SGCSC Cybersecurity Talking Points

You also want an ePaper? Increase the reach of your titles

YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.

<strong>Talking</strong><br />

<strong>Points</strong><br />

Discussions on Industry Practices,<br />

Research and Development Ideas

Singapore <strong>Cybersecurity</strong> Consortium<br />

is created for engagement between<br />

industry, academia and government agencies<br />

to encourage use-inspired research, translation,<br />

manpower training and technology awareness<br />

in cybersecurity.<br />

It is funded by the National Research Foundation (NRF)<br />

and anchored at the National University of Singapore (NUS)<br />

since 1 September 2016.<br />

The Consortium has 38 industry members<br />

as of September 2018.<br />

What We Do<br />

Engage via<br />

training<br />

Engage via<br />

discussions and<br />

advice<br />

Engage via<br />

research<br />

collaboration<br />


GROUPS<br />

Knowledge exchange<br />


CAMP<br />

Workshop<br />

Industry talks<br />

Hackathons<br />



Business + Technical<br />

Discussions<br />


TALKS<br />

Latest technologies<br />

and industry trends<br />

Project showcases<br />

WILD & CRAZY<br />


Research ideas<br />

Problem statements<br />

Discussion of timely<br />

issues and ideas<br />

Exploring collaboration<br />

JOINT R&D<br />

Seed funding<br />

(Industry-Academia pair)<br />

Infrastructure sharing

Annual <strong>Cybersecurity</strong> Camp<br />

Chair: Prof. Dawn Song (University of California, Berkeley)<br />

Hackathon<br />

Workshop<br />

Research Forum<br />

Past Speakers<br />

Le Song (Georgia Institute of Technology; Ant Financial)<br />

Liang Shi, Min Ye, Tianlong Liu (Alibaba Cloud Security)<br />

Reza Shokri (National University of Singapore)<br />

Cho Chia Yuan (DSO National Laboratories)<br />

Ian Fischer (Google Research)<br />

John Whaley (UnifyID)<br />

Gao Shupeng (Baidu)


is a 10-week experiential learning programme focused on<br />

market validation and customer discovery<br />

for commercialization<br />

of potential cybersecurity technological innovation.<br />


It is organized by NUS Enterprise<br />

in partnership with Singapore <strong>Cybersecurity</strong> Consortium<br />

and supported by the National Research Foundation (NRF)<br />

and the Cyber Security Agency of Singapore (CSA).<br />









Industry-Academia Joint Projects<br />

for Research Translation<br />

Project Highlight<br />

This project aims to develop<br />

an integrated safety-security approach<br />

for Unmanned Aerial Systems (UAS)<br />

traffic management (UTM) systems,<br />

through a safety-security co-analysis<br />

and risk assessment framework.<br />

It will establish best-practice and<br />

safety-and-security-by-design<br />

guidelines for this approach.<br />


Initiated Research Projects<br />

No More Snake Oil –<br />

Objective Evaluation Environment<br />

for Security Technologies<br />

An Integrated Safety-Security Approach<br />

for Engineering Unmanned Aerial Systems (UAS)<br />

Traffic Management Solutions<br />

Secure Dataset Sharing<br />

for Remote Artificial Intelligence<br />

Innovations on Clinical Data<br />

Mobile (iOS) Security Study<br />

for Cyber-Attack Prevention<br />

Identification of IoT Devices behind NAT<br />

while Ensuring the Preservation of Data Privacy<br />

Learning to Detect Anomalies in Cyber Physical Systems<br />

with Generative Adversarial Networks<br />

on Networked Sensor Time Series Data

Threat Intelligence<br />

and Incident Response<br />

Led by<br />

Discussion <strong>Points</strong><br />

Reducing manual effort,<br />

e.g., automated sense-making<br />

of threat intelligence<br />

and prioritizing of alarms,<br />

machine-usable intelligence<br />

Standards, mechanisms, and incentives for<br />

region-specific profiling or sharing of threats<br />

for collective research and analysis efforts,<br />

e.g., community honeypot<br />

Collaboration needed in responding to attacks –<br />

academic and private sector expertise,<br />

government or regulatory support to “open doors”<br />

Automated, efficient, scalable methodology<br />

for regular validation exercise of SOC,<br />

e.g., packaged threat repository

Discussion <strong>Points</strong><br />

Data Protection<br />

and Privacy<br />

Led by<br />

Ways to preserve privacy<br />

without crippling the utility of data<br />

or the ability to share –<br />

e.g., privacy preserving machine learning<br />

Possible incentives and help for organizations<br />

e.g., putting a price tag on data,<br />

quantifying security Return on Investment (ROI)<br />

to prioritize measures,<br />

technologies to improve data leakage prevention<br />

in Small and Medium Enterprises (SMEs)<br />

Consider using personal data<br />

only as secondary means<br />

of verification,<br />

as there is no way<br />

to replace them<br />

once compromised

Led by<br />

Discussion <strong>Points</strong><br />

Mobile Security<br />

Preventing exploit of existing app vulnerabilities<br />

through true sandboxing on mobile<br />

Reducing reliance on device manufacturers for security support,<br />

e.g., externalizing the trust element as smartcard or token<br />

Developer-friendly<br />

security verification techniques for mobile apps<br />

Reconciling the use of side channels on mobile platforms<br />

(e.g., interrupts) to monitor malicious behavior<br />

vs their abuse for privacy breach

System and<br />

Software Security<br />

Led by<br />

Discussion <strong>Points</strong><br />

Reducing cost in terms of time required as well as expertise<br />

for interpretation and action on the results, e.g.:<br />

Intelligent automation of testing components for<br />

lightweight, efficient integration into software development<br />

Technologies to assist program understanding<br />

and crash analysis for better test calibration<br />

Application of security analysis<br />

to make non-analog decision e.g.,<br />

for identifying “high-risk” customers<br />

as those with more vulnerable systems<br />

Human and cultural factors<br />

to be taken into account<br />

E.g., have a team champion,<br />

provision with right tools

Discussion <strong>Points</strong><br />

Cyber-Physical System<br />

(CPS) and IoT Security<br />

Led by<br />

Heterogeneity of specifications and vendors<br />

leading to different vulnerabilities<br />

even with the same protocols<br />

Difficulty modeling<br />

the external environment<br />

for realistic simulation<br />

Due to high cost and difficulty<br />

of modifying existing systems,<br />

need holistic view for protection<br />

e.g., monitoring and detection,<br />

handling legacy systems for secure adoption<br />

of cyber technologies such as wireless<br />

Challenges obtaining specifics of<br />

proprietary OT processes,<br />

real data for research<br />

as operators are wary of sensitivity<br />

of data in critical infrastructure

Cybercrime and<br />

Investigation<br />

Led by<br />

Discussion <strong>Points</strong><br />

Challenges due to range of IoT devices<br />

with various platforms,<br />

huge amount of unstructured log data,<br />

not knowing what we miss<br />

when working with systems<br />

unknown to existing forensic tools<br />

Verifying accuracy of attribution<br />

through the chain of investigative process,<br />

and verifying that evidence are not artifacts<br />

planted by forensic tools themselves<br />

Need for drone forensic tools for<br />

identification of the controller,<br />

identification of past activities,<br />

and retrieval of relevant evidences<br />

from captured drones

http://sgcsc.sg/<br />

Supported by

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!