Thursday, 4 October 2018

Singapore to re-engineer government IT systems: PM Lee Hsien Loong at GovTech STACK 2018 Developer Conference

Fundamental 're-engineering' of Government to provide better and faster public services: PM Lee
IT systems to be overhauled and processes revamped for more centralised approach
By Irene Tham, The Straits Times, 3 Oct 2018

There will be a fundamental re-engineering of the Government so that it can tap technology to provide better and faster public services at a fraction of the cost.


It will move away from a system where individual agencies build their own e-citizen services and applications, to a more centralised approach that will enable such e-services to be created more efficiently.

The Government also plans a significant migration to cloud technology, without compromising on security.



Sharing his vision on how the Government's use of technology will improve the lives of Singaporeans in the future, Prime Minister Lee Hsien Loong said yesterday: "We will fundamentally transform how we develop government software and applications."

The key is to get government agencies working together and learning from one another, instead of each trying to reinvent the wheel.

"Instead of every agency building its own bespoke website, at great expense, and often repeating the same coding errors and bugs, we can do it more efficiently, and get better results, by reusing technologies," said PM Lee.

Touching on this, Mr Chan Cheow Hoe, the Government's chief information officer and deputy chief executive of the Government Technology Agency of Singapore (GovTech), said: "Every agency is egocentric and wants to build its own thing and have its own vendor. This needs to change."

Both PM Lee and Mr Chan were speaking at the inaugural STACK 2018 Developer Conference organised by GovTech.

Under the new approach, a central system can be created instead of each agency having its own online licensing processes or Web forms. Forms can also be pre-filled with information so that users will not have to repeatedly give it to different agencies.

"With technology, we can go beyond tweaking existing ways of doing things to reduce bureaucracy and simplify our processes significantly," PM Lee said at the Suntec convention centre.


He mentioned a resale portal launched by the Housing Board that has halved the time it takes to buy and sell public housing flats as an example.

He said agencies would also be able to tap the Singapore Government Technology Stack - a suite of common software components used in application development - to create e-services faster and cheaper.

At the same time, the Government is getting ready to put many of its systems and services on the cloud - instead of onsite - where they can operate round the clock, without the need for expensive dedicated backups.

"We have done a preliminary study and concluded that many government systems can, in principle, exist in the commercial cloud," he said.

The Government would have to design its own cloud for systems that could not be on the commercial one. And it would figure out how to operate systems that were so sensitive and critical that they must be isolated.

He said the recent data breach at SingHealth was a harsh reminder that cyberspace is not a benign environment. "We must continually strike the right balance between security and usability," said PM Lee.







Lapses in IT systems, organisations must be fixed: PM Lee
SingHealth hacking is harsh reminder that cyberspace is not benign environment, he says
By Irene Tham, The Straits Times, 3 Oct 2018

The cyber attack on SingHealth has revealed lapses in IT systems and organisations, and is something that must be put right, Prime Minister Lee Hsien Loong said on Tuesday (Oct 2).

June's attack on a critical system belonging to the public hospital group was a "harsh reminder" that cyberspace is not a benign environment, he said, speaking at the inaugural STACK 2018 Developer Conference organised by the Government Technology Agency of Singapore.

Although the attacker was sophisticated and well-resourced, the incident also revealed "internal weaknesses and lapses" in IT systems and organisations.

It led to the worst data breach in Singapore's history, involving the personal data of 1.5 million patients and outpatient prescription records of 160,000 people, including the Prime Minister and several ministers.

Last week, the four-member Committee of Inquiry tasked to look into the cyber attack at SingHealth heard that an old server had not had security software updates for 14 months. It was one of the many pathways used by hackers to reach SingHealth's critical systems where the data breach occurred.



"We have to improve and put these right. We have to train up our people, institute robust processes, inculcate the right mindsets and enforce accountability," said PM Lee.

Singapore started building stronger defences after 2013, when a member of global cyber activism group Anonymous sought to bring down many government websites, including transactional ones.

Notably in April 2015, the Cyber Security Agency (CSA) was created to strengthen the country's cyber-security posture to assist its Smart Nation push.

The high-level agency has been tasked to coordinate public- and private-sector efforts to keep the lights on for critical systems, such as those in the healthcare, energy and banking sectors, in the event of a cyber attack.

The CSA developed an overarching Cybersecurity Bill, which was passed unanimously in Parliament in February this year.

Among other things, the new law empowers the Commissioner of Cybersecurity to demand data or seize computers from owners of not only critical information infrastructure (CII), but also non-CII systems deemed to be essential for investigations. The law also mandates that owners of CII report security breaches and attacks "within hours".



"This latest SingHealth incident only drives us to redouble our efforts," PM Lee said yesterday.

And even though there will be a re-engineering of the Government where IT systems are radically overhauled and processes revamped, he noted that the cyber-security journey is a long and unending one.

"There are many things we can do to tighten processes and fix weaknesses without affecting the user experience," he said.











Public sector needs to beef up tech talent, says PM Lee
By Irene Tham, The Straits Times, 3 Oct 2018

Public-sector organisations need to have strong engineering capabilities, with technological expertise at all levels, to drive Singapore's digital transformation, Prime Minister Lee Hsien Loong said yesterday.

Agencies cannot be totally dependent on, and hence at the mercy of, external consultants, he said, noting how attracting and retaining tech talent will propel Singapore's Smart Nation ambition.

Singapore wants talented IT professionals to consider joining the public sector. This is why the public sector has recently revamped its salary schemes to pay public officers competitively.

"If we are successful, we will be able to attract and recruit engineers of the calibre that companies like Google, Netflix, Dropbox, Slack and Go-Jek hire - whether fresh out of the university or already mid-career," said PM Lee. He was speaking at the inaugural STACK 2018 Developer Conference organised by the Government Technology Agency of Singapore (GovTech).

The public sector also needs its top leaders - including permanent secretaries and chief executive officers - to be tech savvy as they make the final decisions on IT projects.

"With senior engineering leaders and support from the top leadership, we can grow a strong engineering culture over time, and integrate the constellation of talent into a real IT capability," said PM Lee. He noted that this, in turn, will attract talented IT professionals into the public sector.



Singapore has made some progress on this front, starting with the formation of Hive, which opened in October 2015.

The 13,000 sq ft facility at the Sandcrawler building in Fusionopolis has a serious mission: to bring back control of some IT functions previously outsourced.

It is the headquarters of a crack team of Singapore government data scientists and software engineers - close to 300 of them now.

"But we need many more, not just for GovTech, but also... many other places in the government," said PM Lee.

A survey by the Info-communications Media Development Authority of Singapore in 2015 estimated that 53,000 new jobs in areas such as data analytics, software engineering, cyber security and digital marketing will be created by this year.

The move is expected to go down well with engineers and technology buffs. Mr Duncan Hewett, senior vice-president and general manager of VMware in the region, said many engineers want to make an impact in the communities they live in. He added: "Government organisations present a great opportunity to make a larger social impact."








Wanted: IT talent out to change the world
This is an edited excerpt of a speech by Prime Minister Lee Hsien Loong at the GovTech STACK Developer Conference on Oct 2. He stressed the need for Singapore to recruit top IT talent to spearhead the next phase of digital transformation and safeguard security, even as the Government moves more of its IT functions from premise-based services to the cloud.
The Straits Times, 4 Oct 2018

We were one of the first governments in the world to computerise, to digitise our data, and to move our services online. We did this to improve public services, and to serve the needs of Singaporeans and businesses. Overall, we have not done too badly in this effort.

Whether you are applying for a passport, or paying your taxes, or managing your HDB housing mortgage or CPF retirement savings - our services are efficient, convenient and popular with citizens. We were also one of the first cities in the world to implement Electronic Road Pricing. This is an effective and transformational use of technology, although, alas, not so popular with drivers.

Our ambition now is to become a Smart Nation - using technology to better meet our people's needs for the future, and to improve their lives. The vision is vast, but we are working on several specific strategic projects to focus our efforts, like a national sensor platform, a national digital identity, and urban mobility...

MOVING TO THE CLOUD

For a government, security and data protection will be major considerations in using the cloud but even companies with stringent security and privacy requirements, like banks, are using the cloud extensively. So the question for the Government is not whether we do it, but to what extent we can use the cloud, and how we can overcome the problems and minimise the risks.

We have to decide which government systems can use commercial cloud services, and which cannot. For systems that cannot go onto the commercial cloud, we have to design and build our own government cloud, so that at least these systems can share the government cloud infrastructure, and benefit from its efficiencies and economies of scale.

And finally, for those systems that are so sensitive or critical that they must be isolated - have air gaps, guarded rooms and Faraday cages - we have to figure out how to develop and operate them, in a future when everything else is on the cloud.

We have done a preliminary study, and concluded that many government systems can in principle exist in the commercial cloud. Over the next few years we will begin to migrate some systems onto the cloud, gain experience in this new mode of operation, and take bolder steps in the light of what we learn.

CYBER SECURITY

That brings me to the issue of cyber security - a vital prerequisite for us to benefit from new technology in a more connected world.

Recently, the SingHealth IT system was hacked, and 1.5 million outpatient medication and personal records were stolen, including mine. It was a harsh reminder that cyberspace is not a benign environment, and we have to do much better in keeping our IT systems and data safe and secure. The attacker was sophisticated, well resourced and determined, probably a state actor. But this case has also revealed internal weaknesses and lapses in our IT systems and organisations. We have to improve these and put them right.

We have to train our people, institute robust processes, inculcate the right mindsets, and enforce accountability. In fact, we started doing this several years ago, especially after the Anonymous group launched a DDOS attack on the Singapore Government in 2013.

Notably, we set up the Cyber Security Agency of Singapore (CSA) to lead our efforts across the entire public and private sectors to tighten up and bring our cyber security up to scratch.

This latest SingHealth incident only drives us to redouble our efforts. We must be alert to detect intrusions, respond decisively, and recover quickly. Cyber security is a long and unending journey. Our cyber defences will never be absolutely impregnable against those who wish us harm. We must continually strike the right balance between security and usability but there are many things we can do to tighten processes and fix weaknesses without affecting the user experience. That is the responsibility of agencies, service providers, CSA, professionals, and the responsibility of the government to oversee them and make sure it is done.

Finally, we will fundamentally transform how we develop government software and applications. A generation ago, it needed a brilliant programmer working for Atari to build the arcade video game Pong - Allan Alcorn. He had to build everything, starting from scratch.

Today, one engineer can create a hugely sophisticated game, with fabulous CGI, in just a few days of effort. Not because today's engineers are cleverer than the guy who built Pong, but because he has much better tools, and is able to exploit all the work done by generations of engineers and developers over the last decades - graphics packages, physics packages, AI packages, game engines, millions of lines of code hiding behind APIs. He can build on all that has been already done, and does not have to reinvent the wheel. He does not need to understand the insides of all the software packages that his code relies on, but he can build something new using them, and later on, perhaps, others will use what he has done and take it to yet another level.

This is what we have to do for government as well. Take, for example, our government websites, we have hundreds of them - needless to say their quality varies. Instead of every agency building its own bespoke website, at great expense, and often repeating the same coding errors and bugs, we can do it more efficiently, and get better results, by reusing technologies. Or, instead of every regulatory agency having its own online licensing processes or Web forms, we can set up one central system that agencies can adapt for their use. Forms can be pre-filled with information, and users then do not need to repeatedly give government data that we already have.

This is why we are building the Singapore Government Technology Stack (SGTS) - the theme for today's conference.

The SGTS is a suite of common software components used in application development. It comprises three standardised layers between the data and the application.

First, common hosting platforms, like Amazon Web Services, so that all the agencies use the same set of tools and the same programming language.

Second, shared middleware, such as centralised API gateways, and an automated solution for testing of Web and mobile applications.

Third, a library of commonly used micro-services, such as payment and authentication, so application developers can just plug and play. The SGTS will help us to deliver better public services to citizens through reusable software, much faster and at a fraction of the cost.

It will complement our greater use of the commercial cloud, and support our efforts to share data more easily through published APIs. Together, SGTS, cloud and data will enable us to re-engineer the Government's digital infrastructure.

This will form the dev-ops and digital environment for in-house engineers and users, and will also enable greater collaboration and exchange with the private sector.



DEVELOPING OUR PEOPLE AND CAPABILITIES

To drive our digital transformation, the Government has to develop strong engineering capabilities and nurture a deep engineering culture. This entails building organisations that invest in and build up our people, to provide them with the right skills, experience and perspectives, and to empower them to make a difference.

We recently created several new organisations to drive these efforts - the Smart Nation and Digital Government Group, along with GovTech, both under the Prime Minister's Office; the CSA; and the Infocomm Media Development Agency (IMDA). We also set up the Hive as a centre of excellence within GovTech.

We must develop IT capability not just in centralised agencies like these, but also in all our ministries and agencies. IT can no longer be an afterthought or add-on that is grafted onto the organisation. It must be intrinsically part of what the organisations do, even if their main mission is something different but has to use IT to succeed. Agencies must understand what technology can do for them in their mission areas, and how to apply technical and engineering solutions to enhance their capabilities.

They have to be informed consumers, able to write their own operational requirements, and make intelligent procurement and development decisions. They cannot be totally dependent on, and hence at the mercy of, outside consultants. This is so, whether you are the Ministry of Home Affairs in charge of police and civil defence and public security, or whether you are the Land Transport Authority in charge of the public transport system and the road network, or whether you are the Ministry of Health responsible for delivering healthcare and managing patient records and data, or whether you are HDB administering one million households in Singapore, each one having his HDB flat as one of his most important assets. Without IT, they will all fall down on their job.

Developing an organisational IT capability in the centre in all these agencies requires expertise and talent at all levels. Teams with deep technical skills - such as cloud solution architects, cyber security specialists and UX designers. You need mid-to senior-level engineering leaders, whom younger engineers can look up to and learn from; and seasoned, senior engineering leaders who have spearheaded major IT projects, who can make strategic engineering decisions and judgments, and will supervise and mentor the next generation of talent.

We also need the top leadership in the public service - our permanent secretaries and CEOs of statutory boards - to be tech savvy or at least tech informed, because they have to make the final decisions on IT projects. They need a feel - what is this about, does it sound right, is this the right order of magnitude, am I solving the right problem, am I paying 10 times too much for the job? If they cannot feel that but must depend on somebody else to tell them that, then I think we are in a much weaker position.

With senior engineering leaders and support from the top leadership, we can grow a strong engineering culture over time, and integrate this constellation of talent into a real, significant and formidable IT capability. This is the sort of organisation and working environment that ambitious, talented and enterprising engineers and IT professionals look for.

Remuneration is important; we have recently revamped our salary schemes to pay our officers competitively, and for exceptional talent, we can even pay for person. There are some further adjustments which we are making, but we have made substantial changes already.

But far more important than competitive salary are the intangible factors - being given challenging responsibilities and big problems to solve; being provided support and resources; and being empowered to make decisions. Talented people want to be deployed to the best teams, to work under able leadership, to see their efforts lead to results. They want to change the world, and why not?

To recruit the best, we must offer the organisation, the culture and the leadership, where talent can find growth opportunities, deepen their expertise and make progress in their careers. If we are successful, we will be able to attract and recruit engineers of the calibre that companies like Google, Netflix, Dropbox, Slack and Go-Jek hire, whether fresh out of university or already mid-career. We want talented IT professionals to consider the Government as an employer, just as seriously as any one of these companies.

We have made some progress on this. At the Hive, we now have a team of close to 300 talented engineers but we need many more, not just for GovTech, but also CSA, IMDA and many other places in the Government.

Some of these people will work for a few years with us, and flow out to the private sector or even to Silicon Valley, because that is the quality we are aiming for. We can accept this, provided we have a similar flow of talent into the Government as well, because then we can maintain an equilibrium and show that we are competitive and that people come to us because they are able to do great things with us.

Of course, the Government's efforts to strengthen our tech capability do not happen in isolation. They support our larger plans to build up our tech scene in Singapore, as one pillar of our future economy. We aim to grow a vibrant IT industry. Our universities are producing more good IT graduates, because students have started to realise that IT skills are in demand. All of a sudden, cut-off scores for getting into IT courses in universities have gone up - you now need three As.

We attract IT talent from the region to work here. We keep in touch with Singaporeans working in Silicon Valley and other tech centres in the world, and try to bring some of them home. We welcome IT companies, from start-ups to established players, to set up shop here. Many are here already - Google, Facebook, Salesforce, Grab, Stripe - and they are growing. They are doing not just project management or marketing operations, but increasingly engineering work. Such a vibrant industry will provide the matrix within which the Government can build its own capabilities, and meet its IT needs and lead the Smart Nation efforts.

There are exciting developments in Singapore in the IT industry, both in the public and private sectors. We do not know if all of our initiatives will go as we plan, but as a GovTech officer said to me recently, we are rebuilding the aeroplane even as it is mid-flight!

But if you are game for this challenge, please join us as we strive towards becoming a lean, agile and digital Government, and a Smart Nation.




Related
CODEX: Re-engineering the Government's Digital Infrastructure -2 Oct 2018

No comments:

Post a Comment