Cyber talents and standards key to defending AI and cyber threats – BG Edward Chen, SAF #FOI2024

You are the Defence Cyber Chief at the Digital and Intelligence Service (DIS). How would you describe your role in terms of strategising and coordinating cyber defence at SAF?

Cybersecurity is a team sport. As the Defence Cyber Chief, I am both a manager as well as a coach of a team of diverse and high-performing players.

As a team manager, I lead the scouting and development of talents to build up our cyber workforce. To ensure that our cyber defenders get the best training opportunities, we will be building an extensive cyber range to simulate complex training scenarios, involving both enterprise IT infrastructure and specialised critical infrastructure system testbeds.

We also work closely with commercial partners to develop best-in-class tools for our cyber defenders – ranging from incident response toolkits to malware analysis platforms.

As a coach, I supervise our team of cybersecurity specialists to monitor, detect, and respond to cyber threats on a 24/7 basis. We leverage the unique talents and strengths of every cyber defender – threat hunter, penetration tester, or digital forensic specialist – to bring out the best in every one of them, so that the Digital and Intelligence Service (DIS) can defend Singapore well in the digital domain.

Would you say that cyber defence requires a whole-of-government approach, and what are the challenges in implementing a robust defence?

Trust is key. Strong cyber defence requires tight coordination across various government agencies, to act swiftly against any national-level cyber threat. In Singapore, we are fortunate that the cyber leaders in our key government agencies know and trust one another well.

We also have a central cybersecurity authority, the Cyber Security Agency of Singapore (CSA), that brings everyone together. We regularly share perspectives on emerging cyber threats and attend regular joint training exercises. This trust amongst agencies has enabled us to collaborate well and maximise our resources to defend Singapore together. 

How do you think Singapore has done in cyber defence and what are the challenges we face?

In cyber, talent is capability. As a small country, one of the challenges we face is having enough cyber talents to defend against a large and growing digital threat surface in Singapore.

The DIS spares no effort in developing and recruiting cyber talents. We recently launched a nationwide cyber youth talent programme – the Sentinel Programme – which is for youths in secondary schools and post-secondary education institutions. Specifically, we look for youths who have strong cyber aptitude but zero coding background and put them through a rigorous cybersecurity training programme.

The secondary school and post-secondary programmes span four and two years respectively, where secondary school students who complete the former may continue learning with us in the post-secondary programme after entering junior college, polytechnic, or ITE.

At the end of this programme, these students are well-positioned to join the DIS as full-time cyber defenders. For males, they can also opt to join us as cyber specialists as part of the Cyber Work Learn Schemes for three or four years, where they can work in the DIS and study cybersecurity on a part-time basis at a local university, while concurrently fulfilling their national service obligations.

We believe this unique and variegated talent pathway will allow us to bring in the cyber talents we need to defend our country.

What is one notable cyber defence initiative that you've worked on, and how do you view the adoption of AI by governments around the world - how we should approach emerging technologies?

My favourite is the Critical Infrastructure Defence Exercise (CIDeX) – a national level cyber exercise that is co-organised by the DIS and CSA. In one of the largest and most complex cyber exercise in Singapore, we brought together over 200 front-line cyber defenders from 26 critical infrastructure agencies in Singapore to train together in an intense week-long, hands-on-keyboard cyber exercise.

It was particularly heartening for me to see how our military cyber defenders were able to work well with the civilian cyber defenders to defend against mock ransomware attacks, as well as simulated advanced nation-state cyber-attacks. The professional understanding gained as well as trust built amongst these cyber defenders during the exercise were invaluable. When called upon, we know that these cyber defenders would have the necessary knowledge and network (pun intended) to work together to defend Singapore well.  

For AI to see mainstream adoption by governments, there would need to be a robust system for evaluating related cyber threats. One key area of focus would be on AI threat modelling and validation. That said, there has yet to be a universally-agreed standard for security testing of AI models. This is something that the DIS and our Defence Technology partners are currently working closely together on, and we look forward to collaborating with more like-minded partners.

What are a few key topics you will be speaking about on the Keeping Government Apps Safe panel at FOI, and what would you like to impress upon public-sector officials on how they can aid in Singapore’s cyber defence?

As AI becomes mainstream, I believe that it will fundamentally transform the digital terrain that we operate in, and in turn change how we as cyber defenders would undertake our mission. I will discuss the range of AI-specific cyber threats and share the approach that the DIS is taking to address them.

In particular, I will emphasise the need for partnership amongst countries and with technology companies, so that we can better understand and manage these emerging threats.

Edward will be speaking on a panel exploring strategies to ensure the safety and resilience of AI technologies in government applications at GovInsider’s Festival of Innovation 2024 happening from 26 to 27 March 2024 in Singapore.  

The event is free to attend for all government and public sector agencies. Register now!