SGCSC Cybersecurity Talking Points

sgcsc

Talking

Points

Discussions on Industry Practices,

Research and Development Ideas


Singapore Cybersecurity Consortium

is created for engagement between

industry, academia and government agencies

to encourage use-inspired research, translation,

manpower training and technology awareness

in cybersecurity.

It is funded by the National Research Foundation (NRF)

and anchored at the National University of Singapore (NUS)

since 1 September 2016.

The Consortium has 38 industry members

as of September 2018.


What We Do

Engage via

training

Engage via

discussions and

advice

Engage via

research

collaboration

SPECIAL INTEREST

GROUPS

Knowledge exchange

CYBERSECURITY

CAMP

Workshop

Industry talks

Hackathons

CYBERSECURITY

LEAN LAUNCHPAD

Business + Technical

Discussions

TECHNOLOGY

TALKS

Latest technologies

and industry trends

Project showcases

WILD & CRAZY

IDEAS (WACI) DAY

Research ideas

Problem statements

Discussion of timely

issues and ideas

Exploring collaboration

JOINT R&D

Seed funding

(Industry-Academia pair)

Infrastructure sharing


Annual Cybersecurity Camp

Chair: Prof. Dawn Song (University of California, Berkeley)

Hackathon

Workshop

Research Forum

Past Speakers

Le Song (Georgia Institute of Technology; Ant Financial)

Liang Shi, Min Ye, Tianlong Liu (Alibaba Cloud Security)

Reza Shokri (National University of Singapore)

Cho Chia Yuan (DSO National Laboratories)

Ian Fischer (Google Research)

John Whaley (UnifyID)

Gao Shupeng (Baidu)


: CYBERSECURITY TRACK

is a 10-week experiential learning programme focused on

market validation and customer discovery

for commercialization

of potential cybersecurity technological innovation.

BUSINESS COACHING

It is organized by NUS Enterprise

in partnership with Singapore Cybersecurity Consortium

and supported by the National Research Foundation (NRF)

and the Cyber Security Agency of Singapore (CSA).

CYBERSECURITY EXPERT

SHARING

INDUSTRY EXPERT

MENTORING

CONNECTING PEOPLE

TEAMWORK AND

COLLABORATION

SPARKING INNOVATION


Industry-Academia Joint Projects

for Research Translation

Project Highlight

This project aims to develop

an integrated safety-security approach

for Unmanned Aerial Systems (UAS)

traffic management (UTM) systems,

through a safety-security co-analysis

and risk assessment framework.

It will establish best-practice and

safety-and-security-by-design

guidelines for this approach.

Collaborators


Initiated Research Projects

No More Snake Oil –

Objective Evaluation Environment

for Security Technologies

An Integrated Safety-Security Approach

for Engineering Unmanned Aerial Systems (UAS)

Traffic Management Solutions

Secure Dataset Sharing

for Remote Artificial Intelligence

Innovations on Clinical Data

Mobile (iOS) Security Study

for Cyber-Attack Prevention

Identification of IoT Devices behind NAT

while Ensuring the Preservation of Data Privacy

Learning to Detect Anomalies in Cyber Physical Systems

with Generative Adversarial Networks

on Networked Sensor Time Series Data


Threat Intelligence

and Incident Response

Led by

Discussion Points

Reducing manual effort,

e.g., automated sense-making

of threat intelligence

and prioritizing of alarms,

machine-usable intelligence

Standards, mechanisms, and incentives for

region-specific profiling or sharing of threats

for collective research and analysis efforts,

e.g., community honeypot

Collaboration needed in responding to attacks –

academic and private sector expertise,

government or regulatory support to “open doors”

Automated, efficient, scalable methodology

for regular validation exercise of SOC,

e.g., packaged threat repository


Discussion Points

Data Protection

and Privacy

Led by

Ways to preserve privacy

without crippling the utility of data

or the ability to share –

e.g., privacy preserving machine learning

Possible incentives and help for organizations

e.g., putting a price tag on data,

quantifying security Return on Investment (ROI)

to prioritize measures,

technologies to improve data leakage prevention

in Small and Medium Enterprises (SMEs)

Consider using personal data

only as secondary means

of verification,

as there is no way

to replace them

once compromised


Led by

Discussion Points

Mobile Security

Preventing exploit of existing app vulnerabilities

through true sandboxing on mobile

Reducing reliance on device manufacturers for security support,

e.g., externalizing the trust element as smartcard or token

Developer-friendly

security verification techniques for mobile apps

Reconciling the use of side channels on mobile platforms

(e.g., interrupts) to monitor malicious behavior

vs their abuse for privacy breach


System and

Software Security

Led by

Discussion Points

Reducing cost in terms of time required as well as expertise

for interpretation and action on the results, e.g.:

Intelligent automation of testing components for

lightweight, efficient integration into software development

Technologies to assist program understanding

and crash analysis for better test calibration

Application of security analysis

to make non-analog decision e.g.,

for identifying “high-risk” customers

as those with more vulnerable systems

Human and cultural factors

to be taken into account

E.g., have a team champion,

provision with right tools


Discussion Points

Cyber-Physical System

(CPS) and IoT Security

Led by

Heterogeneity of specifications and vendors

leading to different vulnerabilities

even with the same protocols

Difficulty modeling

the external environment

for realistic simulation

Due to high cost and difficulty

of modifying existing systems,

need holistic view for protection

e.g., monitoring and detection,

handling legacy systems for secure adoption

of cyber technologies such as wireless

Challenges obtaining specifics of

proprietary OT processes,

real data for research

as operators are wary of sensitivity

of data in critical infrastructure


Cybercrime and

Investigation

Led by

Discussion Points

Challenges due to range of IoT devices

with various platforms,

huge amount of unstructured log data,

not knowing what we miss

when working with systems

unknown to existing forensic tools

Verifying accuracy of attribution

through the chain of investigative process,

and verifying that evidence are not artifacts

planted by forensic tools themselves

Need for drone forensic tools for

identification of the controller,

identification of past activities,

and retrieval of relevant evidences

from captured drones


http://sgcsc.sg/

Supported by

Similar magazines