Edward Chen

GMO Flatt Security Research An official blog of GMO Flatt Security Inc. based in Tokyo, Japan. We are striving harder to improve the cybersecurity for the local and global community. We strongly believe that identifying and eradicating cyber weaknesses on products will eventually make the internet a much safer medium to communicate and utilize. https://lnkd.in/gKQnENVr

3

1 Comment

Titilayo Shodiya, Ph.D.'s blog is a great overview of our views on the importance of securing the agentic web. Let’s add one more entry to the list, Infoblox’s response to the National Institute of Standards and Technology (NIST)’s RFI on Security Considerations for Artificial Intelligence Agents. Our recommendations: 👉 NIST’s AI security frameworks should treat AI agent discovery as a critical security control. Organizations must be able to enumerate, authenticate, and govern all agents that can reach their data, tools, and networks. Without that, every other security control is operating on incomplete information. Yet today, most organizations lack a uniform way to discover, inventory, and verify the AI agents operating across their environments. 👉 NIST should support open, vendor‑neutral standards for agent-to-agent discovery mechanisms. DNS‑based AI Discovery (DNS‑AID) is an open initiative— published as an IETF internet draft — to make the Domain Name System the authoritative discovery and trust verification layer for AI agents. DNS is a natural foundation for agent discovery because it already underpins most network interactions and can act as a preemptive security control to evaluate and govern agent traffic before any connection is established. The National Cybersecurity Center of Excellence (NCCoE)'s upcoming project on agent discovery is an excellent opportunity to demonstrate how open discovery improves security, resilience, and interoperability.

6

If only European and American governments would do the same to protect critical infrastructure from rising cyber attack. Singapore to equip critical information infrastructure owners with proprietary threat detection systems. This will strengthen their abilities to detect malicious activities in their networks, said Senior Minister of State for Digital Development and Information Tan Kiat How. "Typically, national security is the exclusive domain of governments, such as developing cutting-edge technological systems and training skilled operators to deal with various threat scenarios," How said. "We have decided to avail some of the government’s expertise to the private sector, to level the playing field between the defenders and the attackers." The proprietary tools, developed by the Centre for Strategic Infocomm Technologies (CSIT), will complement commercial threat detection systems used by CIIOs. The CSIT is a technical agency in the Ministry of Defence. https://lnkd.in/gqKCCrRy

4

🛰️ Dalvir Singh from Office for Space Technology & Industry, Singapore (OSTIn) shares how Singapore is thinking about growth in its space sector, the role of partnerships, and what makes the country a practical entry point for space companies looking to scale in the region. 🎥 Watch the conversation. 🚀 CYSAT Asia, co-organised by SGInnovate and CYSEC, takes place on 5 February 2026!!

7

1 Comment

​I had the privilege of attending my first GovInsider Festival of Innovation 26 recently. It was an eye-opening experience listening to distinguished leaders like Gek Peng Tay (Ted talk vibes 👏) share their journeys through change management and digital transformation. ​I was also incredibly humbled to receive a Special Mention for the ‘Innovator of the Year’ award. A huge thank you to the RAiDers at RAiD (Jerome TAY, Edwin Tan) for the nomination 🙏 it was an unexpected surprise that made the event even more meaningful. ​Beyond the award, the sessions sparked some deep reflection on my own journey as an OC and innovation practitioner. Innovation is often treated as a buzzword, but to me, it boils down to three core truths: ​1. It’s Human-Centric, Not Tech-Centric: Innovation isn't about chasing the latest software or hitting man-hour saving KPIs. It’s about genuine care. When you take the time to actually listen to your people and understand their friction points, buy-in for a solution happens naturally. Empathy is the best engine for change. ​2. Design "Doing" > Design "Thinking": Workshops and courses provide the toolkit, but real change only happens when you’re willing to get your hands and feet dirty. Innovators are creators, not spectators. In our world, "No Action Talk Only" (NATO) 🤣 doesn't move the needle — experimentation does. ​3. Leading by Example: Innovation cannot flourish under a leader who is resistant to change. If we are privileged enough to lead, our actions must be the "wind to the sails" of progress. If I’m not willing to try new ways of working, I can’t expect those under my charge to do the same. ​Looking forward to taking these lessons back my unit (and my future posting) to continuing the "doing." ​#GovInsider #Innovation #DigitalTransformation #Leadership #PublicService #ROI2026

48

6 Comments

BREAKING: Singapore just released a framework for agentic AI security—autonomous systems that don't just recommend actions but independently execute them. Singapore's Cyber Security Agency is now addressing the next frontier: AI agents that write code, manage supply chains, make business decisions at machine speed, all without human oversight. Singapore's framework maps the vulnerabilities we've associated with agents: 🔍 Prompt injection attacks that hijack AI decision-making. 🔍 Unauthorized tool access. 🔍 Data exfiltration. 🔍 Unintended autonomous actions that cascade beyond their original scope. The framework establishes capability-based risk assessment: where can AI agents be exploited, what damage can they do, how do we contain it? It mandates lifecycle controls from design through deployment. Medical AI faces different scrutiny than entertainment recommendations. Real-world testing happens through government-Google Cloud sandbox partnerships. This matters beyond Singapore: This isn't a one-size-fits-all mandate. It's a step forward for ASEAN. Singapore's SEA-LION project—open-source language models pre-trained for Southeast Asian contexts—proves regional AI infrastructure isn't theoretical. ASEAN doesn't need to choose between American or Chinese systems. We too can build sovereign regulatory approaches reflecting our own priorities. The question is whether the rest of the region treats Singapore's framework as a model to adapt or a milestone to watch from the sidelines. Digital sovereignty means having the capacity to build alternatives when our interests demand it. Singapore just proved first-mover advantage matters. Will ASEAN countries adapt this model or watch Silicon Valley and Beijing write the rules instead? Link to my analysis of ASEAN's opportunity - in the latest edition of Asia AI Policy Digest - in the comments! #AIGovernance #ASEAN #DigitalSovereignty #AgenticAI #Singapore #AIPolicy #TechPolicy

48

4 Comments

​Is Your Organization Built to Withstand the Unexpected? 🇸🇬 ​Digital connectivity and power are the lifeblood of modern commerce—but what happens when they go dark? ​From 1 to 15 February, MINDEF is conducting Exercise SG Ready 2026 (ESR 2026). This year’s theme, "Are you ready for disruptions?", shifts the focus toward a critical reality for every business owner: surviving prolonged power outages and digital service failures. ​What’s happening? ​To simulate a real-world energy security crisis, various essential platforms (including OneNS and Workpal) will go into maintenance mode. This isn't just a drill for the government—it’s a reminder for all organisations to test our own Business Continuity Plans (BCP). ​Key Milestones to Watch: ​The launch: On 1 Feb at 1500hrs, the Public Warning System (PWS) will sound. ​New Tech: For the first time, alerts will be pushed via ERP 2.0 on-board units, alongside SGSecure and myResponder apps. ​The Message: Tune in to local radio or TV immediately after the signal to hear the Total Defence message from Minister K. Shanmugam. ​Why should your organization or business participate? ​In a "Total Defence" framework, resilience isn't just about military readiness; it’s about national resilience. Use this exercise as a low-stakes environment to ask: ​Can our teams operate offline for an hour? ​Do we have clear communication channels if digital apps fail? ​Are our employees trained to respond to emergency broadcasts? ​Let’s not wait for a real crisis to find the gaps in our systems. Resilience is a competitive advantage. ​#TotalDefence #SGReady #BusinessContinuity #Singapore #Resilience #ESR2026

13

Cyber threats are evolving—your defense should too. At GovWare 2025, Perry Young will lead a high-impact, gamified session built on real-world attack scenarios mapped to MITRE ATT&CK. Learn how to shift left, simplify defense, and outsmart adversaries using real techniques from across ASEAN: https://lnkd.in/gzzKMqgC #TheHeartOfProgress #GovWare2025 #CyberResilience

63

Cyber threats don’t take weekends off. 😮‍💨🌍 Over the weekend, a couple of friends—probably inspired by new knowledge (UNC3886??)—asked me about Indicators of Compromise (IOCs). Here’s a quick breakdown for anyone looking to sharpen their cyber awareness. 🧐✍️ 🔍 What is an IOC? An IOC is a piece of digital forensic evidence—such as a malicious file hash, suspicious IP address, domain, or registry key—that signals a system or network has been breached. (CrowdStrike) ⏳ The Nature of IOC Detection • IOC detection is reactive – by the time you spot it, the compromise likely already happened. • Quick identification during an active breach can still help contain the damage. ⚠️ Why IOC Detection Is Getting Tougher • Attackers constantly rotate or modify hashes, IPs, and registry artifacts to bypass traditional detection methods. 💡 Why the Need to Monitor IOCs? • Improves detection accuracy and accelerates incident response. • Recurring IOCs help refine security tools, playbooks, and preventive measures. 🔎 Common IOC Examples: • Unusual inbound/outbound network traffic. • Traffic from unexpected geographies. • Unknown or unapproved applications. • Privilege escalations or new admin accounts. • Surge in failed login attempts (brute force). • Suspicious registry or system file changes. • Odd DNS queries or unauthorized config changes. • Unexpected compressed files or archives in strange places. ⚔️ IOC vs IOA (Indicator of Attack): • IOC = Evidence after compromise (the what). • IOA = Signs of an attack in progress, focused on attacker behavior and intent (the how). Stay vigilant, stay safe. 🙏🛡️ What’s your team’s approach to detecting IOCs vs IOAs? Let’s share best practices and insights below! 👇 #CyberSecurity #ThreatIntelligence #IncidentResponse #DigitalForensics #IOC #IOA #APT #DefendWhatsOurs https://lnkd.in/gkHbqijN

35

Still wondering why Singapore attributed a serious cyber breach of critical infrastructure to an APT called UNC3886 but didn't name any state? Read "As Cyber Threats Grow, Singapore Walks a Careful Line on Identifying State Actors" by my teammate Muhammad Faizal Bin Abdul Rahman published by RSIS | S. Rajaratnam School of International Studies for insights. "As Singapore confronts increasingly sophisticated cyber threats, it continues to take a cautious approach in attributing blame when identifying state actors."

74

1 Comment

Singapore Under Cyber Siege: APT UNC3886 and the Evolving Threat Landscape At the recent 10th anniversary of the Cyber Security Agency of Singapore (CSA), Minister K. Shanmugam revealed an ongoing, state-linked cyberattack on our critical infrastructure by UNC3886, a sophisticated espionage group with ties to China. In my role, I’ve actively leveraged the MITRE ATT&CK framework to identify and map APT techniques, tactics, and procedures (TTPs), including: Defense Evasion (T1562, T1027) Credential Access (T1003, T1555) Lateral Movement (T1021, T1086) Persistence & Command and Control (T1053, T1071) APT UNC3886 has been documented using zero-day vulnerabilities, virtualization platform exploits, and living-off-the-land (LotL) techniques, allowing them to evade detection and maintain long-term access—hallmarks of a well-resourced nation-state actor. These recent developments underscore the need for continual enhancement of cyber defenses, better threat intelligence sharing, and stronger supply chain vetting—as highlighted by Minister Shanmugam. As cybersecurity professionals, we must: Continuously map threats using frameworks like MITRE ATT&CK Strengthen defenses against APT-level persistence and lateral movement Prepare for disruption scenarios in essential services, as described in the Minister’s scenario analysis (e.g., power, water, healthcare) Cyber maturity is no longer optional—it’s strategic. #Cybersecurity #APT #UNC3886 #MITREATTACK #CriticalInfrastructure #CyberResilience #Singapore #Infosec #ThreatIntel #Governance #NationalSecurity

9

🚨 What UNC3886 Taught Me as a Cybersecurity Learner 🚨 🇸🇬 This week, Singapore named an active threat actor attacking our national infrastructure: UNC3886, a state-linked advanced persistent threat (APT) group. APTs aim to steal secrets, sabotage infrastructure and disrupt essential services, like power, water and healthcare etc. As a SG citizen and someone learning cybersecurity, this story took my immediate attention. This isn’t just a headline — it’s a real-time case study in how nation-state attackers operate. Here’s what I took away, and why it matters for all of us starting in the field: ⸻ 🔸 1. Attacks don’t start with phishing anymore UNC3886 skipped emails. They used 𝘇𝗲𝗿𝗼-𝗱𝗮𝘆 𝗲𝘅𝗽𝗹𝗼𝗶𝘁𝘀 in firewalls, routers, and virtual machines. → Lesson: 𝗞𝗻𝗼𝘄 𝘆𝗼𝘂𝗿 𝗶𝗻𝗳𝗿𝗮𝘀𝘁𝗿𝘂𝗰𝘁𝘂𝗿𝗲, not just your inbox. 🔸 2. 𝗣𝗲𝗿𝘀𝗶𝘀𝘁𝗲𝗻𝗰𝗲 is the APT’s superpower Even after being removed, they come back — using stealthy implants, backdoored SSH clients, and living-off-the-land tools. → Lesson: Detection isn’t one-and-done. It’s continuous. It is key to patch network systems timely. 🔸 3. 𝗟𝗼𝗴𝘀 𝗱𝗼𝗻’𝘁 𝗹𝗶𝗲 — unless the attacker wipes them UNC3886 tampered with logs and disabled monitoring tools. → Lesson: Learn log analysis, but also learn how 𝗹𝗼𝗴𝘀 𝗰𝗮𝗻 𝗯𝗲 𝗺𝗮𝗻𝗶𝗽𝘂𝗹𝗮𝘁𝗲𝗱. (What you see is not the whole truth, sometimes we need to consider what we are not able to see) 🔸 4. Critical systems need more than antivirus This attack targeted hypervisors, routers, and CIIs — not laptops. → Lesson: 𝗦𝘁𝘂𝗱𝘆 𝗯𝗲𝘆𝗼𝗻𝗱 𝗲𝗻𝗱𝗽𝗼𝗶𝗻𝘁 𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆 — think network, cloud, and virtual infrastructure. ⸻ 🛠 How I’m Applying This ✔ Practising detection in labs (TryHackMe / Wireshark / log analysis) ✔ Studying the MITRE ATT&CK framework to understand real-world attacker behavior ✔ Preparing for Security+ while applying concepts like the Cyber Kill Chain ✔ Reviewing past APT cases (like SingHealth 2018) to recognize threat patterns ⸻ 🧠 Food for thought for new cyber learners like myself Don’t wait for “experience” — start with curiosity + real-world events. Every headline can be a hands-on case study. Every attack can teach us how to defend better. #cybersecurity #espionage https://lnkd.in/gYmiWZPx

3

1 Comment

🚨 Cyber Shadow War in Southeast Asia 🚨 Who really dominates the battlefield of #Cambodia vs #Thailand hacker groups? From #NXBBSEC to #Anonymous, from #HIME666 to #Killnet — the digital frontlines are heating up. 🔥 We tracked their moves. We exposed their ops. Now the question is: Who strikes next? 👀 1️⃣ https://lnkd.in/g_Jz75zs 2️⃣ https://lnkd.in/gvCb_jKW #OpThailand #OpCambodia #Lulzsec #Red_Wolf_Cyber #DARKSTORM #thaiisgod #khnightmare

4

The Personal Data Protection Commission (PDPC) and Cyber Security Agency of Singapore (CSA) have called on the private sector to stop using NRIC numbers to authenticate persons, i.e. to prove your identity. Why can you use your NRIC card to prove your identity, but not your NRIC number? Because an NRIC card cannot be easily forged – it shows your photo (and thumbprint), which can be matched against your face (and thumbprint) for verification. Your NRIC number, by itself, lacks these security features. An impersonator or bad actor who knows your NRIC number may falsely claim to be you, to try to access services or information meant only for you. Hence service providers like banks or government agencies must not accept NRIC numbers for such purposes. The government will work with companies, organisations, and individuals to protect Singaporeans and our data. All of us should also practise good habits to protect ourselves, for example by using strong passwords or security tokens, and staying vigilant against scams or unauthorised access of our personal information. Ministry of Digital Development and Information https://lnkd.in/gFk_SG3u

939

65 Comments

Heard the news? 𝐈𝐌𝐃𝐀’𝐬 𝐃𝐚𝐭𝐚 𝐏𝐫𝐨𝐭𝐞𝐜𝐭𝐢𝐨𝐧 𝐓𝐫𝐮𝐬𝐭𝐦𝐚𝐫𝐤 (𝐃𝐏𝐓𝐌) 𝐢𝐬 𝐭𝐫𝐚𝐧𝐬𝐢𝐭𝐢𝐨𝐧𝐢𝐧𝐠 𝐭𝐨 𝐭𝐡𝐞 𝐧𝐞𝐰 𝐒𝐢𝐧𝐠𝐚𝐩𝐨𝐫𝐞 𝐒𝐭𝐚𝐧𝐝𝐚𝐫𝐝 𝐒𝐒 𝟕𝟏𝟒:𝟐𝟎𝟐𝟓. With more RFQs and tenders now requiring certified data protection standards, this shift means it’s the perfect time for Singapore SMEs and organizations to start aligning with the new framework. 1. Stay compliant 2. Build trust with clients 3. Boost your competitive edge At Momentum Z, we help you prepare — from readiness assessments to audit support. 📩 Let’s talk about how to future proof your data protection practices. Pre-requisite, you need to be VAPT ready, at least a Firewall in place and others. Not to worry, speak to us. #DPTM #SS7142025 #DataProtection #SingaporeStandards #SMECompliance #Cybersecurity #MomentumZ #PDPA #PrivacyCompliance #DigitalTrust #GovTechReady

8

📢 Exciting news for the cybersecurity community in Singapore! As a proud partner of SANS Institute, Div0 is thrilled to share about the recent SANS initiative where eligible Singaporeans (up to age 30) can now use their Post-Secondary Education Account (PSEA) funds — alongside SkillsFuture Credits and Funding — to offset the cost of 23 SANS cybersecurity courses. 🔍 Explore the full list of eligible courses: https://lnkd.in/gQ6B2Gep 💡 Plus: New to SANS? Get an additional 10% off the upcoming SEC504™: Hacker Tools, Techniques, and Incident Handling™, happening 17–22 November 2025. 🎓 Use this opportunity to level up your cyber skills with government-backed support. Questions? Reach out to: skillsfuture@sans.org 🔗 Read more: https://lnkd.in/gRBZKvzX 

25

Cybersecurity groups and digital policy advocates are urging immediate action to address critical security risks found in the current version of the Konektadong Pinoy Bill. “While we support the bill’s aim of expanding internet access and modernizing the country’s digital infrastructure, we are concerned that certain provisions may unintentionally expose the Philippines to heightened cyber threats — unless stronger safeguards are embedded directly into the law,” said in a joint statement. The joint statement was signed by the WiSAP (Women in Security Alliance Philippines), ScamWatchPH, BPO SECURITY COUNCIL (BSC), Philippines Chief Information Officer Association, and PhilDev Foundation. https://lnkd.in/gc8wgRsF

3