By Jane Lo
“The digital world has much to offer in terms of societal progress, economic renewal, and innovation,” said Teo Chee Hean, Senior Minister and Coordinating Minister for National Security of Singapore, during the 9th Singapore International Cyber Week (SICW), held from October 15 to 17, 2024.
However, he emphasised, “we can only unlock these benefits if people fundamentally trust digital technology,” adding that laying strong foundations to manage risks arising from emerging technologies is crucial for fostering that trust.
“We are already familiar with the risks AI can pose: from allowing malicious actors to spread disinformation to facilitating cybercrime. Another emerging technology is quantum computing,” he noted.
Teo stressed, “we now have an opportunity to prepare for such risks before these technologies fully mature and are extensively deployed.”
Indeed, as the digital landscape evolves rapidly, the need to integrate and secure technologies like AI and quantum computing has never been more urgent.
At SICW 2024, panels and key announcements explored the transformative potential of these innovations and the emerging cyber threats they pose.
Below are highlights of discussions on the opportunities and risks of integrating AI into digital infrastructure.
Panel: Augmentation of Cybersecurity Operations Using AI
The panel, featuring experts from leading cybersecurity organisations such as Google Cloud, CrowdStrike, CERT-In India, Check Point, Booz Allen Hamilton, and Ensign, explored how AI can revolutionise cybersecurity operations.
Raise cyber defence productivity by 10x – Phil Venables, CISO, Google Cloud, opened with the observation that AI plays a dual role: as a tool for security and a potential attack surface itself (“AI for Security, Security for AI”).
On one hand, AI presents opportunities for amplifying productivity (by “10x”) through automation—identifying vulnerabilities and decoding real-time malware at an unprecedented scale. However, as organisations adopt AI, they must stay vigilant to prevent these systems from becoming targets of cyberattacks.
Venables also suggested that AI could “turn the tables” on attackers by increasing the operational costs of cyberattacks, making them less attractive. He urged industry leaders to collaborate and strengthen AI security measures to keep up with AI advances (“coalition of security for AI”).
Embrace change – Fabio Fratucello, Field CTO, CrowdStrike pointed out that machine learning has been a part of cybersecurity for over a decade. However, today’s AI boom has expanded its applications to both offensive and defensive strategies.
Fratucello stressed the need to “embrace change” and develop a human-machine hybrid workforce that leverages AI’s power to manage the overwhelming volume of alerts more efficiently. He spotlighted how AI could automate tasks such as data ingestion and formatting, and perform advanced data analytics, to significantly increase detection and response “velocity”.
The evolving battlefield: speed, scale and stealth – James M. Allen, Executive VP, Booz Allen Hamilton noted that while the fundamentals of cyberattacks remain unchanged, AI is revolutionising the “speed, scale, and stealth” of attackers (for example, enabling rapid reconnaissance, vulnerabilities identification, and large-scale attacks).
He warned that defenders can become “complacent” – believing they can still “cope” with the threat landscape. The reality is that AI has reshaped the battlefield, rendering many current defences inadequate. For example, he indicated that while AI can enhance efficiency, it cannot fix “inadequate” operational models or staff training. Instead, AI should be seen as an opportunity to “galvanise” the urgency needed to implement best practices.
Need for AI maturity in cybersecurity – Dr. Sanjay Bahl, Director-General, CERT-In India, highlighted the ongoing democratisation of cybersecurity innovations, noting that over 50 patents filed in India on APIs, vulnerabilities, and red teaming. However, these innovations remain siloed, lacking the “maturity” for full integration. Dr. Bahl stressed the importance of organisations evaluating their AI maturity to keep pace with rapid technological advancements.
Panel: “Cyber Frontiers: The Implications of AI for Security”
The conversation continued with the session, “Cyber Frontiers – The Implications of AI for Security”, with representatives from the United States Cybersecurity & Infrastructure Security Agency (CISA), Checkpoint, Schneider Electric, and Cyber Security Agency of Singapore (CSA).
AI in critical infrastructure – Dr. Ryan Donaghy, Deputy Assistant Director at CISA shared insights from CISA’s efforts to mitigate risks in critical infrastructure.
She stressed the need to understand emerging threats, highlighting AI’s role as creator and amplifier of “novel risks”, and how “red teaming” could help balance innovation with security.
She also introduced CISA’s AI roadmap to strengthen cybersecurity defences across 16 critical infrastructure sectors, highlighting CISA’s focus on the “secure by design” principle for the safe development and deployment of AI across all critical infrastructures.
AI implementation – Dr. Dorit Dor (Chief Technology Officer, Check Point)notes that AI poses security challenges akin to those faced in traditional IT (such as open-sourced supply chain risks), which are compounded by AI. For examples, the creation of large “data lakes” for AI models and the introduction of AI “prompt” functionality raise access and data breach concerns.
Dr Dor also highlighted importance of trust in implementing AI, proposing “explainability,” “anti-hallucination” safeguards, and consistent “forward validation” as key strategies.
AI governance – Trevor Rudolph, Vice President of Global Digital Policy & Regulation at Schneider Electric, offered insights into how AI risks fit within corporate risk frameworks.
He explained that AI risks, like other risks, are managed using the global “risk register” but AI introduces unique reputational risks, particularly regarding biases and trustworthiness.
Rudolph shared that Schneider Electric has established a “responsible AI committee” to review AI use cases, and stressed the need for “human-in-the-loop” in critical infrastructure to avoid catastrophic AI-induced failures.
AI adoption and collaboration – Stanley Tsang, Distinguished Engineer and Senior Director (Special Projects) at the Cyber Security Agency of Singapore (CSA), highlighted the crucial role of collaboration among government agencies and industries to manage AI-related risks, as exemplified by CSA’s “Guidelines and Companion Guide on Securing Artificial Intelligence Systems”.
Tsang acknowledged the existing gap between AI practitioners and cybersecurity experts, urging for a convergence of AI capabilities and cybersecurity practices. He advocated for a cautious approach to AI adoption, emphasising the importance of clearly defined mitigation and recovery plans before broad implementation.
Launch of the Guidelines and Companion Guide on Securing AI Systems
At SICW 2024, CSA launched the “Guidelines and Companion Guide on Securing Artificial Intelligence Systems” to help organisations secure AI systems.
These guidelines address threats like supply chain attacks and adversarial machine learning, drawing on international standards and emphasising a “secure by design and secure by default” approach akin to all software systems.
Recognising that merely hardening AI models is insufficient to mitigate security risks, the CSA recommends a life-cycle approach to identify and address security risks throughout the entire AI system lifecycle, encompassing the phases of “Planning and Design”, “Development”, “Deployment”, “Operations and Maintenance”, and “End of Life”.
The CSA is actively collaborating with AI and cybersecurity practitioners to develop the Companion Guide, a community-driven resource that provides practical measures for implementing these guidelines, and is continuously updated to reflect evolving developments.
Building Trust and Security in the Digital Era
These dialogues and updates at the 9th Singapore International Cyber Week highlight a crucial reality: while AI can bolster cybersecurity, it also poses new risks.
Several key takeaways resonate with previous insights, including the power of collaboration, the importance of closing skills gaps, and strategies to mitigate potential data breaches. Established principles such as “security-by-design” are reinforced, alongside emerging concepts like human-machine partnerships. By combining human creativity with AI’s immense processing capabilities, we can develop formidable defenses in this evolving cyberthreats landscape.
However, rise of technologies like AI highlights the need for transparency and reliability. By implementing explainability, bias management, and “human-in-the-loop”, we can build trust in AI systems. As Mr. Teo Chee Hean highlighted, realising the full potential of the digital realm hinges on building trust. Trust in AI can be fostered by combining established practices and principles, with emerging and novel approaches as explored during SICW 2024
“This is what we hope SICW can do – bringing people together, providing the space for crucial conversation, and allowing ideas, partnerships, and most importantly, for trust to take shape,” concluded David Koh, Commissioner of Cybersecurity and Chief Executive, Cyber Security Agency of Singapore, during his remarks at the SICW 2024 Opening Ceremony.
