Dr Irving Lachow joined MITRE in 2010 as a Principal Cyber Engineer and has led several corporate initiatives as well as projects for the U.S. government, CSA and AustCyber. In addition to working at MITRE, Dr Lachow is a Non-Resident Fellow at the Center for Strategic and International Studies and an Affiliate at Stanford University’s Center for International Security and Cooperation.
Dr Lachow has authored or coauthored more than 30 publications, including books, articles, and reports. Notable media appearances include the PBS NewsHour, CNN, CSPAN, the Los Angeles Times, the Christian Science Monitor, ForeignPolicy.com and Time.com. Dr Lachow received his Ph.D. in engineering and public policy from Carnegie Mellon University. He earned an A.B. in political science and a B.S. in physics from Stanford University.
Cyber Threat Landscape & Intelligence
Cyber Threat Intelligence Frameworks
MITRE ATT&CK™ is a globally accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community. ATT&CK is largely a knowledge base of adversarial techniques — a breakdown and classification of offensively oriented actions that can be used against particular platforms, such as Windows. Unlike prior work in this area, the focus isn’t on the tools and malware that adversaries use but on how they interact with systems during an operation. This presentation will share ways industry and government CERTs could incorporate MITRE’s ATT&CK framework into their cyber threat information sharing and analytic operations.
Professor Lam is a Professor of Computer Science at the School of Computer Science and Engineering and Director of the Nanyang Technopreneurship Center, Nanyang Technological University (NTU), Singapore. He is concurrently serving as Director of the Strategic Centre for Research in Privacy-Preserving Technologies and Systems (SCRIPTS), and Director of NTU’s SPIRIT Smart Nation Research Centre. He served as the Program Chair (Secure Community) of the Graduate College of NTU 2017-2019. Professor Lam has been a Professor of the Tsinghua University, PR China (2002-2010) and a faculty member of the National University of Singapore and the University of London since 1990. He was a visiting scientist at the Isaac Newton Institute of the Cambridge University and a visiting professor at the European Institute for Systems Security. In 1997, he founded PrivyLink International Ltd, a spin-off company of the National University of Singapore, specializing in e-security technologies for homeland security and financial systems. In 2012, he co-founded Soda Pte Ltd which won the Most Innovative Start Up Award at the RSA 2015 Conference. In 1998, he received the Singapore Foundation Award from the Japanese Chamber of Commerce and Industry in recognition of his R&D achievement in Information Security in Singapore. Prof Lam received his B.Sc. (First Class Honours) from the University of London in 1987 and his Ph.D. from the University of Cambridge in 1990. His research interests include Distributed and Intelligent Systems, Multivariate Analysis for Behavior Analytics, Cyber-Physical System Security, Distributed Protocols for Blockchain, Biometric Cryptography, Homeland Security and Cybersecurity.
Leveraging Machine Learning, Automation and AI in Next Gen Cybersecurity
Root of Trust or Chain of Trust for Critical Cyber Systems
The Cyberspace is technically a massive-scale, heterogeneous distributed system. From the angle of Cybersecurity, the challenges are main due to the fact that the Cyberspace is borderless, cross-industry and cross-domain, hence resulting in the lack of a trusted third-party, which is almost invariably assumed in most practical security mechanisms. On the other hand, confidence in Cyber systems is largely based on certainties of the liabilities of system users. The absence of trusted security mechanisms will lead to uncertainties in liabilities, hence result in loss of confidence in Cyber systems. This is especially detrimental to the adoption of Cyber technologies in critical systems, such as IoT and FinTech. Recent technology developments, such as Blockchain and AI, aim to address the issues of decentralized trust as well to explore predictive analytics in Cybersecurity. In this talk, we discuss the trust issues of AI and the trustworthiness of machine-learned decisions, which is a topic of interdisciplinary nature. Besides, we also brief explain the notion of decentralized trust in Blockchain. The talk will also suggest possible approaches to establish chains of trust in the Cybersecurity for achieving better security and confidence in the Cyberspace.
Dr Le Van Gong is a Senior Cryptography Strategist at PayPal where he helps define PayPal’s long term security strategy. He represents PayPal at various security standards groups such as IETF, W3C, FIDO, and PCI Encryption Task Force. He also leads R&D projects that focus on leveraging the latest advancements in network security and cryptography to further secure online transactions. Dr Le Van Gong actively collaborates with top tier universities and think tanks to strength PayPal's technology thought leadership. Prior to PayPal, Dr Le Van Gong has held various positions at Sun Microsystems, Neustar as well as Sony Electronics. He received a PhD in Computer Science from the University of Paris, France.
Navigating Cybersecurity From End-User Perspective
Building a User-centric Research Program
As the cyber threat landscape continues to evolve, organizations must go beyond establishing and maintaining a strong security baseline to support compliance and basic hygiene expectations. As a global leader in digital payments PayPal treats security as top priority and has established a research program focused on user experience, trust, and safety. From protecting identities, financial transactions, customer data, and improving the ecosystem PayPal has helped create frameworks and protocols such as FIDO, HSTS, and DMARC. In this session, we will share recent research efforts aimed at improving user security without compromising experience. From advanced cryptographic techniques to anti-phishing efforts, our experience in building applied research programs will illustrate both the importance of participants of the broader ecosystem coming together to partner and re-emphasize PayPal’s commitment to making the internet a safer place for all consumers to pay and get paid.
Walter Lee is the Evangelist and Government Relations Leader at NEC Corporation. He provides leadership in advocacy and strategic partnerships with government agencies and strategic partners across the world for co-creation of innovative solutions for smart and safer cities. Prior to this, he was the Head of Innovation Management Office at NEC Global Safety Division.
Walter represented NEC at various UN Development Programme workshops and ASEAN technology forums related to Smart and Safer Cities solutions.
He co-authored the whitepaper “How Digital Technologies can be the Difference in Making Cities Safer”, and was selected to present the paper at the Milipol Asia Pacific 2019 held in Singapore from 2-4 April 2019.
He was the CEO of the e-Cop Group of companies, Senior Vice President at the Agency for Science, Technology and Research, Singapore and Vice-President/Head of Consulting at IDC Consulting Asia Pacific and member of the IDC Worldwide Consulting Management Board. Walter was also the Vice-President and Head of E-Commerce for the SIA Group of companies.
Cybersecurity and 5G
Securing the 5th Dimension - 5G and Industry 4.0
Industry 4.0, accelerated by 5G, IOT and Big-Data, will result in massive transformation and disruption to the global supply chain as we know it. Cyber-security becomes a critical concern in this new era as we enter the 5th Dimension of cyber-physical integration brought about by the Internet-Of-Everything.
Marc supervises and provide directions for the data ops, data science, and cyber security research team who are based in Boston, Raleigh, and Lisbon. The team is currently 17 people strong and growing. Under Marc’s leadership, this team prides themselves on being aligned to customers needs, and their ability to meet the demands of our marketplace which, incidentally, was created by BitSight. The scope of their responsibilities include ideation through product release and beyond to sales, support and the success of the product.
Marc started his career as a data scientist at BBN Technologies in the 80s while studying Cognitive Science at MIT. Venturing out of the Hub, Marc’s path included earning a CS PhD in upstate NY, working on machine translation in Germany, search at the MITRE Corporation in Bedford, bioinformatics at the University of Iowa, natural language processing at Thomson Reuters in Minnesota, electricity market forecasting at WindLogics, electricity theft detection for Florida Power & Light, and predictive analytics for Industrial IoT at Honeywell.
Proactive Cyber Defence
What Ails My Peers Today Could be My Ailments Tomorrow
One aspect of Proactive Cyber Defense is understanding how you are likely to be attacked so that you can optimally allocate resources. With knowledge of your peers or your neighbouring countries, and how they have been attacked is a start at building this understanding. Marc will show how to leverage internet scale malware infection and breach data along with a number of peer sets to build a picture of how your peers are being attached, and thus how you should expect to be attacked. Marc will also show how to compare your defenses to those of your peers to get additional context.
As Head, Talent Networking, Juliana tackles the same challenges surrounding tech talent that many companies and industries face but approaches them differently. She leads SGInnovate’s work in strengthening individuals’ capabilities in the deep tech space, building a strong mentors & multipliers network, as well as in expanding the talent marketplace, where ambitious and capable people and high-potential startups can seek each other out.
Working with like-minded partners such as large corporates and institutes of higher learning, Juliana and her team have executed various learning and development programmes that have benefitted more than 400 deep tech talent in AI and Blockchain. In building the deep tech talent network, she is focused on three main areas – targeting new pipelines, increasing touchpoints and attracting talent to startups.
Under her leadership, the team has also put together the first-ever deep-tech-focused apprenticeship initiative – the Summation Programme. A curated pool of students will partner experienced software and engineering professionals to embark on innovative projects focusing on areas such as artificial intelligence, machine learning, deep learning and blockchain.
Talent & Capability Development
Future of Cyber Security Talent
As cities and countries are more connected, and with more lives being connected in the online space, the need for stronger cyber safety and security being enforced. The cybersecurity profession is facing a shortage of qualified talent to fill an increasing demand for positions. Noting this crisis, what are some of the ways we can think outside the box and mitigate this challenge? Juliana will be sharing more.
Dr Lim Woo Lip is the Executive Vice President (Technology & Capabilities) in Ensign InfoSecurity, one of Asia’s largest integrated pure-play cybersecurity firms.
Prior to this role, Woo Lip was the Vice President of Data Analytics and Cyber Security at StarHub. He led StarHub’s development in big data analytics and cyber security capabilities.
As a firm believer in building the local ICT ecosystem for long term sustainability in Singapore, Woo Lip has helped to establish links between government agencies, institutes of higher learning (IHLs) and commercial companies for collaborations and joint developments in data analytics and cyber security.
Prior to joining StarHub, Woo Lip worked in the Ministry of Defence (MINDEF) and the Singapore Armed Forces (SAF) for 25 years. His last post was Director of Policy and Plans in MINDEF from 2012 to 2013. Over the years in MINDEF and the SAF, he held various positions such as Head of Technical Branch in Joint Service and Deputy Director of Infocomm Infrastructure Solutions in Centre for Strategic Infocomm Technologies (CSIT). Woo Lip was also the Lab Head of Advanced Communications Lab and Wireless Communications Lab in CSIT from 2004 till 2009. Under his leadership, the teams at Research Labs had achieved many breakthroughs in infocomm security technologies that were subsequently operationalised. He was awarded the National Day Public Administration Medal (Bronze) in 2012.
Woo Lip is currently a member of the Advisory Committee at Republic Polytechnic’s (RP) School of Infocomm. In this role, he has facilitated RP’s industry collaborations on data analytics and cybersecurity. He was conferred the Singapore Computer Society IT Leader Professional of The Year Award in 2017 in recognition of his contributions to the infocomm technologies and media community in Singapore. He was also conferred the Leader Award at the Inaugural Cyber Security Awards 2018 organised by Association of Information Security Professionals, for his contributions to Singapore’s cybersecurity ecosystem.
Woo Lip received the Defence Technology and Training Award (DTTA) and graduated from the University of Bath (UK) with a Bachelor of Engineering (1st Class Honours) in Electronic and Communications Engineering. He was later awarded the DTTA (Postgraduate) and obtained his Doctor of Philosophy (Ph.D.) in Electrical Engineering (Mobile Communications) from University of Surrey (UK).
Cyber Threat Landscape & Intelligence
Developing Real-time Hyper-localised Threat Intelligence to Counter Advanced and Targeted Threats
As the deluge of threat continues, national governments and enterprises are fighting an asymmetric cyber war. Modern cyber attackers are well-funded and increasingly sophisticated, adept at highly-targeted techniques to breach cyber defenses in multiple ways. To counter these advanced and targeted threats, hyper-localised cyber threat intelligence focused on eminent threats can provide pre-emptive capabilities. A multi-level threat intelligence platform, built from strong data analytics capabilities and deep domain expertise, can forewarn imminent sector-specific threats critical to national security.
Dr Terence Liu leads TXOne Networks, a joint venture company by Trend Micro and Moxa. TXOne Networks brings pragmatic and practical OT cyber defense to industrial world. Ter-ence also leads Trend Micro's Network Threat Defense Technology Group to expand the company’s footprint to virtualized telecommunication networks. Prior to Trend Micro, Ter-ence was the CEO of Broadweb which was acquired by Trend Micro in October 2013.
Industrial Control Systems (ICS): Vulnerabilities & Resiliency
IT-OT Convergence in ICS Cyber Defense
The OT environment has been facing actual cyber threats recently with the rise of IT-OT convergence and Industrial IoT. Unfortunately, implementing cyber defense in OT could be rather challenging because of legacy liability as well as constrains on both technologies and resources. This talk will discuss recent cyberthreats, sharing real case studies to illustrate the change in the threat landscape in OT and hackers' actions and share how IT and OT could work together to maximize the coverage of cyber security protection, as well as propose some pragmatic and practical defense tactics.