Support & Downloads

Quisque actraqum nunc no dolor sit ametaugue dolor. Lorem ipsum dolor sit amet, consyect etur adipiscing elit.

s f

Contact Info
198 West 21th Street, Suite 721
New York, NY 10010
youremail@yourdomain.com
+88 (0) 101 0000 000
Follow Us

CYBERSECURITY INDUSTRY
CALL FOR INNOVATION

Applications for the Cybersecurity Industry Call for Innovation are now closed.
Thank you for your interest in the first cycle of the programme.

We will be inviting the shortlisted applicants to the next round of evaluation shortly.

An initiative by

Powered by

tnblogo

Supported By

About the Call

Cybersecurity Industry Call for Innovation aims to
uplift Singapore’s cybersecurity landscape by

Helping cybersecurity stakeholders identify, distil and articulate sophisticated demand

Enabling co-innovation of new products and services between solution providers and end-users.

Encouraging the adoption and trial of newer solutions

Industry Call Timeline

01
CALL

Call for Proposals
18 Sep 2018 - 18 Dec 2018

Announced and launched on 18 Sep 2018 during DPM's Speech at
Singapore International Cyber Week (SICW)

18 Dec 2018 is the deadline for companies submission of interest
using the PowerPoint slide template provided

02
SELECT

Pitching Sessions
19 Dec 2018 – 28 Feb 2019

To connect demand drivers and solution providers for deep dives
into the technicalities of their proposals

Companies not notified by 1 Mar 2019 have not been selected for
the programme

03
AWARD

Final Selection
1 Mar 2019 – 30 Jun 2019

For CSA POC Grant Applicants:
Deadline for Full Proposal submission: 1 Mar 2019 (for invited
companies)

CSA Committee Evaluation: 11 – 22 March 2019 (estimated)
Award of POC Funding and Project Kick-off: Estimated Jun 2019
onwards

About the Funding Scheme

Co-innovation and Development
Proof of Concept (POC) Funding
Scheme

The scheme supports the co-development of innovative cybersecurity solutions between solution providers and committed cybersecurity end-users. Selected solution providers will be provided a funding support of up to $500,000, for project duration of up to 12 months, subject to evaluation by CSA Evaluation Panel.

It aims to catalyse the development of innovative cybersecurity solutions that would meet national cybersecurity and strategic needs, with potential for commercial application.

Providers are able to leverage on Minimum Viable Product or market ready technology to develop new cybersecurity application.

*More details can be found here: https://www.csa.gov.sg/programmes/proof-of-concept-scheme

Qualifying and Evaluation
Criteria

  • All Singapore registered companies are eligible for the Co-innovation POC Funding Scheme. Overseas firms that are not registered in Singapore will need to partner with a Singapore registered company.
  • The project should use Singapore as a base to own, manage and exploit all intellectual property rights developed.
  • The project must not have commenced at the time of application.


Funding support will be on a reimbursement basis, for the following expense items:

  • Expenditure on Manpower
  • Equipment
  • Professional Services
  • Other Operating Expenditures


Proposals will be evaluated according to:

  • Quality of proposed solution including cost reasonableness
  • Commitment from cybersecurity end-user
  • Wider applicability and benefit to industry
  • Team competency

Investment and other support

Selected solution providers will be given additional support to implement projects:

  • Investment opportunities from seed to Series A round of up to $3million by TNB Aura Fund
  • Investment opportunities from Seed to Series A round and testbed environment by Momentum, Corporate Venture arm of SMRT Corporation Ltd.
  • Paid pilot and testbed opportunities in Singapore Science Park 2 by Ascendas-Singbridge​

*The evaluation criteria is subjected to evaluation by respective demand drivers and partner.

Challenge Statements

The Cybersecurity Industry Call for Innovation is looking for innovative solutions that address the cybersecurity challenges of enterprises in Singapore. These solutions should be ready for testing and deployment within a 12 month timeframe. i.e. level 6 and above in terms of the Technology Readiness Level. In addition, together with our end-users we have compiled a set of challenges to jumpstart ideas for innovation.

The Challenge Statements are just the beginning of an iterative process between the solution providers and end-users. It is a means to an end of coming up with innovative solutions to tackle the cybersecurity challenges in Singapore. Hence, the next step forward is for solution providers to provide a preliminary submission of your proposal. Shortlisted solution providers will be invited to brainstorm on their ideas with our partners to further refine their innovative solution.

Advanced Protection and Detection

Operational Technology Intrusion Detection Systems

The Operational Technology (OT) network is a collection of devices designed to work together as an integrated and homogenous system. Information Technology (IT) systems security consideration is traditionally to protect sensitive data; whereas the core OT operating system was designed for Safety & Health, Availability, Reliability & Efficiency (S.H.A.R.E). Any breaches in the OT system may result in impact on personal or property safety.

A core difference between IT and OT is that the former uses standard TCP/IP protocols, whereas the latter typically consists of systems from different OEMs with proprietary protocols and legacy control bus. Hence, it becomes a challenge to detect security breaches in an OT system with many different proprietary systems.

We are seeking innovative OT intrusion detection solutions based on the normalcy of the known process model, abnormality of network and system traffic between field devices and HMI, including but not limited to:

  1. Profile network communication
  2. Identification of “first seen” event.
  3. Identification of unusual manipulation of critical perimeters.
  4. Identification of unusual traffic between controllers. (e.g high volume, or abnormal hour)
  5. Identification of anomaly in the traffic in a wide variety of vendors’ proprietary controllers/devices
  6. Comparison of predicted dynamic process model data (note: not system baseline) against sensors data
  7. Identification of comparison deviation in (6)
  8. Periodic controllers’ program/functions/firmware validation
  9. Data/data registers’ integrity inspection
  10. Correlation of field devices anomaly with network layer anomaly to detect malicious activities.

The following considerations are highly recommended for any proposed solution:

  1. No consumption of production network bandwidth
  2. Scalability of the proposal solution.

Updated as at 13 Sep 19

Operational Technology Log Analysis

The Operational Technology (OT) networks (e.g. industrial control and supervisory control and data acquisition systems, ICS/SCADA) are a collection of devices designed to work together as an integrated and homogenous system. If one of these systems fails, it will generate a catastrophic domino effect.

Many of these OT systems comprise of various components that require system engineers to collect and monitor logs from different devices. The system engineers have to manually check logs and contact third party vendors for assistance for the OT systems or other non-documented legacy system issues.

A key challenge lies in insufficient documentation or knowledge for interpreting logs, alongside different logs with various formats that may prevent timely interventions. Different systems also have different command sequences, logic and protocols, resulting in logs unique to each system. Other challenges include having low quality and conflicting data points that affect timely triage across multiple systems, thus potentially leading to several costly false investigations.

We are seeking innovative solutions including but not limited to:

  1. A platform to collect and translate logs from different OT system to a common language (the underlying semantics of the logs) that can be easily understood by the operators.
  2. Automatically and accurately generate alerts of abnormal network behavior
  3. Analysis of logs from different parts of a system to trace and identify the root cause of an event

Updated as at 13 Sep 18

Advanced Threat Monitoring

Security Operation Centres are dealing with a large variety of big datasets everyday. Some information sources are structured (eg. security logs), while others are unstructured (eg. intelligence reports on new threats). The current process of security analysts starts from sifting through all information sources (internal and external) to identifying noteworthy correlation from all data points. In a swath of irrelevant noise, security analysts are expected to focus on relevant data and venture to identify known and unknown threats.

We are seeking innovative solutions that will address all challenge areas as follows:

1. The first area is building an adversary behavioural and Tactics, Techniques and Procedures (TTP) knowledge base using known “attacker” datasets from all sources of information (both structured and unstructured). The knowledge base should also include modus operandi and adversarial actions of persistent threat actor over time. This shall aid the tracking, all-source analysis and assessment of emerging and evolving threats and allow organisations to proactively defend against these threats.

2. The second area is identifying “known” threat/anomalous activities. With the insights from the knowledge base in (1), similarities in “known bad behaviour” can be used to surface “known” threat/anomalous activity flows from network telemetry datasets, such as malware “beaconing”/callback activities, covert channels and possible data exfiltration etc. Analytics should be applied on both successful and failed/blocked attempts to gain further insights to the threat landscape specific to the organisation. This shall also further build up the knowledge base in (1).

3. The third area is discovering “unknown” threat/anomalous activities. With the “known” threat/anomalous activities formed, how can it be used to identify “undiscovered” or “unknown” attack processes from network telemetry datasets, e.g. new attack campaigns.

4. The fourth area is pinpointing precursors to a potential cyber-attack. Insights derived from “known” and “unknown” threat/anomalous activities will allow analysts to understand the cyber threat landscape over time (i.e. historical as well as real-time). This will allow pre-emptive measures to be put in place to mitigate against potential cyber-attacks.

We are seeking solutions to develop a coherent solution to address the aforementioned areas. This will aid organisations to achieve an efficient and effective way of deriving insights from very large dataset to better forewarn against eminent threats.

Solution providers should assume that

  1. No sample data will be shared by the sponsored organisation.
  2. Solution providers have to source for relevant datasets, deemed adequate by the sponsored organisation, to demonstrate the capabilities in solving the above challenge areas

Updated as at 13 Sep 18

Securing Social and Digital Platforms from Phishing and Malicious URL Redirects

With increasing business demands for creating new digital & social media channels via partnerships, end-users need to enhance digital security by securing it’s platforms (including third party platforms) against URL redirects and fake content.

A key challenge lies in insufficient real-time analysis and detection capabilities of malicious or fake user comments via uploading of files and phishing URL(s). A common example is when a user is deceived by trusting a redirected source by disclosing confidential information.

We are seeking innovative solutions to improve real time analysis and detection capabilities including but not limited to:

  1. Identification of malicious posting on a single or cross platform, and automatically remove the posting
  2. Identification of “bad” user and automated blacklisting bad user.
  3. Identification of unusual high volume posting from single user.
  4. Identification of attack profiles (e.g region, attack hours

Updated as at 13 Sep 18

Customer / User Data Security and Privacy

Incomplete customer data are often misleading and result in poor marketing decisions. Moreover, these data are mostly stored and managed in different databases and systems; thereby increasing the risk of data misuse and leakage.

As such, many organizations are increasingly looking to incorporate a single customer overview (also known as a ‘360’ or ‘unified’ customer view) where all customer data are consolidated into a single record.

We are seeking innovative solutions including but not limited to:

  1. Efficient customer data collection and consolidation from various touch points; alleviating the need for customers to do multiple data entries
  2. Effective protection of customer privacy and sensitive data
  3. Detection and blocking of abnormal access of customer data
  4. Trace and monitor whereabouts of customer data
  5. Prevent customer data leaving organization system.

Updated as at 13 Sep 18

Reducing Human Vulnerabilities in Security Systems to Achieve Better Security Compliance

Human’s vulnerabilities remain the achilles’ heel of cybersecurity. These include carelessness, ignorance, mistakes and even ‘curiosity’. It has been reported that an estimated 60% of enterprise companies were targeted by social engineered attacks.

The current method of periodic training and informative sessions is expensive, consuming, ineffective and often reactive. With a growing number of touch points and security compliance requirements, providing timely and effective user training becomes a daunting challenge; especially in an extensive workforce present in multiple locations and geographies.

End-users are seeking innovative tools to educate their users and provide for timely interventions in the event of unfavourable user behaviour.

We are seeking innovative scalable solutions to provide for:

  1. Timely and contextualised training and guidance across multiple use environments to address vulnerabilities such as phishing and vishing, whilst remaining compliant (eg. handling consumer data) and nurturing a more ‘security-aware’ culture.
  2. Automated and highly accurate tools that provide timely interventions as users conduct their daily business. These tools should have the intelligence to evolve alongside changing threats and be easily incorporated into various touch points and applications (eg. emails and marketing software).

Updated as at 13 Sep 18

Advanced Security Operation

Patch Management and Vulnerability in Operational Technology Environment

Patches are applied to update systems and deal with vulnerabilities or security gaps. Software makers routinely deliver patches for products to ensure system safety whilst updating systems. Without these patches, new functionalities remain undelivered and systems can be vulnerable to cyber attacks.

One of the key challenges is the risk of applying these patches to a production system. Every OT system is different, even though the patch has been tested in the OEM setup, it is still necessary to thoroughly review patch management documentation, whilst performing a proper risk assessment before allowing patches to be released into production. Due to the high cost of setting up a mirrored staging site for the testing of patches, often the patch has to be applied directly to a production system.

Another key challenge is the delay in the patch execution. In critical systems, some patches can only be applied during maintenance period; thereby leaving the organization at risk to the vulnerabilities for months or even a year. The process of patch execution remains time consuming and requires dedicated personnel – downloading and updating patches manually takes a long time.

We are seeking innovative solutions including but not limited to:

  1. Cost effective assessment of the interdependency impact of the patches and patched systems
  2. Identification of vulnerabilities (especially known or zero-day attacks) on an existing in-situ OT landscape to form a risk decision matrix for end-user to decide if it is critical for patching.
  3. To prevent vulnerabilities being exploited without a patch
  4. A more effective and efficient patch management methodology/system in a silos, multi-site operating environment

Updated as at 13 Sep 18

Securing IOT/Cloud Systems in Building Management

The end-user develops and manages numerous buildings within technology parks in multiple countries. There are emerging estate monitoring and building management solutions that are IoT and/or cloud based. The end-user wishes to adopt these new innovative offerings at the earliest feasible time to improve efficiency, sustainability and overall manageability. However, these IOT/Cloud solutions are also possible launching grounds for cyber attacks and/or a catalyst for more broad base building-wide failures; thereby increasing collateral damage.

We are seeking frameworks and innovative solutions that would reduce the risk and at the same time allow for quicker adoption of these IOT/Cloud systems in a scalable way across multiple buildings in multiple locations. We are seeking solutions including but not limited to:

  1. Systematically and rigorously evaluate the cyber risks posed by the adoption of these systems.
  2. Scalable solutions to monitor and provide timely notifications when these systems turned vulnerable and posed cybersecurity threats.
  3. Scalable solutions to expeditiously isolate these systems in the events of potential threats.

Updated as at 13 Sep 18

Effective evaluation of the Security Posture of Outsourced Partner's Systems

Outsourcing network services is a common business practice for most large organisations. Although these digital/network services often undergo rigorous contract reviews, content audits and extensive access control; they lack real-time risk identification and protection.

Due to the lack of visibility in engaging security implementation outside contractual specifications; outsourcing can pose a serious risk to proprietary information, especially protected user data. With the rise of cloud service providers from niche to global providers, there is a lack of a real time security assessment, governance and certification of these providers for end-user driver to evaluate the cloud provider actual security posture in areas of operations, systems, networks and data protection.

Nevertheless, there are potential new vulnerabilities given the data sharing with third parties as well as the multi-layer interconnect between two independently operated systems. These threats are exemplified by any changes and updates that are independently conducted by each party.

We are seeking proposals on innovative solutions including but not limited to:

  1. Improve assurance mechanism and to gain insights of the outsourced partners/providers’ internal security controls in the areas of data security and privacy for all 3rd parties including cloud providers
  2. Threat risk assessments on systems access and connections and impose a need to know basic when granting access rights to external outsourced vendors.

Updated as at 13 Sep 18

Intelligent management of Identity Access Management and Governance

Large corporates have thousands of users island-wide scaling across many core departments IT based applications and OT physical card access system. The current identity management and governance is based on a manual process where department managers are required to signoff individual users and access rights on an annual basis. This not only results in unproductive man-hours, but also causes an outstanding audit challenge.

Moreover, a lack of transparency exists as the current identity platform and process does not provide unified management and baseline visibility of its privilege administers, normal users, groups and access permissions.

With the rise of cloud and mobile channels, digital business applications are outgrowing traditional network boundaries; alongside the pressure to scale faster. This phenomenon becomes a constant spectre of hacking, insider threats and consumer fraud – thereby necessitating identification-based access controls throughout the different environment.

We are seeking innovative identity access management and governance solutions based on the AI concept of including but not limited to:

  1. Learning and discovery of users, groups and access including privilege user accounts across various operational and information systems, operating systems, networks and applications including 3rd party outsource & partner cloud environments
  2. Identification of anormalcy or abnormality of identity access and management across network, application and system traffic
  3. Monitor abnormal user access to system accounts
  4. Intelligence assessment of user rights assignment

Updated as at 13 Sep 18

Join our mailing list to know more of upcoming events.