Problem Statement

Users

WOG Incident reporters, GIROC/GITSIR

Use Case

Today incidents are reported to GIROC/ GITSIR via emails/ IMS/ phone calls at any time of the day. There is a need to understand the context of the incident, derive appropriate questions to elicit understanding of the root case and impact/severity of the incident to ensure timely incident response.

Pain Point

• Often initial incident reporting lacks information due to varying competencies in the incident reporter and the team, which impedes timely and accurate reporting.
• In event of a large-scale incident, the current process of GIROC calling agencies is unscalable due to limited personnel and inconsistent communication by the analysts in the team.

Consequence

• Reports that are inconsistent in depth and language causes multiple iterations between the incident reporter and the team as a result.
• Follow up of an incident usually requires frequent handover within the analysts in the team which may results in miscommunication of instructions, thus affecting the progress update of incident.

User Research and Market Analysis

User Research

We conducted surveys on 4 real users that are representation of 2 groups: GIROC colleagues and agency users who have reported ICT incidents to GIROC

We observed that lack of information in initial incident reporting is more of pain point for GIROC than WOG incident reporters.

This is surprising because WOG incident reporters focus more on the efficiency of the follow up and updates of the incident progress.

This makes us believe that the solution should also look into the follow up and updates of the incident progress.

De-risking

AI Fatigue: Generally a "human-first" approach is preferred in call centre. More frustration will be caused if the incident reporters are forced into an endless loop with an AI that cannot solve their nuanced incident reporting. As a result, there is risk of losing less tech-savvy staff to reach out to the call centre.

To mitigate, there will still be an option provided to route the calls to personnel in events of emergency or a need to speak to a human responder.

Stakeholder Buy-in

Kenneth Yap, DD of Cybersecurity Operations (GovTech) is interested in supporting the system post-hackathon.

Solutioning

Problem-Solution Fit

The Problem-Solution Fit for our product focuses on how a conversational AI agent directly mitigates the inefficiencies and scalability issues of current incident reporting, and addresses the identified pain points in the following ways:

·      Standardizing Information Gathering: To solve the issue of initial reports lacking information due to varying reporter competencies, the AI agent automatically elicits incident details. It achieves this by understanding the context of the incident and deriving appropriate follow-up questions to uncover the root cause and impact.

·      Ensuring Consistency and Reducing Iterations: Because the AI ensures a consistent depth of information and language in every report, it eliminates the need for multiple back-and-forth iterations between incident reporters and the team.

·      Scaling Response for Large-Scale Incidents: The current manual process of calling agencies is unscalable during major events. The AI solution can poll all agencies concurrently, allowing the team to manage large-scale incidents without being limited by the number of available personnel.

·      Providing a Unified "Source of Truth" for Handovers: To prevent miscommunication during analyst handovers—which often leads to delayed progress updates—the system provides a unified source of truth. This ensures that instructions and incident details remain accurate and consistent throughout the entire incident lifecycle.

·      Automating Severity Assessment: The AI agent recommends the severity of the incident based on a pre-defined set of criteria and an escalation framework, allowing for faster and more accurate prioritisation.

Functionality

1. Reporter calls and reports initial incident via the AI call assistant.
2. AI call assistant analyses context based on the incident and asks targeted follow-up questions to fill info gaps.
3. The call ended when all necessary info for the incident has been provided. The transcript of the conversation is saved and stored.
4. Backend System analyses the transcript of the conversation, summarizes and generates a standardized report in Incident Management System Dashboard for incident reporters and responders’ follow up and updates.
5. Automated root cause analysis and suggested impact severity are recommended based on the information gathered for the incident case.

User Experience

The AI call assistant on the call centre platform uses a speech-to-speech foundation model from AWS that brings natural, real-time voice conversations to interact and guide WOG incident reporters in their incident reporting via voice calls.

User Validation

(Have yet to conduct user testing with prototype at this point, will add in after)

Impact & Next Steps

Success Metrics

Information Completeness Score: Increase in the percentage of reports with reduced number of follow-up iterations.  Average Handover Time: Reduction in time spent on knowledge transfer and briefing within the analysts on duty during a shift change.

Expected Impact

·      Short Term: Reduction in manpower to handle incident reporting calls manually. Standardized incident reporting language and context with faster initial triage.

·      Medium/Long Term: Scalable incident handling without increasing manpower, and reduced burnout for GIROC analysts during major incidents.