA mechanical and systems engineer Dr Yousef Amer is one of the co-authors of a new international paper that describes the development of the tool in the wake of escalating global cyberattacks.
Cybercrime cost the world US$ 6 trillion in 2021, reflecting a 300% hike in online criminal activity in the past two years. Remote working, cloud-based platforms, malware and phishing scams have led to skyrocketing data breaches, while the rollout of 5G and Internet of Things (IoT) devices has made us more connected – and vulnerable – than ever.
Dr Yousef Amer and colleagues from Pakistan, the UAE and Western Sydney University highlight numerous security weaknesses in website applications and how these are costing organisations dearly. Due to the widespread adoption of eCommerce, iBanking and eGovernment sites, web applications have become a prime target of cybercriminals who want to steal individual and company information and disrupt business activities.
Despite a projected US$ 170 billion global outlay on internet security in 2022 against a backdrop of escalating and more severe cyberattacks, existing web scanners are falling way short when it comes to assessing vulnerabilities, according to Dr Amer.
The team identified that most of the publicly available scanners have weaknesses and are not doing the job they should. Nearly 72% of organisations have suffered at least one serious security breach on their website, with vulnerabilities tripling since 2017. A world leader in web application security estimates that 86% of scanned web pages have on average 56% vulnerabilities. Among these, at least one is classified as critical. The researchers compared 11 publicly available web application scanners against the top 10 vulnerabilities.
The team found that no single scanner is capable of countering all these vulnerabilities, but the prototype tool caters to all these challenges and is a one-stop guide to ensure 100 per cent website security. There is an urgent need to audit websites and ensure they are secure if these breaches are to be curbed and companies and governments can save millions of dollars. The researchers are now seeking to commercialise their prototype.
The global cyber security market was valued at US$ 139.77 billion in 2021. The market is expected to grow to US$ 376.32 billion by 2029, exhibiting a CAGR of 13.4% during the forecast period. The COVID-19 pandemic has been unprecedented and overwhelming, with security solutions undergoing higher-than-anticipated demand across the world compared to pre-pandemic levels.
The key drivers of the cyber security market are the emerging online e-commerce platforms and the advent of core technologies such as the internet of things (IoT), artificial intelligence (AI), cloud security, and others. Key market players focus on developing internet security solutions based on artificial intelligence (AI) platforms.
The growing demand for solutions is anticipated to gain traction with cumulative investments from Germany, France, India, Spain, South Korea, Italy, Canada, and Qatar, among others. The growing adoption of enterprise security solutions from manufacturing, banking, financial services, insurance (BFSI) and healthcare is expected to drive market growth in the future.
Singaporeans, particularly those who enjoy benefiting from and contributing to the wisdom of the crowd or sharing their thoughts on government policies, will undoubtedly enjoy CrowdTaskSG, a newly created crowdsourcing web service that taps Singaporeans’ collective knowledge.
Citizens will discover many possibilities to contribute their ideas and feedback to government entities on CrowdTaskSG. Citizens can take part in various tasks, such as surveys on government policies and national identity. Citizens may also be assigned duties to test prototype items, such as new government websites, and provide comments on areas for improvement.
The portal is a one-stop shop, collecting duties from across the government and making them easily accessible to those who are interested. With their Singpass account, all Singapore citizens and Permanent Residents aged 18 and over can use the portal.
Aside from hearing people’s ideas, the procedure is intended to be enjoyable. The app’s goal is to be as enjoyable as popular online games. Users can earn virtual coins by completing activities on CrowdTaskSG and trade them for real-world rewards such as coupons.
Recognising that Singaporeans are the ultimate users of government services, agencies have begun including the public early in the workflow of product or policy production to ensure that their opinion is considered from the outset. GovTech believes that citizens are co-creators in building a strong society.
The current crowdsourcing scene may be seen as fragmented, making it difficult for Singaporeans to have an overview of all the options available, while agencies struggle to discover the correct target participants. CrowdTaskSG addresses these difficulties by consolidating all government crowdsourcing jobs on a single website.
To reach their desired demographic, agencies can also use the tailored assignment tool. For example, if they want to test how user-friendly a product is for elderly users, they may quickly screen for older volunteers.
The CrowdTaskSG team is also trying to expand the number of tasks available, such as polls and A/B testing, and is reaching out to other agencies to learn how the platform can better support their crowdsourcing initiatives.
In addition, GovTech is all about using technology to make everyone’s lives better. CrowdTaskSG is based on the idea that Singaporeans are not only people who benefit from things but also people who can make important contributions.
The agency is asking everyone in the country to help solve problems by using their knowledge and skills. They are hoping that the input and ideas of the public will be the best part of the government’s next digital product.
Meanwhile, OpenGov Asia reported earlier that more users are finding it easy to do business in their native language now that Singpass supports Singapore’s four official languages, which are English, Tamil, Malay, and Chinese. By choosing their preferred language in the app’s settings, more users can enjoy the convenience of doing transactions in their native language. It was also the job of the legal divisions and other government departments to make sure that the texts follow the rules that are already in place.
Even though the multilingual feature has been successfully released, more work needs to be done. When a spreadsheet is used to help with translations, translators can’t see how the app looks and what is being translated side by side. This can slow down translations.
Singpass is one of the eight national strategic projects overseen by GovTech that help Singapore achieve its goal of becoming a “Smart Nation.” Over 2,000 government and business sector services are accessible conveniently and securely online and in person thanks to a Singaporean resident’s digital identification.
The Ministry of Finance has announced it would develop a foundation for a modern and transparent digital financial ecosystem based on big data and open data by 2025. The initiative will be carried out under the Ministry’s digital transformation plan aimed for 2025, with orientations to 2030. It was newly signed by Finance Minister Ho Duc Phoc.
By 2030, the Ministry strives to establish a developed digital financial ecosystem with enhanced cybersecurity and efficiency. The overall objective of the plan is to accelerate digital transformation in tandem with building a sustainable, advanced, and globally-integrated national financial system. The move is expected to boost growth, enhance the resilience of the economy, and maintain macro-economic stability and financial security.
The Ministry will apply fourth industrial revolution technologies and leverage the progress that’s been made with the development of the e-government to transform the finance sector. It will offer more digital financial services to bolster the digital economy and digital society. The finance sector will play a vital role in creating, connecting, and sharing data, digitising platforms, and optimising the digital information of the government, people, and organisations.
The Ministry will cut down the number of public administrative procedures, and reform, simplify, and standardise public financial services to reduce costs and improve service quality and productivity by 2025. Accordingly, the delivery of most public administrative services will be shifted online, providing citizens with a paperless and convenient experience. The Ministry also intends to step up the implementation of the National Single Window system and the ASEAN Single Window system to facilitate trade.
Further, the Ministry has plans to set up a modern, public, and transparent digital financial platform by 2025, based on big data and open financial data. By 2030, the Ministry claimed a digital financial ecosystem will be formed in all fields, ensuring administrative effectiveness and the safety of information. Civil servants and public employees will be trained in digital skills to facilitate the process.
The rate of financial technology adoption in the country is gradually and significantly increasing. The number of subscribers of the government’s Mobile Money initiative has quadrupled since the service was launched in January this year. 67% of these subscribers reside in rural, mountainous, border, island, and remote areas.
As OpenGov Asia reported, subscribers with at least one Mobile Money transaction by the end of June exceeded 1.72 million, accounting for 97.3% of the total. Additionally, the number of households with fibre optic connections in the first half of this year increased by 9% compared to the same period of 2021 and by 17% against that of 2020. According to the Ministry of Information and Communications (MIC), the goal of having 75% of households using fibre optic services this year is achievable. Vietnam also aims to have more than 50% of the population own digital payment accounts.
In deploying Mobile Money, the government has taken advantage of existing infrastructure and data and telecommunications networks. This has reduced social costs and expanded cashless payment channels on mobile devices. Industry experts have stated that the COVID-19 pandemic highlighted the need to universalise digital payments. Regardless of an Internet connection or bank account, and with just phone numbers, users can easily make cashless transactions through their Mobile Money account. The pandemic also greatly boosted the e-commerce market, with non-cash payments accounting for 70% of total retail transactions in Vietnam last year.
While nursing education mainly consists of classroom teaching and clinical practice, face-to-face teaching and clinical placements at medical institutions have been affected as a result of the COVID-19 pandemic. Thus, to develop the training and learning experience of nursing students, a research team led by Dr Justina LIU, Associate Professor of School of Nursing, and Dr Kitty CHAN, Senior Teaching Fellow of the same school, has developed a virtual learning system “Virtual Hospital” that uses virtual reality (VR) technology to offer an innovative experiential approach to nursing education.
Virtual Hospital is the first-of-its-kind virtual learning system in Hong Kong that simulates the complex and chaotic environment of a real-life hospital ward. With a total of 11 games, the system provides five scenarios, namely “Clinical Practicum Orientation”, “Challenges of Delirium”, “Managing Multitasks”, “Prevention of Errors” and “Potential Heart Attack”.
Over 1,200 combinations of randomised situations and multiple choices make it difficult for students to predict the tasks they will be handling, while they are required to provide instant responses to multitasks and make appropriate nursing decisions through assessing a patient’s condition and interpreting their medical information.
It was noted that the majority of existing VR learning systems are skill- and procedure-focused and adopt a single patient management setting. The PolyU-developed Virtual Hospital requires students to handle multiple beds and take care of multiple patients at the same time. Unexpected incidents and clinical pitfalls are generated to test the student’s ability to apply their knowledge and prioritise nursing tasks amid various disruptions within a limited time.
Through VR experiential learning, students can improve the soft skills that are essential for their clinical practice, including situation awareness, flexibility to handle emergencies, as well as decision-making and communication skills.
Virtual Hospital allows users’ responses and decisions to be displayed on a TV monitor for group participation, while their communication with the virtual patients can be recorded for review. By answering multiple-choice questions, the student can reflect on the judgements and decisions made. In addition, the game data and the automated assessment function of the system also provide convenience for teachers in tracking students’ progress and evaluating learning outcomes.
Since its launch in January 2022, Virtual Hospital has benefited over 450 nursing students. With Virtual Hospital, students are provided with a cooperative case-based learning opportunity. Supplemented with current practice on patient simulators, it is hoped that Virtual Hospital can further help students master the skills necessary for clinical nursing and most importantly for reducing errors in actual clinical situations.
The team is pleased that the virtual learning system has received positive feedback from students, and looks forward to incorporating interprofessional and interdisciplinary elements in the future, as well as introducing the system to other nursing institutions in Hong Kong and the Greater Bay Area.
A Year-3 student from PolyU School of Nursing noted that she was impressed by the fidelity of the Virtual Hospital in terms of the environmental details. The VR learning experience strengthened her confidence in clinical practice as the system allowed every student to deal with nursing problems on their own, which helps them better prepare for the stressful work situation faced by nurses in the real clinical environment, she said.
The Cybersecurity and Infrastructure Security Agency or CISA has announced the “Protecting U.S. Elections: A CISA Cybersecurity Toolkit,” which provides state and local election officials with free services and tools to improve the cybersecurity and resilience of their infrastructure.
“I am very proud to announce another valuable resource that can help officials further reduce their cyber risk and improve their security posture,” says Jen Easterly, Director, CISA.
She added that the state and local election authorities must deal with challenges to their infrastructure daily from things like insider threats, malicious actors, and foreign involvement. This is just another tool to aid them in their continuous efforts to maintain the security and resilience of the American election processes.
CISA regularly collaborates with state and local election officials to safeguard their systems as the principal federal agency in charge of election security. In addition, CISA provides several services, information products, and other resources.
As the principal federal agency in charge of overseeing national election security, CISA has assembled a toolkit of free services and tools through the Joint Cyber Defense Collaborative (JCDC) to assist state and local officials, election officials, and vendors in enhancing the cybersecurity and cyber resilience of the U.S. election infrastructure.
The free tools, services, and resources offered by CISA, JCDC members, and other members of the cybersecurity community are included in this toolbox. These free resources were assembled by the JCDC of CISA, which collaborated with organisations from the public and private sectors, including the election community, and JCDC alliance members. The toolkit’s broad categories are arranged to assist election officials: Utilise an Election Security Risk Profile Tool created by CISA and the U.S. Election Assistance Commission to evaluate their risk; locate tools for securing voter data, websites, email systems and networks. Also, safeguard assets from assaults such as phishing, ransomware, and distributed denial-of-service (DDoS).
The most recent tool that CISA and its partners have created to aid the election community is the toolkit. To counteract the disinformation, CISA’s website provides a wealth of information and advice on topics ranging from cybersecurity to physical security for polling places and election officials.
The organisation collaborates with election authorities in all 50 states, the District of Columbia, and the territories to provide cybersecurity services, technical help, and guidance as well as to frequently share relevant and useful information and intelligence.
The following steps should be taken to create the cybersecurity baseline before employing the toolkit to handle risks, according to CISA: Use the free CISA Cyber Hygiene Services Vulnerability Scanning; prioritise patching known exploited vulnerabilities; maintain updated systems and software, adhere to best practices for password management, such as using multifactor authentication and a password manager; and create offline backups of your data.
Meanwhile, the White House Office of Science and Technology Policy (OSTP) is seeking public input on how to safely progress and adopt the Privacy-Enhancing Technologies (PETs). This can enable the future by embracing data-driven technologies like AI while safeguarding privacy.
PETs are tools that let researchers, clinicians, and anyone with permission glean insights from sensitive data without ever having access to the data itself. The fundamental value of PETs lies in their ability to keep data “hidden” from researchers while allowing analysis of that data.
It may enable new types of collaboration and norms for the appropriate use of personal information. Agencies may facilitate greater collaboration across entities, sectors, and borders to address shared concerns, so contributing to the development of solutions in areas such as health care, climate change, financial crime, human trafficking, and pandemic response.
The Philippine Space Agency (PhilSA), the Department of Science and Technology Advanced Science and Technology Institute (DOST-ASTI), and the Bangko Sentral ng Pilipinas (BSP) have begun testing satellite internet service in two rural banks in Batangas province.
“PhilSA and DOST-ASTI will process data to look at the network performance against the actual connectivity needs of the banks. Information from these reports will be utilised by BSP as we move this partnership forward,” says Ma. Victoria Gazmin-Basto, Officer-in-Charge, PhilSA Space Business Development Division.
The stated banks were previously recognised by the Department of Information and Communications Technology (DICT) as being in Geographically Isolated and Disadvantaged Areas (GIDAs), where the installation of new terrestrial networks to improve connectivity may be impractical.
The provision of technical assistance to BSP is consistent with PhilSA’s mandate of assisting other government agencies or departments, as well as the private sector, in carrying out their responsibilities using space science and technology applications and satellite data.
To collect data, a Weather and Performance Monitoring System (WPMS) equipment built by DOST-ASTI was placed up near the two banks. The WPMS includes a network performance monitoring device that is linked to the satellite internet user equipment installed at the banks.
Among other things, the device measures network metrics such as upload and download speeds, throughput, latency, and jitter. Furthermore, the WPMS includes weather stations that monitor meteorological parameters such as rain, temperature, humidity, and pressure at the same time. The obtained data will subsequently be analysed to investigate and evaluate the satellite internet service’s performance and reliability under local weather conditions.
According to Bryan Paler, Senior Science Research Specialist at DOST-ASTI, his agency encourages collaboration with PhilSA and BSP to demonstrate ASTI’s locally developed technologies in applications that benefit the Filipino people.
Aside from the WPMS, they are investigating how they may put other homegrown technologies to use, such as bridging the digital divide and promoting financial inclusion. DOST-ASTI intends to capitalise on the partnership’s benefits in the future by educating people about financial literacy.
The organisations intend to use the digital TV technology and internet infrastructure that they are constructing to teach people in the unserved and underserved areas about financial literacy in addition to doing research on the usefulness and efficiency of satellite internet services for banks. The Philippine government aims to provide rural areas with cutting-edge technology while also teaching residents how to use it for their own benefit. Out of the country’s 1,634 municipalities, 33% or 533, are still unbanked and do not have access to financial inclusion services.
The Philippines believes in satellite technology’s ability to improve connectivity in rural areas, hence increasing banks’ capacity to deliver digital financial services and encourage greater financial inclusion in unserved and underserved areas. Digital financial services such as remittances, bill payments, and opening transaction accounts, among others, would become more inclusive and accessible with improved connections in rural areas.
A Memorandum of Understanding (MoU) has been signed between PhilSA, DOST-ASTI, and BSP to encourage access to high-quality financial services enabled by internet connectivity. As transactions and services move to online platforms, this endeavour will increase digital inclusion.
Internet connectivity is recognised as a crucial enabler of financial and economic inclusion, as financial activities and services migrate to online platforms. As internet connection is increased, banks and other financial service providers will be able to better serve rural areas with additional internet-connected access points, such as automated teller machines and cash agent services.
Governance and the improvement of basic public services have come a long way with the help of digital technology. Given the number of crises in 2020, digital solutions platforms and tools have been a huge help to disaster preparedness and critical event management.
A lot of earthquakes and tsunamis happen near the coast of Indonesia. One of them is Banten, which is on the southern coast of the Lebak Regency. Studies show that a megathrust earthquake could have a magnitude of 8.9 and cause a tsunami that is up to 20 metres high.
With this, the ITB team then did a service programme, which included making maps of residential areas in Cimampang and Sukarena, modelling tsunami flooding, mapping exposure with unmanned aerial vehicles (UAVs), and making public information boards, surveying village resources, and digitising evacuation route maps. ITB works with different groups to get the southern coastal community of Lebak ready by doing things that are related to the Disaster Resilient Village indicator.
Since 2021, ITB’s service programme for the people on the southern coast of Lebak has been running well with the help of many offline and online partners and one of the things that were done was to teach people how to protect themselves from earthquakes and tsunamis. To be able to prepare for disasters, education needs to be a higher priority. People also think that the parameters of the emergency response plan and the early warning system at the school are still low, so they need to learn more.
Several government agencies and other groups took part in an evacuation drill. After the group simulation, people worked together to make tents, find places to stay, run a public kitchen, collect data on health, and do triage.
On the other hand, perceptions and understandings of the residents are strengthened through artistic expression channels after simulation activities. With help from the local government, teachers, and students, they put together materials to help keep school-based efforts to reduce disaster risk going.
By adding more art elements, the final forms of educational materials were made in a way that worked well. First, the book “Edukasi Siaga Caah Laut” has stories about how people in the area dealt with the tsunami and what they learned from evacuations and simulations of evacuations.
The second piece is a dance performance set to Sundanese Kidung that the students have written, sung, and played; and lastly, the word “Mitigarium,” which is an installation, is made of things that can be found in schools. The way things are set up shows expressions of tsunami events, evacuations, and other situations.
Furthermore, due to its location on the Ring of Fire, Indonesia is vulnerable to droughts and floods, as well as earthquakes, tsunamis, and volcanoes. Java and Sumatra, the islands in the south and west, face a wide range of natural dangers. Most of the time, droughts and floods happen on the other islands. Heavy rains cause flooding and landslides in places in the middle of the country with steep terrain.
Indonesia is one of the countries in the world with the most earthquakes, thus, the government is coming up with new ways to get ready for these disasters. The nation’s Meteorology, Climatology, and Geophysical Agency (BMKG) cited that they will maximise their digital technologies to improve their systems for collecting data on earthquakes and to get more accurate information and parameters.
A research team from Nanyang Technological University, Singapore, and AI industry leaders have created a new standard on AI security in response to the demand for securing the integrity of AI programmes and building trust in AI solutions.
“By providing advice on the necessary defences and assessments to make AI applications more secure, we aim to create trust in AI for AI practitioners. At the same time, we hope that consumers will feel more confident in using AI solutions that have been certified with the standard,” says Prof Liu Yang of NTU’s School of Computer Science and Engineering, who also led the research development of the standard.
Despite the many advantages of AI adoption, cybersecurity risks like hacking constitute a serious risk to AI systems, particularly in situations where hackers may access sensitive data or cause automated systems to malfunction. However, there aren’t many rules protecting the security of AI systems.
The standard will be used to direct worldwide standardisation plans in this field through the International Organization for Standardisation (ISO), making Singapore one of the first nations in the world to steer advancements in AI security.
The new standard explains the different kinds of attacks that AI systems could face, how to measure the security of an AI algorithm, and what AI professionals can do to stop these kinds of attacks. It took a year to make, and 30 AI and security experts from business, academia, and the government helped make it.
The standard highlights four case studies where security breaches could have disastrous effects to show how important secure AI systems are. These case studies include content filters on social media platforms to flag offensive content, credit scoring systems to safeguard people and credit institutions, AI-enabled disease diagnosis systems, and systems that detect and shield computers from malicious software.
There could be serious effects on people’s lives if these AI systems fail. Users might be exposed to extremist content on social media sites, get an erroneous diagnosis, or have their credit score incorrectly determined, for instance.
Meanwhile, scientists from the National University of Singapore and NTU Singapore’s Centre for Environmental Life Sciences Engineering (SCELSE) have developed a method to remove phosphorus from wastewater at temperatures higher than those permitted by currently used methods by storing the chemical in bacteria.
Current phosphorus removal techniques struggle to work effectively in temperatures above 25 degrees Celsius, which are becoming more common in warm countries. This is expected to occur in additional nations as a result of global warming.
Because water reclamation plants in Singapore are home to a range of microbial species, the SCELSE-developed approach, which is based on bacteria, would help to “future-proof” the removal of the toxin. This is because research has shown that at 30 and 35 degrees Celsius, it successfully removes phosphorus from wastewater.
Candidatus Accumulibacter is the name of the bacterial genus that removes phosphate from wastewater and stores it as polyphosphate granules inside itself, and it is not dangerous to the environment and to humans as well. Scientists say that their method could be used both in small reactors in the lab and in large treatment plants.
The bacteria-based technology makes it possible for biological phosphorus removal to work at temperatures as high as 35 degrees Celsius. This would help “future-proof” phosphorus exclusion, since other techniques that use biological advances only work at cooler temperatures and would be less efficient as global warming affects temperatures to rise around the world.