PARTNER
Why cyberskills are the bedrock of Singapore’s public sector’s services
By CyberArk
Singapore’s public sector built a secure foundation for digital innovation by elevating digital skills and emphasising cybersecurity, shares CyberArk.
TraceTogether is just one visible example of how Singapore provides digital solutions to public challenges. Rather than siloing tech efforts, tech development has expanded to a whole-of-government affair.
Singapore’s digital government strategies have paid off with a slew of digital services. From building digital capacity within the public service to integrating security from the start, CyberArk explains how Singapore set in place a secure foundation for digital innovation.
Building digital skills
Singapore is building a public sector workforce confident with digital tools as part of the Digital Government Blueprint. This helps civil servants to apply digital knowledge from policy planning all the way to service delivery.
The government has prioritised in-house tech development since 2014, according to the Civil Service College. Public sector tech talent allowed a quick response to Covid-19, with measures such as TraceTogether and tech-assisted mask distribution, shared Singapore’s GovTech Minister, Dr. Janil Puthucheary, in 2020.
Singapore has since introduced education platforms to elevate digital skills across the public sector.
For instance, a GovTech academy aims to train more than 6000 officials in its first year, reported The Straits Times in 2021. The programme offers 55 programmes in areas such as app development and cyber-security. By 2023, it aims to educate 20,000 officials in data science.
GovTech also encourages a culture of reskilling through an app which offers training courses on-the-go for civil servants. The app also hosts mandatory modules on cyber security and data literacy, equipping all civil servants with a basic digital foundation.
Laying the groundwork
Equipping all public sector officials with digital skills is part of a broader DevOps philosophy.
Simply put, DevOps refers to cultural attitudes and tools that encourage those developing technology and those running services to work together. This ultimately streamlines and speeds up tech building.
This first requires a shift in attitudes. DevOps calls for everybody in an organisation to communicate with each other.
For example, Amazon Web Services instructed engineers to share data with other teams, explained Aaron Cois, Carnegie Mellon University. As data needed to be visible and usable across teams, this encouraged a culture of checking and improvement.
Beyond culture, DevOps requires common tools as well. For instance, Singapore introduced a common development platform in 2018. The platform provides common tech building blocks for government agencies to develop products and apps with.
These shared resources reduce time needed to introduce and improve digital services and allows teams to collaborate easily. Rather than developing new tools and data for each initiative, there is now a common pool of information and technologies for agencies to build with.
This shared foundation enabled the MyInfo app to be built within four months, as opposed to a year otherwise. By 2020, developers across 28 agencies had tested 200 apps with this platform, shared Chan Cheow Hoe, Government Chief Digital Technology Officer, GovTech.
Integrating security from the start
As DevOps becomes a fundamental part of any organisation, security must be a key consideration. “Security can never ever be an afterthought. It’s something that you start from Day One,” explained GovTech’s Chan.
Since DevOps entails a shift towards automation and adopting cloud services, there is an increase in attack surfaces, shares Chris Smith, Product Marketing Director, CyberArk. These surfaces range from unprotected developer laptops to automated programmes with high access privileges.
Organisations use tools such as passwords, encryption keys, and digital certificates to secure access to powerful information and code. However, when these tools are stored within internal systems, they are vulnerable to security breaches.
Using software that can manage these sensitive tools is a safer alternative, CyberArk suggests. When users need to access them, the software can supply the relevant key and record the transaction securely.
Multi factor authentication is another way government agencies can secure systems, explains CyberArk. CyberArk AI tools may request multiple authentication depending on risk levels. For instance, more login attempts may prompt password requests, email checks and a phone call.
As governments adopt DevOps to serve quicker and more responsive digital solutions, it is essential to prioritise security as a key bulwark.