Show News

Cloud Expo Asia Techerati technology

18 Jul 2019

Singapore’s Cybersecurity Consortium: On the frontline of today’s cyber battlefield

James Orme

Ahead of her presentation at Cloud Expo Asia Singapore in October, Dr Vivy Suhendra, executive director at the Singapore Cybersecurity Consortium, dives deep into the consortium’s work to shore up Singapore’s cyber resilience

Cyber security is a constantly evolving field, and rapidly so. We need to not only keep pace with cyber threats in the present, but also build capabilities to tackle future challenges. The National Cybersecurity R&D (NCR) programme focuses on developing research and development (R&D) expertise and capabilities in cyber security that are critical to staying ahead of present and future threats.

This is a non-trivial effort involving multiple interdependent aspects. The programme currently comprises local and international grants for fundamental research as well as translational / applied research; shared national infrastructure to support research experimentation, validation and training; an engagement platform to drive conversations and collaboration among multiple stakeholders; and cyber security postgraduate scholarship to develop the workforce.

All these initiatives under the NCR programme contribute to growing an ecosystem with a strong cyber security posture and up-to-date capabilities in the face of the ever-evolving cyber threat landscape.

Need to have, not nice to have

As the world increasingly undergoes digital transformation, technology is becoming intertwined with the economy and operations of nations and their citizens’ lives. The security of digital infrastructures may well be a matter of survival – as we found out in 2015 when an attack on Ukraine’s power grid in left people without electricity for a few hours. Branches that undermine key institutions could also drain a nation’s resources and weaken it considerably, such as in 2016 when the Bangladesh Bank was subject to a severe cyber heist.

Cyber security R&D is needed to resolve the many challenges that have arisen and will keep arising in tandem with technological advances, in the effort to ensure that nations’ infrastructure and information are resilient to malicious or unintended cyber acts. The importance is not so much in investing heavily, but in investing strategically and sustainably to address the most pertinent and relevant cyber problems that could differ from nation to nation depending on their digital posture.

Top cyber threats

Advanced Persistent Threats (APT) are one of the main threats facing nations, as highlighted in Singapore Cyber Landscape 2018, published by the Cyber Security Agency of Singapore.

APTs are highly sophisticated attacks on specific targets, backed with a wealth of resources often associated with nation-states, with objectives such as disrupting operations, theft for financial gain, or espionage. These attacks may involve tactics, techniques and procedures (TTPs) such as phishing e-mails to gain access, stealth and misdirection techniques to evade detection, a suite of malware for privilege escalation and lateral movement, and so on.

The vulnerability of Internet of Things (IoT) devices is another significant threat due to rising IoT adoption, and the fact that many IoT devices are cheaply produced without security provision.

Insecurity of IoT devices may firstly lead to the leaking of sensitive information such as surveillance camera feeds (demonstrated by the device search engine Shodan), and secondly allow attackers to gain unauthorised control of the devices.

This control may then be abused to turn massive volumes of devices into botnets in a Distributed Denial of Service (DDoS) attacks (e.g., the Mirai botnet disrupting part of the U.S. networks in 2016), or as an entry point to access other systems connected to the same network (e.g., the hacking of a casino through its internet-connected fish tank, reported by Darktrace in 2017).

Developing a strong cyber strategy

A fundamental ingredient to a robust cyber security strategy is the continual cyber security assessment and hardening of the nation’s critical infrastructures to ensure up-to-date resilience to cyber threats.

This may start from defining which infrastructures are critical, to establishing sector-specific cyber maintenance frameworks and policies, to R&D in future-ready cyber infrastructures in anticipation of emerging trends.

Workforce talent development is another key ingredient, as humans are central to cyber security as technology users, defenders, and innovators. This may range from efforts in cyber hygiene awareness for the public, to programmes nurturing a community of researchers and innovative start-ups.

All in all, it is crucial to identify the multiple stakeholders in the nation’s cyber ecosystem and enlist meaningful participation from every stakeholder for the cyber strategy to be a concerted effort. Government, industry, the research community, educational institutions, and also global and regional counterparts all have roles and impacts in the cyber space.

Research and development

In general, the NCR and programmes under NCR (such as the Singapore Cyber security Consortium) hold periodic grant calls, that is, calls for research proposals to be submitted for consideration.

Different programmes or grants may have different specific objectives, and thus different evaluation criteria, within the overarching goal of advancing technologies and capabilities to meet the cyber security needs of Singapore.

For example, the NCR Translational Grant Call 2018 highlighted a number of challenges from ministries and public agencies addressing specific national security, smart nation and critical information infrastructure needs. The evaluation emphasis was on translational research and deployability of the research results into technologies, methodologies, tools and services.

Meanwhile, grant calls from the three NCR-funded National Satellites of Excellence in 2019 focused on core research to advance state-of-the-art in their respective domains (e.g., Trustworthy Software Systems).

The Singapore Cybersecurity Consortium’s annual Seed Grant calls in particular seek to fund industry-academia research collaboration. The seed grant is of a leaner scale (one-year projects) compared to other NCR grants, to suit the objective of producing new technology proof-of-concepts or exploring forward-thinking ideas to demonstrate their value and potential for further development (possibly supported by other NCR grants), which may otherwise find it difficult to get off the ground.

Seed grant research proposals are evaluated based on their commercialization or deployment roadmap — aligned with the Consortium’s goal of driving research translation from the institutes to industry and agencies — in addition to technical merits and potential value added to the nation’s cyber security posture and capabilities.

To cite some examples, the NCR-funded research into trustworthy software systems produced a suite of technologies for vulnerability detection via “fuzzing” (in simplified terms, probing code for unexpected behaviors) and an automated program for repairing software — some of which have gone into mainstream industry use.

For modern systems, which on average have complex software including possibly third-party components with unclear security risk, this technology helps establish a level of security guarantees and minimises the software attack surface —  a fundamental concern for all digital systems now and in the future.

Another seed grant project, recognising that not all IoT users may be equipped to stay secure, developed a technology for Internet Service Providers (ISPs) that detects vulnerable home IoT devices connected to their networks; a vital first step in preventing exploitation of such devices (e.g., as botnets).

The machine-learning-based detection works on NetFlow traffic collected outside the homes for to ensure the least intrusion into user privacy. When supported by ISPs for threat intelligence sharing, and user engagement to rectify device vulnerabilities, this technology is a potential enabler for nationwide network resilience, which is only going to get more important as “smart nation” initiatives take off worldwide.

The 5G question

Apart from ensuring 5G network infrastructure is securely deployed, we must prepare cyber security measures appropriate for emerging computing models and applications made viable by the faster speeds, lower latency, and higher bandwidth of 5G.

IoT is expected to grow more rapidly and expand more readily into application domains such as automotive and healthcare that have time-sensitive and high-throughput requirements. This means an exponential increase in the attack surface in addition to higher stakes and criticality of threat scenarios.

According to Gemalto, 5G may also drive certain computing architectures such as decentralized intelligent networks that are more reactive to individual users, and virtual instead of hardware servers. These would face more dynamic threat models than traditional computing, and accordingly require more dynamic approaches to cyber security.

Nations should engage all relevant sectors to assess cyber security risks from various perspectives, build up the necessary cyber security capacities, as well as establish regulatory frameworks where applicable, before making the jump.

Get your free ticket to attend Dr Vivy Suhendra's speaking session now! 

CLICK HERE

View all Show News
Loading

Sponsors

Diamond Sponsor

VIP Lounge Sponsor

Keynote Theatre Sponsor

Keynote Theatre Sponsor

Theatre Sponsor

Theatre Sponsor

Theatre Sponsor

Theatre Sponsor

Theatre Sponsor

Badge Sponsor

Platinum Sponsor

Platinum Sponsor


 

Platinum Sponsor

Platinum Sponsor

Platinum Sponsor

Platinum Sponsor

Platinum Sponsor

Gold Sponsor

Gold Sponsor

Gold Sponsor

Gold Sponsor

Gold Sponsor

Gold Sponsor

Gold Sponsor

Gold Sponsor

Gold Sponsor

Gold Sponsor

Gold Sponsor

Gold Sponsor

Gold Sponsor

Gold Sponsor

Gold Sponsor

Gold Sponsor

Gold Sponsor

Gold Sponsor

Gold Sponsor

Gold Sponsor

Gold Sponsor

Gold Sponsor

Gold Sponsor

Gold Sponsor

Gold Sponsor

Gold Sponsor

Gold Sponsor

Silver Sponsor

Silver Sponsor

Silver Sponsor

Silver Sponsor

Silver Sponsor

Silver Sponsor

Silver Sponsor

Silver Sponsor

Silver Sponsor

Silver Sponsor

Silver Sponsor

Silver Sponsor

Silver Sponsor

Silver Sponsor

Silver Sponsor

Silver Sponsor

Silver Sponsor

Silver Sponsor

Silver Sponsor

Silver Sponsor

Silver Sponsor

Silver Sponsor

Silver Sponsor


 

Silver Sponsor

Silver Sponsor

Silver Sponsor

Silver Sponsor


 

Silver Sponsor

Silver Sponsor

Silver Sponsor

Silver Sponsor

Silver Sponsor

Silver Sponsor

Silver Sponsor

Silver Sponsor

Silver Sponsor

Silver Sponsor

Silver Sponsor

Silver Sponsor

Silver Sponsor

Silver Sponsor

Silver Sponsor

Silver Sponsor

Silver Sponsor

Silver Sponsor

DevOps Live Sponsor

DevOps Live Sponsor

DevOps Live Sponsor

DevOps Live Sponsor

DevOps Live Sponsor

DevOps Live Sponsor

DevOps Live Sponsor

Channel Partner Sponsor

Channel Partner Sponsor


 

Channel Partner Sponsor

Channel Partner Sponsor

Channel Partner Sponsor

Bronze Sponsor

Bronze Sponsor

Bronze Sponsor

Bronze Sponsor

Bronze Sponsor

Bronze Sponsor

Bronze Sponsor

Bronze Sponsor

Bronze Sponsor

Bronze Sponsor

Bronze Sponsor

Bronze Sponsor

Bronze Sponsor


 

Bronze Sponsor


 

Bronze Sponsor


 

Bronze Sponsor


 

Bronze Sponsor


 

Bronze Sponsor


 

Bronze Sponsor


 

Bronze Sponsor


 

Bronze Sponsor


 

Bronze Sponsor


 

Bronze Sponsor


 

Bronze Sponsor


 

Bronze Sponsor


 

Bronze Sponsor


 

Bronze Sponsor


 

Bronze Sponsor


 

Bronze Sponsor


 

Bronze Sponsor


 

Bronze Sponsor


 

Bronze Sponsor


 

Bronze Sponsor


 

Bronze Sponsor


 

Bronze Sponsor


 

Bronze Sponsor


 

Bronze Sponsor


 

Bronze Sponsor


 

Bronze Sponsor


 

Bronze Sponsor


 

Bronze Sponsor


 

Bronze Sponsor


 

Bronze Sponsor


 

Bronze Sponsor


 

Bronze Sponsor


 

Partners

Knowledge Partner

News Distribution Partner

Associate Content Partner

Strategic SEO Partner

Strategic Event Partner

Event Partners

Event Partners

Event Partners

Event Partners

Event Partners

Event Partners

Media Partners

Media Partners

Media Partners

Media Partners

Media Partners

Media Partners

Media Partners

Media Partners

Media Partners

Official Partner Hotel

Testimonials

  • Western Digital has been exhibiting Cloud Expo Asia and Data Centre World for a few years now and have always seen great success at the shows. Western Digital has an extensive storage solutions portfolio and with this bring the largest scale cloud & data centre exhibition in Singapore and ASEAN, it is important for us to have a presence here. With the Significant representation of overseas delegates other than Singapore-based delegates, this allows us to reach out a mass group audience in one location.
    APeC Channel Marketing, Western Digital
  • We’ve met a good mix of new prospects and existing customers over the two days. There were many relevant questions posed by the delegates, attesting to the immense interest the show has generated for us leading up to the show.
    Marketing – South East Asia and India, Splunk
  • Through Cloud Expo Asia, we get new prospects, lead generation and a lot of brand exposure. Across these two days, it’s been very exciting and we’re already looking forward to next year!
    Marketing Manager, Netpluz Asia Pte Ltd
  • Conferences like these at Cloud Expo Asia are always exciting because not only we have a chance to hear about the latest best practices and developments, and also reconnect with peers, clients and partners. I would love to be back at Cloud Expo Asia again!
    Director, Fintech & Crypto, PwC Singapore
  • As the COO in one of the biggest insurance companies in Japan, I’ve arranged my team to take turn to come visit across these two days to get the latest industry knowledge. Because of my role, I am particularly interested in the risk management and security sessions. What we’re appreciated the most is that we can source a variety of content at one place, including solution providers, end-users and those institutions [IASA, ISC2 etc.]. It is very comprehensive.
    COO, Tokio Marine Insurance Group
  • I’ve never visited an event of such massive scale featuring some of the most amazing brands and speakers here. I learnt a lot from attending the sessions like blockchain, digitisation, logistics and customer experience. I am very impressed with the breadth of the topics covered all under one roof over two days. I’ve also met many new suppliers I’ve never knew before and got to establish contact with them now. Coming to this event has given me so much value.
    Founder, All about Supply Chain