Advancing Cyber Security through Applied Research
As cyber security risks continue to plague many businesses, SIT has embarked on applied research projects with industry to drive continuous innovation and development in cyber security.
Globally, cyber security remains a recurring issue for many businesses. As working from home becomes more commonplace, the opportunities for potential cyber-attacks increase. With global cyber-attacks costing businesses up to USD$6 trillion annually, it is important for research and development (R&D) in the field of cyber security to keep up with the increasing prevalence and nature of cyber-attacks.
Collaborations with Industry and Government Agencies on Cyber Security Projects
To develop our applied research capabilities in cyber security, among others, SIT signed two Memoranda of Understanding (MOU) with DSO National Laboratories (DSO) and Agency for Science, Technology and Research (A*STAR) late last year, with a focus on translational research and innovation.
The MOU signing ceremonies with DSO and A*STAR in December 2020.
As part of the collaboration, SIT and DSO established a joint laboratory at SIT@Dover early this year to spearhead applied research efforts for potential defence and commercial use, as well as to collaborate on strategic translational projects in cyber security and robotics/unmanned systems.
A*STAR will be partnering with SIT to second A*STAR’s researchers and SIT students undergoing their Integrated Work Study Programme (IWSP) to companies, to jointly solve their problems through applied research and innovation.
On top of these collaborations, SIT has been working with organisations and government agencies on various applied research projects to advance cyber security R&D. The aim is to ultimately help companies establish a strong defence against cyber-attacks, which are getting increasingly sophisticated.
Some of the recent industry projects SIT has embarked on include:
- A Smart Cybersecurity Framework for Advanced Metering Infrastructure (SCFAMI), 2021 - In collaboration with IBM Singapore and SQLNET
Globally, the Advanced Metering Infrastructure (AMI) is being deployed in power grids as an enabling technology for smart utility grids. However, with an AMI, utilities are faced with the challenge of having a large, complex, and growing attack surface to protect. Cyber-attacks on AMI systems include unauthorised access to systems, denial of service, injection and propagation of malware, control/distribution system disruption, and loss of data via leakage and theft. These ever-evolving attacks can originate from external and internal sources. This project establishes the framework to ensure that smart utility networks will have adequate security for now and for the future.
This project was awarded the Innovation Capability Grant in 2021.
- Realistic Cyber Environment for Education and Experimentation, 2021 - In collaboration with DSO
A cyber range is a platform that can be used to flexibly replicate and deliver realistic, interactive cyber scenarios, comparable to that of a shooting range or firing range. Just like how shooting or firing ranges may vary to support varied levels of proficiency, cyber ranges can vary in terms of the types of activities, scenarios, and capacity required. They can be used for a variety of purposes, in line with changes in technology and developments to include competency building and education in cyber security, and as a platform for security testing and research. Leveraging on a previously built experimental cyber range, this collaboration project with DSO focused on designing and building SIT's first cyber range, which will function as a platform for training, research, and experimentation, with potential for future commercialisation. This is also an opportunity for SIT to master the know-how and control the technologies that go into building the cyber range. This also allows us to control the direction of our future cyber range development and applied research pathways.
This project was awarded the Ignition Grant in 2021.
- A Smart Drone Control Framework (SDC), 2020 - In collaboration with Distek Enterprises and Frontier Innovations
Drones play an increasingly transformative role globally in missions, such as urban infrastructure inspection, defect location, public safety and disaster response. This project enables a smart, autonomous Internet-of-Drones, which offers a cost-effective alternative to piloted ones, as well as lowers operational risks and increases efficiency. A best combination of commercial drones can then be selectively deployed in a wide range of complex missions. The project’s thrust is aligned to the objectives of the Services & Digital Economy domain as part of the RIE2025 plan, particularly in the application of smart autonomous unmanned technologies.
This project was awarded the MOE-Translational R&D and Innovation Fund (TIF) Grant in 2020.
- Smart Learning Analytics for Digital Crime (SLADE), 2020 - In collaboration with Custodio Technologies, HTX, and Defence Science and Technology Agency (DSTA)
The SLADE project involved the construction of a smart automated system to solve manpower overheads and capability limitations in incidence response and investigations. The system works as a digital member of the investigation team, interacting seamlessly with human investigators and amplifying case resolution efficiency and effectiveness. To achieve this, SLADE was built with carefully designed smart functionality and features that will expedite evidence collection, preservation and analysis, inference, and production of threat intelligence, as well as look-ahead management and advisory of risks.
This project was awarded the National Cybersecurity R&D (NCR)-EDB Grant in 2020.
- An Intelligent Vulnerability Analysis, Detection and Resistance Framework for Drones (VADeR), 2019 - In collaboration with Home Team Science and Technology Agency (HTX)
An example of a prototype system for drones.
This team designed and developed a prototype system that enables AI-guided vulnerability analysis of specific drones, reporting of discovered vulnerabilities, and generation of recommended remediation to increase the drone’s resistance to future attacks.
This project was awarded the Ignition Grant in 2019.
- Application Security Assessment Protocol (ASAP), 2019 - In collaboration with PayPal
An example of how using ASAP will help identify vulnerabilities before a cyber-attack.
Web application attacks are increasing in number and sophistication, resulting in vulnerabilities, such as Command Injection, Server Sider Request Forgery, Cross-Site Scripting, and XML External Entities. Currently, there is no common industry standard for a web security payload template and no standardised approach for cyber security testing of web applications, APIs, and mobile apps.
To counter this issue, the team is developing a protocol to translate attack vectors into a common language that can enable the establishment of a repository comprising updated payloads from the security community, as well as tools to help assess web applications against vulnerable payloads. This tool has the potential to benefit the IT industry, as well as other industries such as medical technology (MedTech), financial technology (FinTech), government technology (GovTech), start-ups, and Small Medium Enterprises (SMEs).
This project was awarded the Singapore Cyber Security Consortium (SGCSC) Grant in 2019.
Driving Continuous R&D and Innovation in Cyber Security
With cyber security being one of the key applied research areas, SIT will continue to explore partnerships and work with industry to continue driving the development and sophistication of cyber security solutions through applied research.