SGCSC Cybersecurity Talking Points
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
<strong>Talking</strong><br />
<strong>Points</strong><br />
Discussions on Industry Practices,<br />
Research and Development Ideas
Singapore <strong>Cybersecurity</strong> Consortium<br />
is created for engagement between<br />
industry, academia and government agencies<br />
to encourage use-inspired research, translation,<br />
manpower training and technology awareness<br />
in cybersecurity.<br />
It is funded by the National Research Foundation (NRF)<br />
and anchored at the National University of Singapore (NUS)<br />
since 1 September 2016.<br />
The Consortium has 38 industry members<br />
as of September 2018.<br />
…
What We Do<br />
Engage via<br />
training<br />
Engage via<br />
discussions and<br />
advice<br />
Engage via<br />
research<br />
collaboration<br />
SPECIAL INTEREST<br />
GROUPS<br />
Knowledge exchange<br />
CYBERSECURITY<br />
CAMP<br />
Workshop<br />
Industry talks<br />
Hackathons<br />
CYBERSECURITY<br />
LEAN LAUNCHPAD<br />
Business + Technical<br />
Discussions<br />
TECHNOLOGY<br />
TALKS<br />
Latest technologies<br />
and industry trends<br />
Project showcases<br />
WILD & CRAZY<br />
IDEAS (WACI) DAY<br />
Research ideas<br />
Problem statements<br />
Discussion of timely<br />
issues and ideas<br />
Exploring collaboration<br />
JOINT R&D<br />
Seed funding<br />
(Industry-Academia pair)<br />
Infrastructure sharing
Annual <strong>Cybersecurity</strong> Camp<br />
Chair: Prof. Dawn Song (University of California, Berkeley)<br />
Hackathon<br />
Workshop<br />
Research Forum<br />
Past Speakers<br />
Le Song (Georgia Institute of Technology; Ant Financial)<br />
Liang Shi, Min Ye, Tianlong Liu (Alibaba Cloud Security)<br />
Reza Shokri (National University of Singapore)<br />
Cho Chia Yuan (DSO National Laboratories)<br />
Ian Fischer (Google Research)<br />
John Whaley (UnifyID)<br />
Gao Shupeng (Baidu)
: CYBERSECURITY TRACK<br />
is a 10-week experiential learning programme focused on<br />
market validation and customer discovery<br />
for commercialization<br />
of potential cybersecurity technological innovation.<br />
BUSINESS COACHING<br />
It is organized by NUS Enterprise<br />
in partnership with Singapore <strong>Cybersecurity</strong> Consortium<br />
and supported by the National Research Foundation (NRF)<br />
and the Cyber Security Agency of Singapore (CSA).<br />
CYBERSECURITY EXPERT<br />
SHARING<br />
INDUSTRY EXPERT<br />
MENTORING<br />
CONNECTING PEOPLE<br />
TEAMWORK AND<br />
COLLABORATION<br />
SPARKING INNOVATION
Industry-Academia Joint Projects<br />
for Research Translation<br />
Project Highlight<br />
This project aims to develop<br />
an integrated safety-security approach<br />
for Unmanned Aerial Systems (UAS)<br />
traffic management (UTM) systems,<br />
through a safety-security co-analysis<br />
and risk assessment framework.<br />
It will establish best-practice and<br />
safety-and-security-by-design<br />
guidelines for this approach.<br />
Collaborators
Initiated Research Projects<br />
No More Snake Oil –<br />
Objective Evaluation Environment<br />
for Security Technologies<br />
An Integrated Safety-Security Approach<br />
for Engineering Unmanned Aerial Systems (UAS)<br />
Traffic Management Solutions<br />
Secure Dataset Sharing<br />
for Remote Artificial Intelligence<br />
Innovations on Clinical Data<br />
Mobile (iOS) Security Study<br />
for Cyber-Attack Prevention<br />
Identification of IoT Devices behind NAT<br />
while Ensuring the Preservation of Data Privacy<br />
Learning to Detect Anomalies in Cyber Physical Systems<br />
with Generative Adversarial Networks<br />
on Networked Sensor Time Series Data
Threat Intelligence<br />
and Incident Response<br />
Led by<br />
Discussion <strong>Points</strong><br />
Reducing manual effort,<br />
e.g., automated sense-making<br />
of threat intelligence<br />
and prioritizing of alarms,<br />
machine-usable intelligence<br />
Standards, mechanisms, and incentives for<br />
region-specific profiling or sharing of threats<br />
for collective research and analysis efforts,<br />
e.g., community honeypot<br />
Collaboration needed in responding to attacks –<br />
academic and private sector expertise,<br />
government or regulatory support to “open doors”<br />
Automated, efficient, scalable methodology<br />
for regular validation exercise of SOC,<br />
e.g., packaged threat repository
Discussion <strong>Points</strong><br />
Data Protection<br />
and Privacy<br />
Led by<br />
Ways to preserve privacy<br />
without crippling the utility of data<br />
or the ability to share –<br />
e.g., privacy preserving machine learning<br />
Possible incentives and help for organizations<br />
e.g., putting a price tag on data,<br />
quantifying security Return on Investment (ROI)<br />
to prioritize measures,<br />
technologies to improve data leakage prevention<br />
in Small and Medium Enterprises (SMEs)<br />
Consider using personal data<br />
only as secondary means<br />
of verification,<br />
as there is no way<br />
to replace them<br />
once compromised
Led by<br />
Discussion <strong>Points</strong><br />
Mobile Security<br />
Preventing exploit of existing app vulnerabilities<br />
through true sandboxing on mobile<br />
Reducing reliance on device manufacturers for security support,<br />
e.g., externalizing the trust element as smartcard or token<br />
Developer-friendly<br />
security verification techniques for mobile apps<br />
Reconciling the use of side channels on mobile platforms<br />
(e.g., interrupts) to monitor malicious behavior<br />
vs their abuse for privacy breach
System and<br />
Software Security<br />
Led by<br />
Discussion <strong>Points</strong><br />
Reducing cost in terms of time required as well as expertise<br />
for interpretation and action on the results, e.g.:<br />
Intelligent automation of testing components for<br />
lightweight, efficient integration into software development<br />
Technologies to assist program understanding<br />
and crash analysis for better test calibration<br />
Application of security analysis<br />
to make non-analog decision e.g.,<br />
for identifying “high-risk” customers<br />
as those with more vulnerable systems<br />
Human and cultural factors<br />
to be taken into account<br />
E.g., have a team champion,<br />
provision with right tools
Discussion <strong>Points</strong><br />
Cyber-Physical System<br />
(CPS) and IoT Security<br />
Led by<br />
Heterogeneity of specifications and vendors<br />
leading to different vulnerabilities<br />
even with the same protocols<br />
Difficulty modeling<br />
the external environment<br />
for realistic simulation<br />
Due to high cost and difficulty<br />
of modifying existing systems,<br />
need holistic view for protection<br />
e.g., monitoring and detection,<br />
handling legacy systems for secure adoption<br />
of cyber technologies such as wireless<br />
Challenges obtaining specifics of<br />
proprietary OT processes,<br />
real data for research<br />
as operators are wary of sensitivity<br />
of data in critical infrastructure
Cybercrime and<br />
Investigation<br />
Led by<br />
Discussion <strong>Points</strong><br />
Challenges due to range of IoT devices<br />
with various platforms,<br />
huge amount of unstructured log data,<br />
not knowing what we miss<br />
when working with systems<br />
unknown to existing forensic tools<br />
Verifying accuracy of attribution<br />
through the chain of investigative process,<br />
and verifying that evidence are not artifacts<br />
planted by forensic tools themselves<br />
Need for drone forensic tools for<br />
identification of the controller,<br />
identification of past activities,<br />
and retrieval of relevant evidences<br />
from captured drones
http://sgcsc.sg/<br />
Supported by
Change language