The Cyber Security Agency of Singapore organised the 15th annual ASEAN Computer Emergency Response Team Incident Drill (ACID) last week on 7 October 2020. This was held alongside the fifth Singapore International Cyber Week.
Hosted by Singapore since 2006, the Incident Drills test incident response procedures and strengthens cybersecurity preparedness and cooperation among Computer Emergency Response Teams (CERTs) in ASEAN Member States and Partners.
Malware Campaign Leveraging the Pandemic Situation
This year’s theme, “Malware Campaign Leveraging the Pandemic Situation”, was chosen in view of the rapid increase of malicious campaigns leveraging the ongoing COVID-19 pandemic across multiple sectors, in many countries in the earlier part of the year.
During a brief pre-drill dialogue, the participants also agreed that it was an opportune time to raise awareness and preparedness against opportunistic campaigns.
The scenario injects are based on the Emotet malware campaign, given its prevalence, and the range of cybersecurity events that may occur following a successful Emotet malware infection.
Computer Emergency Response Teams from all of ASEAN represented
All the Computer Emergency Response Teams from the 10 ASEAN Member States and five key Dialogue Partners from Australia, China, India, Japan, and South Korea, were represented this year.
They were required to investigate, analyse, and recommend remediation and mitigation measures to a series of scenarios injects with varying levels of complexity. The drill this year was well-received and the participating Computer Emergency Response Teams provided positive feedback.
Leading the exercise is Ms Goh Yan Kim, Deputy Director, SingCERT, CSA. Ms Goh said, “With the pandemic resulting in a heavier reliance on the internet, cybersecurity is now more important than ever. These exercises are essential to foster trust and preparedness among CERTs in ASEAN and our Dialogue Partners to respond to current and emerging threats. We look forward to conducting more of these exercises in future.”
To enable the development of wearable devices that possess advanced ultraviolet (UV) detection functions, Singaporean scientists have created a new type of light sensor that is both flexible and highly sensitive.
While invisible to the human eye, UV rays in the environment, and excessive exposure can cause health issues including skin cancer and premature skin ageing. The intensity of UV rays is typically reported through an index during weather reports. A wearable device, such as a T-shirt or watch that monitors the actual personal UV exposure throughout the day, would be a useful and more accurate guide for people seeking to avoid sun damage.
In their study, which was featured on the front cover of the peer-reviewed journal, the researchers reported that their flexible UV light sensors were 25 times more responsive, and 330 times more sensitive, than existing sensors, exceeding the performance level required for optoelectronic applications – or light-based electronics.
UV light sensors, also known as photodetectors, are used in a wide range of systems, from smartphones to biomedical imaging. Over the past decades, gallium nitride (GaN) has gained prominence as the ideal material to fabricate UV light sensors, largely due to its superior properties in emitting, regulating, transmitting, and sensing light. However, most GaN-based UV sensors today are built on rigid layers, limiting their use in flexible and wearable products.
While researchers elsewhere have developed flexible GaN-based UV sensors, they have not attained the level of performance required for state-of-the-art use. Two of their biggest challenges are low responsivity and low sensitivity.
The NTU team overcame these constraints by creating their flexible UV light sensors on a semiconductor wafer 8 inches in diameter, using free-standing single-crystalline layers of GaN and aluminium gallium nitride (AlGaN), arranged using membranes that consist of two different thin semiconductor layers (heterostructure membranes).
This type of semiconductor structure, which can be fabricated using existing industrial compatible methods, allows the material to be easily bent, making it ideal for use in flexible sensors. At the same time, the chemical composition of the material changes with depth, meaning that high performance is maintained even when it comes under strain.
Lead researcher said that the high performance of the team’s flexible UV light sensors proves that it would be feasible to manufacture large-scale lightweight and flexible electronics for use in future relevant light-based applications. The team’s achievement could lead to significant advances in UV optoelectronic devices and circuits, as product engineers could now look forward to developing UV-enabled wearable systems.
While the performance of the rigid form of GaN-based UV light sensors has been greatly improved with various structural innovations over the past years, a flexible version remains in its infancy and their performance is far behind that of the rigid counterparts. Their high-performance flexible UV light sensors pave the way forward for a wide range of future wearable applications, such as in personal smart health monitoring, where people can accurately measure their UV exposure levels throughout the day to reduce their risk of skin cancer.
Skin cancer can be prevented by protecting the skin from excessive sun exposure. In this context, a reliable wearable device that could track UV exposure may be a handy tool to help monitor one’s recommended exposure, particularly for those who spend a lot of time outdoors.
This demonstration on a flexible platform opens vast opportunities not only in UV photodetectors but also in other optoelectronic and electronic device applications. The project to develop the flexible UV light sensors took the team two years of design, fabrication, and testing. Moving forward, the researchers are looking to devise eye-type UV imagers and other applications using their innovation.
The National University of Singapore (NUS) and the Singapore University of Technology and Design (SUTD) signed a Memorandum of Understanding (MOU) recently to collaborate in the areas of innovation and enterprise.
The MOU underscores the two universities’ shared efforts to cultivate new ideas; nurture entrepreneurial, research translation and innovation talents; and create opportunities for technology commercialisation and co-sharing of facilities and expertise. This is the first such partnership entered by both universities to collectively groom the next generation of talents to further build momentum in innovation and enterprise.
The NUS President, who signed the MOU on behalf of NUS, said that for entrepreneurs to realise their full potential, universities need to provide support for a dynamic ecosystem and help these budding entrepreneurs catalyse ideas and bring them to fruition.
By opening up the programmes, this collaboration will help to foster greater vibrancy in Singapore’s start-up ecosystem and facilitate sharing of information, resources and access to technology innovation. Through this initiative, is it hoped that new ideas are seeded and nurtured, talents in research translation are groomed, and innovation in Singapore and beyond is advanced.
Meanwhile, the SUTD President Professor, who signed the MOU on behalf of SUTD said that the institution has partnered with NUS in the past to establish education programmes such as the SUTD-NUS Joint PhD Programme and the SUTD – Duke-NUS Special Track.
Through this new partnership, the two universities will capitalise on their individual strengths in entrepreneurship and innovation to provide an enriched ecosystem for students to cultivate their interests, knowledge and skills in these areas.
This will help develop the next generation of talents who have the technological know-how and business acumen to identify gaps, challenge the status quo, seize opportunities and chart the way forward for Singapore and the world using technology and design.
From Academic Year 2022/2023, SUTD students will be able to take credit-bearing entrepreneurship- and innovation-related electives offered by NUS Enterprise. SUTD undergraduates will also get to participate in the NUS Overseas Colleges programme to promote stronger cross-institutional start-up teams among NUS and SUTD students.
In addition, NUS and SUTD faculty members will co-supervise students in the NUS PhD by Innovation, NUS Master of Science in Venture Creation and SUTD Master of Engineering (Innovation by Design) programmes. There will also be an increase in the number of exchange students between the two universities under the Singapore Universities Student Exchange Programme.
Research and innovation
SUTD faculty members will participate in translational research and commercialisation at the NUS Guangzhou Research Translation and Innovation Institute (NUSGRTII) in China.
Located within Ascendas OneHub Guangzhou Knowledge City, NUSGRTII was established in November 2019, in collaboration with the People’s Government of Guangzhou Municipality and the Sino-Singapore Guangzhou Knowledge City Administration Committee. The Institute conducts research translation, pioneers technological innovations, incubates start-ups and offers education programmes to train R&D talents in Guangzhou and the Greater Bay Area.
Both universities will collaborate on the research translation and commercialisation of SUTD’s technology and intellectual property through the NUS Graduate Research Innovation Programme, the University’s flagship programme for producing deep-tech start-ups.
Facility and expertise sharing
Both universities will leverage each other’s equipment and facilities for innovation and product development. In particular, SUTD’s signature advanced rapid prototyping facilities and interdisciplinary maker spaces will provide good infrastructures for the NUS-SUTD enterprise ecosystem as well as undergraduate and postgraduate students. SUTD students and start-ups looking to venture overseas or require incubation support may also tap NUS Enterprise’s BLOCK71 network that currently has seven locations in five countries – Singapore, United States, China, Indonesia and Vietnam.
In addition, budding student entrepreneurs and start-ups can look forward to tapping a wider pool of mentors from among NUS and SUTD faculty members who have the relevant experience and expertise.
The Delhi government is planning a major security audit of all its information technology (IT) systems, websites, web-enabled applications and services, and mobile applications. The move aims to identify and prevent cyberattacks/threats.
A news report has stated that thanks to improved e-governance, many public services are available online, saving time and resources. However, the move to online modes of service delivery has also left data susceptible to cyberattacks. The Delhi eGovernance Society, run under the city’s Department of Information Technology, has floated a request for proposal (RFP) to select a cybersecurity agency to conduct the comprehensive security audit. The audit will cover the government’s departments, local bodies, and autonomous bodies. It will also find vulnerabilities in the government’s IT system and ways to secure the system against related threats. The RFP defines a deliberate attack as a malicious attempt to gain unauthorised access to an IT system, such as through password guessing to compromise systems and data integrity, availability, or confidentiality. It could also be a benign, but purposeful, attempt to circumvent system security.
New threats evolve as technology does and organisations struggle to maintain information security. Organisations often leverage new technologies to extend their functionality and reach more clients and partners but simultaneously, their exposure to risk grows. The RFP explained that a rapid growth in discovered vulnerabilities in applications makes it easier for an attacker to find a path into a network. In-house and commercially-developed applications often put speedy development and convenience over security, which results in vulnerabilities such as authentication bypass, SQL Injection, and cross-site scripting. The RFP added that applications are also preferred targets for attackers, as they almost always allow access to internal resources through the firewall.
The vulnerabilities and security issues could include broken authentication and access controls, weak passwords, cryptography, and session management; forceful browsing, ‘cookie poisoning’, denial-of-service, and parameter tampering; improper error handling, third party misconfigurations, and information leakages; server misconfigurations, form/hidden field manipulation, back doors and debug options, errors triggering sensitive information leaks, and GI-BIN manipulation.
Recently, India was ranked 10th in the Global Cyber Security Index (GCI) 2020, which was released by the United Nations specialised agency for ICT, the International Telecommunication Union (ITU). The United States ranked first, followed by the United Kingdom and Saudi Arabia. Estonia was ranked third, South Korea, Singapore, and Spain shared the fourth spot. Russia, the United Arab Emirates, and Malaysia shared the fifth spot, Lithuania came in sixth followed by Japan, Canada, and France. The countries were measured along five pillars, namely, legal measures, technical measures, organisational measures, capacity development, and cooperation to generate an overall score. The countries were asked 82 questions where 20 indicators were measured. India answered questions on legal measures for data protection of its citizens and its Computer Emergency Response Teams (CERT), which is responsible for coordinating responses to computer security events on a national level. India’s overall score was 97.49. It placed 4th in the Asia-Pacific region.
The Indian government will release a new cybersecurity strategy this year, according to the National Cyber Security Coordinator, Rajesh Pant. He announced this at an event organised by the Public Affairs Forum of India (PAFI). He said the strategy would holistically cover the entire ecosystem of cyberspace in India. The new strategy would serve as a guideline to cover various aspects, including data as a national resource, building indigenous capabilities, and cyber audits.
Singapore has introduced an all-out effort to prepare for this new reality. Going digital is now a must for businesses of all sizes, and workers are being encouraged to learn new skills as the economy embraces more technology. According to one estimate, the burgeoning digital economy will contribute up to US$10 billion (approximately S$13.5 billion) to Singapore’s GDP by 2021. However, with new opportunities come new challenges. For example, when jobs and skills become obsolete faster than people expect.
With this, the drivers of Singapore’s next phase of growth are starting to fall into place, with the first batch of global companies confirming plans to establish a base in Punggol Digital District. The Republic is positioning the upcoming digital district as the location of choice for technology companies as it prepares for the digital economy to power its growth.
The Minister for Trade and Industry stated at an event at the Punggol Digital District site office, which was also streamed virtually, that the first four companies to set up shop in the new hub are expected to create about 2,000 new tech jobs, ranging from data analysts to fraud hunters and blockchain developers. The minister, who is one of the co-chairs of the multi-ministerial task force on Covid-19, stated that the pandemic has resulted in technological disruption of traditional business models and remote working trends. But, he added, it has also created new opportunities.
“The digital economy can potentially fuel the next lap of economic growth,” he said, citing a report that said the digital market in Southeast Asia is expected to triple by 2025 to reach US$300 billion (S$408 billion).
The Punggol Digital District has been identified as a critical hub for bringing together industry players, academics, and tech talent. Yesterday, the Minister of Trade and Industry announced that the first four companies that will start the buzz are a smart living solutions company, a robotics design company, a cyber-security services provider, and a blockchain solutions provider. “Each of these companies brings different expertise to the mix,” emphasise the Minister for Trade and Industry.
In 2018, the master plan for the 50-hectare Punggol Digital District was unveiled. The district will gradually open beginning in 2024. When fully developed, it is expected to generate approximately 28,000 digital economy jobs. The district will house the new campus of the Singapore Institute of Technology (SIT), which will serve over 10,000 students and 500 academic staff.
As per JTC Corporation, this means that businesses will have easy access to SIT talent, while students will benefit from an applied learning environment. The district will also function as a living lab for businesses, students, and the public to test digital and smart living solutions
The Punggol Digital District was designed to be a smart and sustainable mixed-use development. JTC’s master plan aligns with Singapore’s Smart Nation and digital economy plans. It is mentioned that those companies will be vital in helping nurture next-generation digital talent, while building skillsets for mid-career professionals, in turn creating good job opportunities for Singaporeans.
In correspond, according to the World Economic Forum and the Group of Twenty, the digital economy is a broad range of economic activities that use digitised information and knowledge as key factors of production, modern information networks as an important activity space, and information and communications technology to drive productivity growth.
To put it simply, the digital economy is organised, enabled and facilitated by technology ranging from computers, Internet to emerging ones like artificial intelligence and the Internet of Things. Its growth and far-reaching influence have brought about tremendous disruptions across all industries.
A new study from U.S. computer scientists reveals what may be the first way to encrypt personal images on popular cloud photo services, all without requiring any changes to — or trust in — those services. Smartphones now make it easy for virtually everyone to snap photos. The limited amount of data that smartphones hold, and how they are vulnerable to accidental loss and damage, lead many users to store their images online via cloud photo services. Google Photos is especially popular, with more than a billion users.
However, these online photo collections are not just valuable to their owners, but to attackers seeking to unearth a gold mine of personal data. Security measures such as passwords and two-factor authentication may not be enough to protect these images anymore, as the online services storing these photos can themselves sometimes be the problem.
A potential solution to this problem would be to encrypt the photos so no one but the proper users can view them. However, cloud photo services are currently not compatible with existing encryption techniques.
Hence, U.S. Engineering researchers have created a way for mobile users to enjoy popular cloud photo services while protecting their photos. The system encrypts photos uploaded to cloud services so that attackers — or the cloud services themselves — cannot decipher them. At the same time, users can visually browse and display these images as if they were not encrypted. Even if the account is hacked, attackers cannot get the photos because they are encrypted.
The system employs an image encryption algorithm whose resulting files can be compressed and still get recognised as images, albeit ones that look like black and white static to anyone except authorised users. In addition, the system works for both lossy and lossless image formats such as JPEG and PNG and is efficient enough for use on mobile devices. Encrypting each image results in three black-and-white files, each one encoding details about the original image’s red, green, or blue data
Moreover, the system creates and uploads encrypted thumbnail images to cloud photo services. Authorised users can quickly and easily browse thumbnail galleries using image browsers that incorporate the system. The system adds an extra layer of protection beyond password-based account security. The goal is to make it so that only the owners’ devices can see their sensitive photos.
The researchers wanted to make sure that each user could use multiple devices to access their online photos if desired. The problem is the same digital code or key used to encrypt a photo has to be the same one used to decrypt the image. Users often do not understand keys and requiring them to move the keys around from one device to another is too complicated for users to use. They may also copy the key the wrong way and inadvertently give everyone access to their encrypted data.
Therefore, computer scientists developed an easy-to-use way for users to manage these keys that eliminates the need for users to know or care about keys. All a user has to do to help a new device access the encrypted photos is to verify it with another device on which they have already installed and logged into the system’s enabled app. This makes it possible for multiple trusted devices to still view encrypted photos.
The lead researcher said that right now is the beginning of a major technological boom where even average users move towards moving all their data into the cloud. This comes with great privacy concerns that have only recently started rearing their ugly heads, such as the increasing number of discovered cases of cloud service employees looking at private user data. Users should have an option to protect the data that they think is really important in these popular services, and this new system is just one practical solution for this.
Hong Kong Science and Technology Parks Corporation (HKSTP) announced that Park two companies triumphed at the recent Global Regtech Challenge, organised by The Hong Kong Monetary Authority (HKMA). One company, an AI start-up, won in the Conduct and Customer Protection category, while the other firm, an AI and blockchain start-up, was selected as runner up in the Customer Data Privacy category.
The CEO of HKSTP noted that the success of the Park’s start-ups is proof of Hong Kong’s Regtech innovation potential and its growing status as a global Regtech hub. The winning solutions are just a sample of the significant wealth of innovation emerging from HKSTP’s ecosystem of deeptech-driven fintech companies, creating a pipeline of impactful innovation and powering Hong Kong’s financial sector.
The Hong Kong-based AI provider specialises in speech and natural language processing technologies; they triumphed as the best solution in Banking Conduct and Customer Protection. Its AI technology, specifically the Callinter product, is used to automatically analyse multilingual and mixed language (Cantonese, Mandarin, and English) conversations between a relationship manager and a customer, to help identify potential regulatory breaches, suspicious activities and business insight.
The Co-Founder and CEO of the AI start-up stated that with HKMA’s two-year roadmap to promote Regtech adoption and the Fintech 2025 strategy, a golden opportunity for growth has been presented to the firm. The company’s technologies have been adopted by several of the largest international banks and regulators in the region. The firm looks forward to engaging with its partners to work towards the FinTech 2025 goal and make Hong Kong a leading global hub for developing Regtech.
Meanwhile, the second start-up, an AI and blockchain technology provider was selected as runner-up for their Customer Data Privacy category at the Global Regtech Challenge. Its SafeGuard Series is a comprehensive cybersecurity solution that tackles both internal and external threats by integrating facial recognition, object detection and blockchain technologies.
HMKA launched the challenge to raise the Hong Kong banking industry’s awareness of the potential of Regtech adoption. The competition drew over 80 submissions from 15 jurisdictions and four continents. The two HKSTP start-ups beat out Regtech providers from around the world, who were invited to showcase applications in solving common risk management and regulatory compliance pain points experienced by banks, including governance, risk and compliance; conduct and customer protection; customer data privacy; and risk management.
On 17 June 2021, the Hong Kong Monetary Authority (HKMA) launched a new Regtech Adoption Practice Guide series to provide banks with detailed practical guidance on the implementation of Regtech solutions.
The publication of the Regtech Adoption Practice Guide series forms part of the HKMA’s two-year Regtech promotion roadmap announced in November 2020. It succeeds the Regtech Watch series and builds on it to provide banks with detailed guidance on how to overcome implementation challenges associated with Regtech adoption.
Each Regtech Adoption Practice Guide focuses on a specific technology or application area identified in the HKMA’s White Paper to further Regtech adoption in the Hong Kong banking sector. The inaugural issue provides guidance on “Cloud-based Regtech solutions”.
As noted in the first issue of the Practice Guide, Cloud computing is a key underpinning technology behind Regtech solutions. The use of Cloud technology on Regtech solutions offers several benefits including timely offsite support, fast implementation and highly scalable solutions. Findings from the White Paper suggested that banks that were open to using Cloud-based technology displayed greater operational resilience during the COVID-19 pandemic.
The HKMA also published today the seventh and final issue of the Regtech Watch series. This last issue outlines the HKMA’s three-year roadmap to integrate supervisory technology (Suptech) into its processes. Through greater use of Suptech, the HKMA aims to enhance the effectiveness and forward-looking capability of its supervisory processes.
Singaporean researchers have developed a platform that automates and speeds up the detection of insulation failure in SP Group substations, helping to prevent blackouts. Since February 2021, the machine learning platform has helped to reduce 90% of the time spent daily on these routine checks. This eases the officers’ workload and enables them to focus on analysing the measurements suspected to have abnormalities.
As the owner and operator of Singapore’s electricity network, the company has more than 11,000 substations delivering electricity to industrial, commercial and residential consumers here. Part of the work in the maintenance of substations includes checking for partial discharge – an electrical discharge that does not completely bridge the space between two conducting electrodes – which is a key symptom of deteriorating electrical insulation. A fault due to insulation failure can lead to the tripping of protection equipment, which could trigger blackouts and even a fire.
Previously, checking for insulation degradation was highly labour-intensive. Operators used a handheld device to extract patterns and waveforms measured by the equipment at the substations. They then manually scanned through the pattern and waveform data to look for potential abnormalities.
To make the process more efficient, the researchers devised a machine learning platform that analyses the waveform data uploaded from the handheld devices, and flags suspected partial discharge. The platform uses a unique algorithm, called adaptive clustering, which removes noise of varying levels to accurately isolate partial discharge data points for analysis.
Typically, going through five waveform data files would take about 10 minutes manually. The platform runs through at least 50 waveform data files in the same amount of time. That is a 10-fold efficiency increase. As a result, the number of suspected partial discharge cases that officers review daily has dropped significantly from around 400 to 40. The project took nine months to complete. The machine learning platform can be installed on the company’s local machines from the shared drives and is easily accessible off-site even without internet access.
Machine learning is critical to leave the lab and enter places where people work, and ultimately makes a positive difference in their lives. The team is happy to continue on this journey as Singapore develops its infrastructure to meet the next stage of growth. The team is very pleased with the good outcome of this project, which allowed them to improve their productivity. They will continue to explore the use of advanced technology in our pursuit of even better network reliability.
Singapore has been focusing on developing machine learning for a variety of purposes including combatting fake media. As reported by OpenGov Asia, AI Singapore launches the “Trusted Media Challenge”, a five-month-long competition aimed at attracting the Artificial Intelligence (AI) community to design and test out AI models and solutions that will easily detect audio-visual fake media, where both video and audio modalities may be modified.
The initiative – targeted at AI enthusiasts and researchers from around the world – aims to also strengthen Singapore’s position as a global AI hub by incentivising the involvement of international contributors, and sourcing innovation ideas globally.
Fake media technology or deepfake tech is becoming mainstream, delivering benefits and yet posing a variety of threats. The technology has allowed movie producers to manage videos and dialogues without expensive reshoots, facilitated professional training, or has been used to protect the identities of those being persecuted, among other applications.
At the other end of the spectrum, deepfakes are used to sow mistrust and seed scamming, making them an existential threat to societies today. If left unchecked, fake media risks becoming a serious national security concern.