Information Technology

In 2021, digital transformation no longer counts as innovative; it’s a baseline expectation for every enterprise. The trust imperative is the next major shift enterprises will encounter. New market leaders will not solely arise from technology platforms, sophisticated analytics, or sophisticated capital allocations. Instead, consumers and business leaders will increasingly turn to companies they can trust. And trust will move markets. 

At Forrester’s upcoming Security & Risk event on November 9–10, I’ll deliver a keynote on the CISO’s role in the trust imperative. Security leaders will learn why and how the trust imperative requires their full participation. There is no executive role that better aligns with the trust imperative than the CISO. As culture, market, and technology shifts bring more disruption and chaos, CISOs will go from being an often ignored role to one of the most crucial people in their organizations. In the keynote, CISOs And The Trust Imperative, I’ll explain why that will happen, how to handle it, and what to do about it. Here’s a spoiler-filled preview of what I’ll discuss in my keynote: Wait for the trust imperative to arrive with open arms. CISOs, for the entirety of their cybersecurity careers, defended the data employees, customers, and partners entrusted to them. They have lived in a world of trusted users, unauthorized access, and intrusions. Forrester created Zero Trust security — one of the featured tracks at our event — more than a decade ago to reinvent programs and architectures poorly designed to address the challenges we face. Add to the bottom line by leading trust imperative initiatives. Our sessions in the products and applications security track will highlight how product security helps CISOs link themselves to their firm’s revenue goals, but the trust imperative takes that up a notch. Customers will buy from companies that they trust the most. Part of that trust is your company behaving according to the values it espouses. Still, ethical behavior and preventing breaches also factor in to elevate cybersecurity’s importance to new levels. Expect to see “Trust” formally added to your job description. Click around LinkedIn or browse job requirements, and a new trend emerges. Trust stealthily — and formally — snuck into job requirements and became part of your responsibilities. Your peers agree that CISOs should own this.  And for those who want to know if we’ll address the elephant in the room — how the trust imperative and Zero Trust work together and exist simultaneously — well, that’s my opener. Challenge accepted! To learn more, register for Forrester’s Security & Risk event here. This post was written by Vice President and Principal Analyst Jeff Pollard, and it originally appeared here.    More

Singapore will next link up its national real-time payment system, PayNow, to Malaysia’s equivalent infrastructure DuitNow, just weeks after announcing similar plans with India. The latest tieup will enable residents in the two neighbouring nations to make fund transfers via their mobile numbers. The Monetary Authority of Singapore (MAS) and Bank Negara Malaysia (BNM) said in a joint statement Monday that efforts to link their payment systems would be rolled out in stages, with the first phase to kick off in the fourth quarter of 2022. Apart from transferring funds using a mobile number, consumers in either countries would be able to pay for their purchases by scanning Singapore’s NETS or Malaysia’s DuitNow QR codes displayed at merchants’ stores. 

According to the two central banks, the integration would facilitate more seamless payments between both countries, where remittances hit SG$1.3 billion ($959.85 million) last year. There also was high traffic between the two neighbouring nations, which averaged at 12 million arrivals yearly before the pandemic. After the initial launch, MAS and BNM would look to expand the connectivity to include more features and partnerships. Both central banks would explore the possibility of introducing features such as blockchain-based services to drive greater efficiencies in payments clearing and settlement between participating banks.They further noted that the connectivity between PayNow and DuitNow was in line with the G20’s efforts to drive “faster, cheaper, more inclusive, and more transparent” cross-border payments. It also would put Asean nearer its goal of building a network of linked real-time payment systems.  MAS’ chief fintech officer Sopnendu Mohanty said: “Singapore’s remittance corridor with Malaysia is our largest remittance corridor; hence, the PayNow-DuitNow linkage will be an important infrastructure to support cross-border payment needs of individuals and businesses, as well as the growing digital economic activity between both countries. The linkage also offers MAS and BNM a valuable opportunity to incorporate the use of distributed ledger and smart contract technologies in the wholesale cross-border payments space.”

BNM’s assistant governor Fraziali Ismail added: “By bringing the efficiencies observed in domestic payments to cross-border payments, the PayNow-DuitNow linkage will be a game-changer resulting in faster, cheaper, and more accessible payment services for the people of both countries. Not only would this initiative further strengthen the economic ties between Singapore and Malaysia, it would also serve as a key enabler to support post-pandemic economic growth.”Singapore earlier this month said it was linking PayNow with India’s real-time payment system, Unified Payments Interface (UPI). Targeted for completion by July 2022, the connectivity would enable residents in both countries to make real-time, low-cost fund transfers directly between their respective local bank account, both countries said.Singapore in April 2021 inked a similar pact with Thailand to enable users in both nations to transfer funds using the recipient’s mobile number. The collaboration tapped the respective country’s peer-to-peer payment systems, PayNow and Thailand’s PromptPay, and was part of a regional payment initiative to ease cross-border payments. Singapore earlier this month also announced it was working with the central banks of Australia, Malaysia, and South Africa to develop and test a common platform on which to process cross-border digital payments. The initiative to pilot the use of central bank digital currencies (CBDCs) for international transactions aimed to bypass the need for intermediaries and, hence, slash the time and cost of such transactions. RELATED COVERAGE More

Image: Glenn Carstens Peters via Unsplash
This is a sensitive topic. Owners of entertainment content go to great lengths to control the distribution of their wares, especially when it comes to international markets for movies and TV, and even local regions for black-out sporting events. By contrast, VPN vendors go to great lengths making the case that you can use their services to bypass all those restrictions.  But there are times where, legally, you might want to use a VPN to watch a movie or video. If you’re traveling, you can VPN back to your home country and use your home streaming service account to watch your favorite show. That said, it is, at best, a legally gray area. VPNs and set-top boxes and streaming sticks don’t all work together well. The exception to this is the Amazon Fire TVs and Fire TV Sticks, and any Android TV box. The XGIMI Halo projector I recently spotlighted in an outdoor theatre project is one such device. But, if you’re using a Roku, and Apple TV box, or any smart TV not running Android TV, you’re forced to jump through a bunch of hoops, connecting your router up as a VPN, or connecting your TV as a client to your Mac or PC and using that machine’s VPN-protected network. Honestly, if you want to watch streaming TV through a VPN, just get a Fire TV stick and be done with it. It’s the easiest and least expensive path.

Excellent documentation, even for streamers without native apps

Native Streaming Apps: Fire TV, Android TV, Nvidia Shield TVSimultaneous Connections: 5 or unlimited with the router appKill Switch: YesPlatforms: A whole lot (see the full list here)Logging: No browsing logs, some connection logsCountries: 94Locations: 160Trial/MBG: 30 daysExpressVPN has been burning up the headlines with not the best news. We’ve chosen to leave ExpressVPN in this recommendation, and I wouldn’t necessarily dismiss ExpressVPN out of hand because of these reports, but it’s up to you to gauge your risk level. The best way to do that is read our in-depth analysis:ExpressVPN is one of the most popular VPN providers out there, offering a wide range of platforms and protocols. What we like about ExpressVPN is how it documents setting up VPN services for virtually all the most popular set-top boxes, even those that don’t natively support VPN. For each device, ExpressVPN has a guide walking you through the process.Must read:With 160 server locations in 94 countries, ExpressVPN has a considerable VPN network across the internet. In CNET’s review of the service, staff writer Rae Hodge reported that ExpressVPN lost less than 2% of performance with the VPN enabled and using the OpenVPN protocol vs. a direct connection.While the company does not log browsing history or traffic destinations, it does log dates connected to the VPN service, amount transferred, and VPN server location. We do want to give ExpressVPN kudos for making this information very clear and easily accessible. Exclusive offer: Get 3 extra months free.

Native support for Fire TV and Android TV

Native Streaming Apps: Fire TV, Android TV, Nvidia Shield TVSimultaneous Connections: UnlimitedKill Switch: YesPlatforms: Windows, Mac, Linux, iOS, Android, Fire TV, Firefox, ChromeLogging: None, except billing dataTrial/MBG: 30 dayAt two bucks a month for a two-year plan (billed in one chunk), Surfshark offers a good price for a solid offering. In CNET’s testing, no leaks were found (and given that much bigger names leaked connection information, that’s a big win). The company seems to have a very strong security focus, offering AES-256-GCM, RSA-2048, and Perfect Forward Secrecy encryption. To prevent WebRTC leaks, Surfshark offers a special purpose browser plugin designed specifically to combat those leaks.Must read:Surfshark also offers a multihop option that allows you to route connections through two VPN servers across the Surfshark private network. We also like that the company offers some inexpensive add-on features, including ad-blocking, anti-tracking, access to a non-logging search engine, and a tool that tracks your email address against data breach lists.

If you love Kodi, this is your VPN

Native Streaming Apps: Fire TVSimultaneous Connections: UnlimitedKill Switch: YesPlatforms: Windows, Mac, iOS, Android, Linux, Chrome, plus routers, Fire Stick, and KodiLogging: None, except billing dataServers: 1,500 Locations: 75Trial/MBG: 30 dayFor those folks who love the Kodi media player (and I’m one of them), IPVanish is the VPN for you. IPVanish has full, detailed setup guides for using Kodi with many of the more popular streaming set-top devices. Of course, you don’t have to use Kodi, but if you haven’t spent any time looking into this awesome open source home theatre system, you should.IPVanish is a deep and highly configurable product that presents itself as a click-and-go solution. I think the company is selling itself short doing this. A quick visit to its website shows a relatively generic VPN service, but that’s not the whole truth.Also: My in-depth review of IPVanishIts UI provides a wide range of server selection options, including some great performance graphics. It also has a wide variety of protocols, so no matter what you’re connecting to, you can know what to expect. The company also provides an excellent server list with good current status information. There’s also a raft of configuration options for the app itself.In terms of performance, connection speed was crazy fast. Overall transfer performance was good. However, from a security perspective, it wasn’t able to hide that I was connecting via a VPN — although the data transferred was secure. Overall, a solid product with a good user experience that’s fine for home connections as long as you’re not trying to hide the fact that you’re on a VPN.The company also has a partnership with SugarSync and provides 250GB of encrypted cloud storage with each plan.

Solid performance, but not a big entertainment focus

Native Streaming Apps: Fire TV, Android TVSimultaneous Connections: 6Kill Switch: YesPlatforms: Windows, Mac, iOS, Android, Linux, Android TV, Chrome, FirefoxLogging: None, except billing dataCountries: 59Servers: 5517Trial/MBG: 30 dayAlso: How does NordVPN work? Plus how to set it up and use itPerformance testing was adequate, although ping speeds were slow enough that I wouldn’t want to play a twitch video game over the VPN. To be fair, most VPNs have pretty terrible ping speeds, so this isn’t a weakness unique to Nord. It’s more than fast enough in most countries to stream your favorite movie or video. Also: My in-depth review of NordVPNIn our review, we liked that it offered capabilities beyond basic VPN, including support of P2P sharing, a service it calls Double VPN that does a second layer of encryption, Onion over VPN which allows for TOR capabilities over its VPN, and even a dedicated IP if you’re trying to run a VPN that also doubles as a server. It supports all the usual platforms and a bunch of home network platforms as well. Also: My interview with NordVPN management on how they run their serviceThe company also offers NordVPN Teams, which provides centralized management and billing for a mobile workforce. Overall, a solid choice, and with a 30-day money-back guarantee, worth a try.

How does the router thing work?

You first install your VPN onto your router. This depends on the VPN provider and the router, so you’ll need to do some digging. But if your VPN and router are willing to play nicely with each other, then because all traffic on your network travels across your router, it will also be able to use the router’s VPN connection. It’s a bit crude, but not as crude as the next on our list…

Wait, so I’m supposed to use my PC as as router?

Yeah, if you don’t have a compatible set-top box or a compatible router, the idea is you connect your TV to your PC or Mac as a network client, use that computer’s VPN client, and then go out over the network. It’s janky as heck, but the VPN vendors have generally clear enough guidelines. But, by the time you’re doing all that, just buy a $39 Fire TV Stick and be done with it.

So some set-top devices have native apps?

Basically, Android TV is a version of Android. That means that most apps in the Google Play store will run reasonably well on Android TV — including VPN clients. Most VPN vendors slightly recoded their Android handheld apps to have a wide-screen UI for the TV and pushed those apps into the Play Store. Since Amazon’s Fire TV is basically a skinned version of Android TV using Amazon’s app store, VPN vendors didn’t have to do too much technically to make it work — and Amazon is, of course, a huge market. So you just go to the app store and install the app. Easy peasy.

But not Apple TV or Roku?

Nope. You’re doing the router or PC network client hoop jump game. And before you ask, if you want to use Xbox, Playstation, or Switch to stream your entertainment, you’re also going to need to run your streaming movies through a router or a PC network sub-LAN.

But, if Android TV works, surely Chromecast does?

Nope. No it doesn’t. Same as the Roku or the consoles. Because Android giveth and Chromecast taketh away.

You can follow my day-to-day project updates on social media. Be sure to follow me on Twitter at @DavidGewirtz, on Facebook at Facebook.com/DavidGewirtz, on Instagram at Instagram.com/DavidGewirtz, and on YouTube at YouTube.com/DavidGewirtzTV. More

Image: Pixabay user dokumol
I have long advocated keeping machines up to date. When machines become too old to update, I’ve bitten the bullet and dumped them, even if they were still fully functional.

With all the malware and ransomware, not to mention simple flaws that could cause a system to crash, it’s become necessary to keep machines up to date, regularly updating both operating system and applications software. When that software can no longer be updated, it’s time to toss the machine. But should it be? I just finished upgrading my small fleet of older Macs. I pulled one iMac and four Mac minis out of service. The iMac went to a friend who’s tech savvy enough and responsible enough to manage his own security. But those four Mac minis are now sitting on a shelf. I’d like to donate them to a local school or library. But because they can’t be upgraded to the latest versions of MacOS (and can’t have the latest security fixes), I won’t give them to unsuspecting muggles, no matter how deserving they might be.  Making donations of woefully out-of-date machines that can’t get security updates isn’t an act of charity, it’s creating potential victims. But here’s the thing. Even though those Mac minis are eight and nine years old, they are perfectly functional. Given Apple’s build quality, there is no reason they wouldn’t keep chugging along for another eight or nine years. The modern tech lifecycle

Most IT folk understand and probably even agree with the modern tech lifecycle. Put simply, as newer releases of computers and operating systems come out, older software and hardware become obsoleted. Vendors don’t want to continue to support systems that are quite old. Developers don’t want to test against numerous generations of older machines. The cost to maintain and update the dregs of old gear is impractical. It’s also impractical, because features that run like the wind on new hardware can be dog slow on older hardware. Some features (for example Face ID on iOS devices) simply won’t run on older hardware because of intrinsic limits on that older hardware (like not having fast enough processing power, the right GPU, or the necessary lenses). As an independent developer, I can’t support and test versions of code for users running very out-of-date software or hardware. I barely have the time to support and test the more current releases. So, as a developer, I concur with the idea that tech becomes obsolete over time, and it’s regularly necessary to move on. A paradigm shift But as I looked at those four perfectly functional Mac minis sitting in a stack on a shelf, never to process bits ever again, I found myself getting upset. It’s one thing for an independent developer to set a baseline for version or operating system support. It’s another for Apple, the world’s most valuable company, with a valuation in the trillions of dollars. It’s not like Apple can’t afford to make sure even its oldest machines stay safe year after year. What would that cost? The salary of a hundred engineers would be, roughly — in Silicon Valley dollars — about $20 million. Let’s say facilities and gear for those hundred engineers is another $20 million. Does anyone seriously think Apple can’t afford $40 million a year to keep software up to date? In its second quarter, Apple posted revenues of $89.6 billion (up 54 percent year over year). $40 million isn’t even 0.05% of Apple’s quarterly revenue. Heck, $40 million is only 15% of Tim Cook’s $265 million 2020 compensation package. He could pay to keep all installed Macs up to date and it would cost him the equivalent compensation percentage of what putting a fence up would cost to us normal folk.

There are some natural constraints to this “keep everything updated” plan I seem to be advocating. First, developers can’t all be expected to keep all their software compatible with ancient machines. Yes, sure, Microsoft and Adobe could, but it’s beyond the scope of all the little indy developers out there. Second, performance will undoubtedly be pretty poor on the oldest machines. Not all the advanced features will run on them. But even with these restrictions, Apple could certainly establish a baseline. All the applications that ship with the machines could be kept up to date. On Macs, that would provide a nice suite of tools for users of older machines. And updating and hardening Safari would provide a solid, safe baseline for users of older machines. The state of Apple support Apple doesn’t explicitly state its end-of-life policy for devices. When a new OS is released, it will list devices supported. You can derive from the supported list a secondary list of those devices left behind. Apple does maintain an information page detailing Apple security updates. As of today (end of September, 2021), Apple is still issuing security updates for MacOS Catalina. That means that three of the four machines I took out of service can still be updated — but they don’t run Big Sur or Monterey, and Apple won’t say when Catalina security updates will stop. My fourth newly out-of-service machine, the 2011 Mac mini, can’t be updated beyond High Sierra. Apple’s last High Sierra security patch was in 2020, and the company gives no indication whether (a) there are any known but unpatched security flaws in High Sierra, and (b) whether it ever intends to issue future patches. In fact, this lack of transparency is policy. On that same Security Updates page, Apple says, “For the protection of our customers, Apple doesn’t disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are generally available.” That’s… helpful. NOT. Especially for users of older machines. But this isn’t just about my four computers. I took a quick look on eBay and found a lot of older machines for sale. This one is just one example: As you can see, it’s an old 2008 MacBook Pro. While it might not be something the typical ZDNet reader is likely to buy, someone on a limited budget in need of a computer might well decide to spend $66 plus $17.14 shipping to land a MacBook Pro. This low-cost machine already has 12 bids and as of the time I took the screenshot, it had two days left to go. But, according to the site Apple History, the 2008 MacBook Pro maxes out at 10.10.4. That’s OS X Yosemite, an operating system that came out in October 2014 and received its last major update in August 2015. According to Apple’s Security Updates page, the last security update for Yosemite was in 2017 — four years ago. The last time Safari was updated for Yosemite was also four years ago. This is what I’m talking about. There is no reason that Apple, a company that brought in nearly $90 billion (with a B) in revenue last quarter, couldn’t keep churning out security updates for these older machines. Time for the big vendors to step up Those machines are out there, people are using them, and it’s well within Apple’s power to keep those people safe. So why don’t they? Or a better question would be, Apple, when will you step up? This article has been mostly focused on Macs, but phones need the same attention. I also call on companies like Samsung to keep older devices up to date.

Samsung also had a record quarter last quarter, pulling in KRW 63.67 trillion ($54B USD) in sales and KRW 12.57 trillion ($10B USD) in operating profit. With $10 billion in operating profit for just one quarter, do we seriously think Samsung can’t issue updates for all those old Android phones it sold? But it doesn’t. Many of those phones haven’t gotten updates since after just a year or two after they were sold. Android is a cesspool for malware, which Samsung is essentially enabling by its inaction in providing security updates. As I said before, there is a line somewhere between the individual developer like me, and companies like Apple and Samsung who are rolling in billions of dollars in profits. I don’t expect boutique developers to handle the load of back-facing security updates. But the big players? Not doing so is irresponsible. There are millions of those machines out there, still in use. All those machines are actively vulnerable to malware and other security threats. Worse, those machines can become patient zero devices, spreading malware to other machines on their networks. So it’s not just about updating old machines to keep their users safe. It’s about updating old machines to keep us all safe. So, the next time you see Apple give a long song and dance about how enviromentally responsible they are, how much they’re moving towards sustainability, and how many robots they’ve built that can disassemble their old electronics, keep in mind that a minor investment could have kept millions of old computers and phones out of landfills, and made them available to lower-income users who need them.
What about you? Do you have a stack of old gear you can’t give responsibly give away, but also don’t want to toss out? Do you think Apple and Samsung have been dropping the ball in not taking responsibility for older security updates? Let us know in the comments below.

You can follow my day-to-day project updates on social media. Be sure to follow me on Twitter at @DavidGewirtz, on Facebook at Facebook.com/DavidGewirtz, on Instagram at Instagram.com/DavidGewirtz, and on YouTube at YouTube.com/DavidGewirtzTV. More

Apple has warned owners of its new iPhone 13 model that they might not be able unlock their phone with an Apple Watch due to a software glitch. The good news is that Apple is lining up a software update that should resolve the problem, according to a new support document. 

Smartphones

“You might see “Unable to Communicate with Apple Watch” if you try to unlock your iPhone while wearing a face mask, or you might not be able to set up Unlock with Apple Watch,” Apple notes. It says this will be fixed in an upcoming software update. SEE: The 6 best hidden features in iOS 15 and iPadOS 15Until the update is available, users can turn off Unlock with Apple Watch and use a passcode to unlock an iPhone 13. Users need to go to Settings > Face ID & Passcode. Apple created the Watch unlock feature for the iPhone in response to Face ID being obstructed by people wearing face masks. Instead of glancing at the iPhone’s facial recognition camera sensors, a nearby Watch that’s being worn and unlocked, can unlock the iPhone. A similar feature is available for macOS devices. 

The feature is handy for users with an iPhone and Apple Watch but it has had problems before on older iPhones with Touch ID. This only affected enterprise users. Otherwise, the feature requires an iPhone that uses Face ID, including iPhone X or later, and is running iOS 14.5 or later. The person needs an Apple Watch Series 3 or later with watchOS 7.4 or later. The Watch also needs to be paired with an iPhone and both the iPhone and Apple Watch need to have Wi-Fi and Bluetooth on.Face ID fails when users have a mask that covers a person’s nose and mouth. The Watch side of the unlock requires wrist detection to be enabled. There is a security concern with the process as it can mean users accidentally unlock an iPhone. This can create an additional step if the phone is confirmed to have been accidentally unlocked by a Watch. “When your Apple Watch unlocks your iPhone successfully, your watch gives haptic feedback and shows an alert. If you didn’t mean to unlock your iPhone, tap the Lock iPhone button on your Apple Watch screen,” Apple notes. “Next time you unlock your iPhone after tapping this button, your iPhone will need you to enter your passcode.” SEE: Smartphone sales are riding out the global chip shortageIt’s not clear when Apple will release the update to fix the issue or what version of iOS it will come in. MacRumors notes that the first beta of iOS 15.1 was released last week, but Apple may release a minor iOS 15.0.1 update with bug fixes.Apple released the iPhone 13 earlier this month. It’s available with 128GB, 256GB or 512GB. Pricing starts at $699 for the iPhone 13 Mini or $799 for the iPhone 13.  More

If you are the proud (despite the bugs) owner of a new iPhone 13, then you better take care of it.Why?Because if you break the display, your only course for a repair will be Apple or an Apple-authorized repair center.Why is that?It seems that Apple has tied the display — yes, the display — is bound to the Face ID mechanism. This means that if you get a new display fitted, and the person fitting that display cannot carry out the proper pairing wizardry, then Face ID is dead.Don’t believe me, here’s iPhone Repair Guru with a couple of videos demonstrating the problem.

[embedded content]

[embedded content]

Now, not only are these videos impressive because we get to see someone so comfortably swapping parts inside a new iPhone, but we also get definitive proof that Apple has bound the display to the security system that deals with Face ID.

What this means is that if the display is swapped, the iPhone detects the change and disables Face ID.So, if you break your display, your only current option is to go to Apple or an Apple Authorized Service Provider, and outside of AppleCare+, your out of warranty costs will be as follows:iPhone 13 Pro Max: $329iPhone 13 Pro: $279iPhone 13: $279iPhone 13 Mini: $229Now, we’ve seen similar stuff from Apple in the past, and Apple released a iOS update to patch/fix/undo this issue.It remains to be seen whether we’ll see a similar reversal from Apple this time. More

ABS Census Collector toolkit in July 1981
Image: Getty Images
More than 130,000 malicious IP addresses were blocked to ensure no breaches or interruptions were experienced during what was deemed a successful Census 2021, according to Amazon Web Services (AWS).In a blog post, AWS Oceania technology and transformation director Simon Elisha explained that AWS, together with PwC Australia and the Australian Bureau of Statistics (ABS), undertook “extensive DDoS tests” prior to Census 2021 to ensure all data would be secured, in addition to building a web getaway so that each Census form was validated before it was passed along to the ABS processing environment. “This included an independent security and compliance assessment against the Australian Government’s Information Security Manual, through an Information Security Registered Assessors Program (IRAP) assessment,” he said. “All information collected in the digital 2021 Census service was securely stored in the AWS Sydney Region. It was also encrypted end-to-end, which means the information was scrambled and could not be read without the decryption keys, which were controlled solely by the ABS.”PwC Australia was contracted to build 2021 Census on AWS cloud to avoid any embarrassing repeat of what occurred during Census 2016, when the ABS experienced a series of small DDoS attacks, suffered a hardware router failure, and baulked at a false positive report of data being exfiltrated which resulted in the Census website being shut down and citizens unable to complete their online submissions.At the time, Census was running on-premises infrastructure procured from tech giant IBM. Other testing the service underwent included ensuring it could meet extreme user demand at more than 2,000 times the expected peak workload, Elisha said. He said this allowed the platform to manage the 2.5 million people who submitted their forms on 2021 Census day, including when it hit peak period online at 8:06pm and about 142 online submissions were received per second and there were 249 logins per second.

Elisha also boasted that by building a cloud-based contact centre for ABS, it saved over 394,000 people from calling the Census contact centre to request a paper form. Instead, people who called were prompted by an automated agent to enter details such as their Census ID number and their postcode to be verified.  “The Census Digital Service achieved high levels of security, reliability, and scale thanks to the serverless architecture built on AWS. The most important benefit of working with AWS is that ABS doesn’t have to worry about building and operating the underlying infrastructure, and ABS can focus on delivering a simple and easy experience for the people of Australia,” ABS CIO Steve Hamilton said.Related Coverage More

Image: Getty Images
The Quadrilateral Security Dialogue, better known as the Quad, has announced various non-military technology initiatives aimed at establishing global cooperation on critical and emerging technologies, such as AI, 5G, and semiconductors.The various technology initiatives were announced after the leaders of Quad countries — comprised of Australia, India, Japan, and the US — met on Friday, which marked the first time the group has come together in person.Among the initiatives announced by the security bloc was the intention to develop new global cybersecurity standards across various technology sectors.”With respect to the development of technical standards, we will establish sector-specific contact groups to promote an open, inclusive, private-sector-led, multi-stakeholder, and consensus-based approach,” the Quad said in a joint statement.As part of work to be undertaken towards establishing these global technology standards, the Quad said it would publish a Quad Statement of Principles, which will be a guide for implementing responsible, open, high-standards innovation.”We are working to make cyberspace and emerging and critical technologies trusted and secure, in open societies, solving problems, and addressing the supply chain challenges that in many ways hold the keys to our security and our prosperity and our environment in the 21st century,” Australian Prime Minister Scott Morrison said.A new Quad Senior Cyber Group will also be established. The group will consist of “leader-level experts” who will meet regularly to advance work between government and industry to drive the adoption and implementation of shared cyber standards; development of secure software; growth of the tech workforce; and promotion of scalability and cybersecurity of secure and trustworthy digital infrastructure.

The security bloc will also begin cooperation focused on space and combatting cyber threats, promoting resilience, and securing critical infrastructure together, the countries said.For space specifically, the Quad nations will identify new collaboration opportunities and share satellite data for peaceful purposes such as monitoring climate change, disaster response and preparedness, sustainable uses of oceans and marine resources, and on responding to challenges in shared domains.Other technology initiatives announced by the Quad over the weekend was a new fellowship that will be established together with industry. The fellowship will provide 100 graduate fellowships to science, technology, engineering, and mathematics graduate students across the four countries.New initiatives to improve semiconductor supply chains, 5G deployment and diversification, and monitor biotech scanning trends were also announced.In announcing these new initiatives, the Quad sledged China, although China was not named, by jointly saying: “We will continue to champion adherence to international law … to meet challenges to the maritime rules-based order, including in the East and South China Seas”.”We affirm our support to small island states, especially those in the Pacific, to enhance their economic and environmental resilience,” the Quad added.The movements from Quad countries follow various international pacts coming to the fore in recent weeks, with Quad members, Australia and the US, joining the UK to establish the AUKUS security pact.AUKUS, made public a fortnight ago, was established by the three governments to address defence and security concerns posed by China within the Indo-Pacific region. The trilateral security pact’s focus has so far been military-heavy unlike the Quad’s new initiatives, with AUKUS’ first initiative being to help Australia acquire nuclear-powered submarines. Meanwhile, both China and Taiwan have formally applied to join the Comprehensive and Progressive Agreement for Trans-Pacific Partnership (CPTPP), one of the world’s largest trade pacts. RELATED COVERAGE More