Watching the coronavirus outbreak unfurl in Wuhan, China, Singaporeans were worried that the virus will soon hit our shores.
On January 24, the first confirmed case of the coronavirus (now called COVID-19) in Singapore was reported. Following this news, both N95 and surgical masks started flying off the shelves.
The very next day, several retail outlets across the island saw their mask stocks dwindle to zero, and Singaporeans fretted about not being able to protect themselves against a highly contagious virus.
In response, the Singapore government announced on January 30 that it would be giving each household four surgical masks, to be collected from specific distribution centres between February 1 and 9.
Recognising the importance of getting timely and accurate information about the distribution centres to citizens, a team of developers at the Government Technology Agency of Singapore (GovTech) were mobilised on that same day to develop MaskGoWhere.
This website allows citizens to simply key in their postal code to find out details of their respective mask collection points.
Stumbling Block: “Dirty” Or Incomplete Data
Led by Lim Eyung, director of Government Digital Services at GovTech, the team built and designed the first version of the site in less than 12 hours.
“We had anticipated that there might be such a need and had begun setting up the basic digital architecture to support operations on the ground,” said Eyung.
However, the team soon ran into a major hurdle that threatened to halt further development of MaskGoWhere.
“We could not continue because the data we needed to map postal codes to the collection points was incomplete or ‘dirty’,” explained Eyung.
“The last thing we want is to disseminate the wrong information to the public.”
According to GovTech, the complexity lies in the frequent changes in the details relating to collection points, so finding a “single source of truth” proved to be difficult.
Determined to see the project through, the GovTech team collaborated with the People’s Association (PA) and the Public Service Division to find a workaround.
In view of the timeline, Lim and his team made a decision to map the postal codes to each constituency instead of the exact mask collection points.
Since each constituency had its own posters (created by PA) detailing the latest mask collection points, the GovTech team could implement MaskGoWhere such that when users input their postal code, they would be redirected to an image of a poster with all the relevant information for their constituency.
At the same time, cybersecurity specialists at GovTech began preparations to ensure that MaskGoWhere would be secure when it went live.
“We worked with the application development team to define the scope and functional specifications of the project, which gave us a better understanding of the threat landscape and application functionalities. This was key for us to prioritise our security test cases,” said Thomas Lim, associate cybersecurity specialist at GovTech.
600,000 Site Visits Within First Day Of Launch
On February 1, the first version of MaskGoWhere was up and running at 4am, albeit not yet live.
Even then, cybersecurity specialists at GovTech continued to carry out penetration testing — this had to be completed by dawn, when user volume on MaskGoWhere was expected to spike.
Typically, penetrating testing would require at least two weeks to complete, but they finished it within just a few hours.
A separate cybersecurity team also accomplished the same feat with securing the government chatbot AskJamie, which was also being updated to deal with queries about the latest information on COVID-19.
“Since the COVID-19 outbreak, we have seen an increase in engagements from project teams across the whole of government working on other COVID-19 related applications. We have since reprioritised our resources to support these engagements,” said Thomas.
In line with the schedule, MaskGoWhere — already secure and functional — went live by 8am. By the end of the day, the website saw about 600,000 visits. The site had effectively gone viral.
Lessons For The Future
While Eyung admitted that the development of MaskGoWhere was not technically demanding, the tight time constraints meant that there were some learning points to take away from the experience.
For example, the team left out organisational logos, mastheads or footers when the site was first published, which quickly raised suspicions of it being a malicious site.
“It was a mistake on our part, but we managed to rectify it quickly,” he said.
“The other point to highlight is the fact that everyone on the team was very mission-centric. In this case, we were very clear: the mission is to allow citizens to get hold of the latest information over a web-based medium.”
He further emphasised that technology was not the only determinant of the mission success.
“Working closely with PA allowed for optimal OpsTech (operations-technology) integration, where we could use real-time feedback to learn about user needs, and the agile approach to deliver continuous improvements.”
In total, the ‘mission’ lasted some 48 hours, but the team continued to monitor, enhance and stabilise MaskGoWhere by keeping the operation lad low throughout the mask distribution period, which was extended until the end of February.
Looking ahead, Eyung is already thinking about how the design and functions of MaskGoWhere could be applicable to other contexts, such as for national events or emergencies.
“This is what makes our jobs meaningful,” he concluded.
Featured Image Credit: GovTech