SingAREN-Fortinet Joint Workshop – “Future-Ready 2025: Empowering Research and Education Security” – 19 Nov 2024

12 Dec 2024 – SingAREN members participated in an educational and engaging Cybersecurity workshop at the Fortinet Singapore Office on 19 November 2024. The workshop’s theme was “institution of tomorrow,” covering topics such as blended learning, AI integration, and smart campuses.

Jon Lau (Vice-President, SingAREN & Director, CISO Office and Scientific IT, A*Star) delivered the opening speech, emphasizing the importance of adopting effective countermeasures to embrace innovations, knowledge sharing, and fostering collaborations to create a secure digital landscape in the face of sophisticated threats and challenges in 2025.

As we look ahead to 2025, esteemed IT security experts from the industry shared their strategies in managing these complex environments amidst emerging security threats in the panel discussion. Michelle Pareno (Regional Solution Architect – SEAHK, Fortinet) led the discussion with three industry experts: Jon Lau, Kuok Chiang Kim (Principal APJ Security Advisor – APJ, AWS), and Wijoyo Setiono (Regional Security Practice Lead – APAC, Fujitsu Asia Pacific).

Q1: How do you see the evolving landscape in Cybersecurity with global collaboration in particular, protection of sensitive data and intellectual property?

A1: Jon highlighted that threats are prevalent not only in research data but also in R&D intelligence. The key is to stay vigilant and work together to monitor the traffic flow across these collaborated networks, at the application level, and in research data centres. Proper planning at the infrastructure level and multiple security solutions are imperative to protect these research data.

Michelle shared her engagements on the increasing trend of collaboration among R&D institutions, often involving researchers across diverse regions, significantly expands their attack surface and heightens cybersecurity risks.

Q2: As institutions investigate AI with enhanced Cybersecurity, what are the key considerations that they should consider ensuring the successful adoption of Cybersecurity solutions?

A2: Wijoyo mentioned that the most challenging aspect was in the execution of AI goals. He urged policymakers to ask three basic questions when deciding on a path: (1) What is the ultimate goal to achieve with AI? (2) Who is the beneficiary of this AI and (3) How to make this project a success? Michelle added that it is more costly to implement changes to brownfield deployments which is why some institutions leverage AI on Cybersecurity Solutions to put up non-disruptive intelligent solutions e.g. monitor/analysis of threats and behavioural anomalies in the existing networks.

Q3: What guardrails should institutions use to ensure the responsible, ethical use of AI?

A3: Kuok Chiang emphasized the need for explicit, natural, and topical techniques to query the knowledge base for responses. It is advisable to perform a threat modelling with exercise to create topical guardrails, and as for high-risk utility, impact and human verification need to be carefully considered.

Q4: What is the role of AI in the SMART campus?

A4: Wijoyo said, “Augmentation is the key word for IoTs”. IoTs are expanding widely in many areas such as SMART campus, renewable energy and robotics. Objective of AI is to create optimal learning environments for lecturers & students. Cyber risks in the form of digital threat and physical threat involving AI plus IoT needs to be addressed. GenAI query, in the case of vision AI, and predictive AI can be effectively used in crisis management or in the example of building control, provide better energy efficiency.

 Q5: Keys opportunities in adapting AI/ML and finding balance without compromising Cybersecurity in IHL and research.

A5: Jon concluded that embracing GenAI is inevitable as we move forward in the social and innovative space, but appropriate safeguards and caution are necessary when exchanging data.

Q6: How can institutes develop a strong security culture?

A6: A strong security culture within an organization must be driven by partnership and trust, starting with top management. Leadership should establish clear and consistent principles that prioritize security and set the tone from the top down. Additionally, every level of the organization should be empowered to uphold and enforce the security culture within their respective roles and workspaces.

 

 Michelle delved into the various data security loopholes and challenges existing in the current Education and Research section. She also shared that there must be multiple layers of defense to help IHLs safeguard against intrusions and create resiliency in the face of ongoing attacks. She outlined the cybersecurity journey in education, detailing how an institution can take sequential steps toward digital transformation to become a “future-ready,” cybersecurity-mature organization.

Andrew Moey (Security Strategist – SEAHK, Fortinet) highlighted how institutions can safely harness AI in individual tools and unify operations. This extensive knowledge base must be complemented by robust guardrails to ensure proactive risk management. In short, we should all acknowledge that GenAI can fill skills gaps, reduce operational costs, and improve defensive stakeholders’ capabilities and capacity.

Edwin Myloth (Regional Security Architect – SEAHK, Fortinet) showcased the benefits of SMART Campus, and highlighted the prevalent attack vectors targeted at the building management system (BSM) and IoT devices. His presentation included a threat model that identify potential attack paths within the building infrastructure and introduced relevant Fortinet Cybersecurity solutions to fortify these weak links along these paths. He emphasized the importance of cybersecurity vigilance by saying, “SMART does not equal secure!”

With that, the fun began as participants formed teams to play in a stimulated Cyber Threat Landscape Gamification session. Stepping into the shoes of a CISO in this game, each team was given limited ammunition to solve three (3) realistic critical cybersecurity situations. This thought-provoking and interactive exercise demonstrated the importance of proactive defense strategies in securing educational institutions with the right tools. Anchored by Game Master Andrew, the participants were highly engaged to ensure their team emerged secure and victorious! Not only did the top teams win prizes, but this hands-on game also provided all participants with the opportunity to experience what it feels like to be a “CISO-for-a-Day.”

Figure 4  Breakout groups in action!

 

Here is the summary of the key insights gathered from this half-day workshop:

• • • Collaboration between Network and Cybersecurity teams is paramount in fostering a resilient and secure IT environment. The increasing complexity of modern networks, coupled with the rise of sophisticated cyber threats and the pressures of digital transformation, necessitates a cohesive and integrated approach.
    • Business owners must mandate a security culture and educate users about the risks. Everyone must resume their responsibility to sustain this culture. The guidelines established in their workplace are intended to safeguard each person, not to work against them.
    • As institutes establish more international collaborations in research sharing, endpoints become the main source of cyber threats and malware control must be in place with controls at access zones and data encryption is necessary.
    • Moving towards a SMART campus is imminent in the future. Proper cybersecurity vigilance MUST be in place to defend against threats, especially in high-risk vectors such as BSM and IoT devices.

 

Let us embrace this exciting AI journey and be prepared to understand the Cybersecurity landscape in the coming future. All of us can begin this journey by taking small steps to build up security credit within our organization!

We would like to express our gratitude to our panelists, Jon, Wijoyo, and Kuok Chiang, for their valuable time and insightful contributions to the panel discussion. Thank you to everyone who attended the workshop and the Fortinet speakers and employees who make it a success!

 

This article was co-edited by Teh Yi Yun (Fortinet), and Vee Len (SingAREN)