Innovation Challenges

Challenge Owner(s)
Dyson, YTL PowerSeraya, SP Group, PacificLight Power, GIC, Eastern Pacific Shipping, National University Health System (NUHS), National University of Singapore, Nanyang Technological University of Singapore, Cyber Security Agency of Singapore (CSA)
, Home Team Science and Technology Agency (HTX), National Water Agency (PUB)
Cyber Security Agency of Singapore (CSA), NUS Enterprise, TNB Ventures
Industry Type(s)
Digital/ICT, Energy & Chemicals, Financial Services, Healthcare & Biomedical, Marine & Offshore
Opportunities and Support CSA supports up to S$1M of qualifying costs to solution providers, with project duration of up to 24 months
Application Start Date 31 August 2021
Application End Date 31 October 2021
Website Click here to learn more

About Challenge

The Cybersecurity Industry Call for Innovation aims to catalyse the development of innovative cybersecurity solutions to meet national cybersecurity and strategic needs, with the potential for commercial application.

The programme supports Singapore’s Cybersecurity Strategy to develop a vibrant local cybersecurity ecosystem through the building of advanced cybersecurity capabilities, as well as growing a pipeline of local talent.

Through the Call for Innovation, CSA works with participating End-Users (eg CIIOs, key commercial cluster leads) to identify cybersecurity challenges, match them with industry proposals and support the development of innovative cybersecurity solutions in Singapore to meet their needs.

Learn More

Challenge Owner(s)Cyber Security Agency of Singapore (CSA)
Industry Types(s)Digital/ICT

Cyber Security Agency of Singapore (CSA)

Our organisation receives approximately 70 cybersecurity risk assessment reports annually and at least 80 audit reports every two years. Over time, the amount of reports builds up and would be a useful repository to reference for insights. The submitted reports can be in the form of Microsoft Word, Excel, PDF and hardcopy.

Currently, it is a time-consuming and resource-intensive exercise to manually review and validate that the submitted reports are complete and comprehensive. These reports will then be reviewed and analysed for insights.

What We Are Looking For

Develop a cyber fusion analytics engine that correlates, converges and contextualises information, reports and threats from IT, OT and IoT devices and sectors to allow for automated response and operations.

Learn More

Challenge Owner(s)
Dyson, Nanyang Technological University of Singapore
Industry Types(s)Digital/ICT

Dyson & Nanyang Technological University of Singapore

Traditional approaches to cybersecurity fall short in keeping up with today’s rapidly evolving threat landscape. In the haste to get products out the door, there has been little consideration placed on developing security capabilities capable of working holistically with one another. This has resulted in security silos that prevent an understanding of the full landscape, and which prevent against effective protection against today’s advanced and sophisticated threat actors.

A decentralised approach to cybersecurity results in organisational silos and overly complex products and solutions just to integrate and sense make data collected. Analysts are often swamped by an overwhelming amount of data that does not provide clear insight nor an action plan, and there could be duplicate efforts when a threat hits multiple systems, causing everyone to conduct a similar investigative process, wasting valuable time that could have been used to more actively respond to the threat.

A collaborative and combined effort like a cyber fusion centre would allow both SOC and Ops to share intelligence and data in order to facilitate the effective response to threats. Bringing together staff from various departments working and collaborating under one roof would drive an integrated response to threats and crisis, resulting in faster response time, reduced costs, increased productivity and better intelligence.

What We Are Looking For

Develop a cyber fusion analytics engine that correlates, converges and contextualises information, reports and threats from IT, OT and IoT devices and sectors to allow for automated response and operations.

Learn More

Challenge Owner(s)GIC
Industry Types(s)
Digital/ICT, Financial Services


Cyber risk is one of the most important considerations for companies in digital transformation, and we need to build up a more risk-aware culture for cyber space when dealing with cyber security risk.

While current commercial-off-the-shelf (COTS) solutions provide severity rating for the vulnerabilities based on CVSS and proprietary threat intelligence, asset criticality/value is not considered. In addition, the potential impact for breaching compliance standards is not considered.

The current process of providing advisory services and risk assessments remain highly manual. Hence, a scalable and self-service cybersecurity risk assessment and remediation management system could address this need. Having the feature to track return of security investment would also help with reports to the management.

What We Are Looking For

Develop a solution to conduct cybersecurity risk and compliance assessments – from identification to remediation, and leverage on the same data set to calculate the return of security investment.

Challenge Owner(s)National University of Singapore
Industry Types(s)Digital/ICT

National University of Singapore

Phishing continues to be one of the most common causes of cybersecurity breaches today, and the attacks are on an escalating trend. While user education and awareness are important in mitigating this threat, technology can also play a part to assist in the identification of phishing threats.

Today, most email security solutions are able to filter out basic phishing emails, but it is not difficult for attackers to craft the content in a way to evade detection. One reason for this is the lack of advanced filtering algorithms, such as one that is able to use machine learning to identify phishing emails specific to an organisation.

Currently, most phishing simulation platforms utilize a standard library of phishing drill content which are too generic in nature, and the effectiveness diminishes over time. With this new method, phishing drills can continuously learn and evolve automatically.

Also, current phishing drill platforms only track if users have clicked on a link, and use that to determine the fall-prey rate. Though this is a good measure, it could be further enhanced if users were brought to a functional but fake login page where their actual credentials could be captured and verified. This would provide another dimension of analysis and reporting to allow the prescription of appropriate follow-up actions for those who fall prey.

What We Are Looking For

Develop a comprehensive anti-phishing solution to identify and filter phishing emails with a high degree of accuracy based on machine learning, and leverage on the same data set to implement an intelligent phishing simulation platform capable of generating realistic phishing drills that adapt to the phishing attacks targeting the organization.

Challenge Owner(s)Cyber Security Agency of Singapore (CSA)
Industry Types(s)Digital/ICT

Cyber Security Agency of Singapore (CSA)

There is a growing trend towards utilising the Cloud platform for a host of services including the common Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS) and Software-as-a-Service (SaaS), to the more niched Security-as-a-Service (SecaaS). Even malicious entities are using these established avenues to run ransomware-as-a-service.

Commercial Off-The-Shelf (COTS) solutions offering detection and protection capabilities are often tailored to commercial entities with deep financial resources or cater only to specific IaaS/PaaS setups. Most of these solutions offer restrict dashboard views and limited analytical functionality (e.g. rule-based) to cover security gaps. This often requires intricate knowledge in integrating different COTS solution and understanding the expected pre-requisites. Thus, this breaks down the holistic defence model into disparate parts covered by different solutions, resulting in misconfigurations, potential software conflicts and inconsistent/duplicative protection coverage.

To further compound these issues, many of the solutions also require manual/human intervention to check and validate high volume of alerts, slowing down incident response times and allowing the perpetrator to exfiltrate data or spread malware through to other connected workloads, databases and domains across the organisation.

What We Are Looking For

Design and build an integrated solution using automation, analytics and AI to enhance threat detection capability, improve asset protection using automated response and increase visibility of cloud environment for a holistic defence of the Cloud.

Challenge Owner(s)Home Team Science and Technology Agency (HTX)
Industry Types(s)Digital/ICT

Home Team Science and Technology Agency (HTX)

Criminals are increasingly leveraging on web technology to advance and expand their vice operation, facilitate communications, and to conduct digital transactions. Oftentimes, their modus operandi relies on CSPs such as Amazon Web Service (AWS), Microsoft Azure or Google Cloud. These companies account for more than half of the worldwide market share of cloud infrastructure service providers.

A key concern for digital forensic examiners is the ability to ensure that digital evidence triaged from the cloud can be proven to be tamper-proof, so that they can be admissible in a court of law. A proper chain-of-custody should also be maintainable as proof of accountability when the proceedings necessitate the transfer of ownership of said evidence.

While CSPs may offer native logging and monitoring services (e.g. AWS CloudTrail, Azure Log Analytics, GCP Audit Logs), these services target user actions and server logs primarily while leaving the hosted content (e.g. VM instances, storage, database) untouched.

What We Are Looking For

Design and develop a web-based platform that conducts triage to search, preserve and analyse forensic artifacts from various cloud service providers (CSP).

Learn More


Challenge Owner(s)Dyson
Industry Types(s)Digital/ICT


Digital security must be designed into IoT devices from the ground up and at all points in the ecosystem to prevent vulnerabilities from one part jeopardising the security of the whole. As smart products become increasingly interconnected, they rely on a centralised hub connected to other services to provide a feature-rich, sophisticated, and personalised experience.

The processing and transfer of large volumes of personal data makes it an attractive target for attackers. The protection of consumer privacy data must be strictly adhered to according to the relevant laws at the point of collection, in-transit, and at rest to prevent misused or exfiltration at the device or network level.

Traditional perimeter security defence models are no longer sufficient or practical for the exponentially increasing number of connected devices. Intelligent systems with sentient capabilities that can actively detect, monitor, predict and respond are needed to defend against the growing landscape of threats.

The tipping point for security has always been cost, and while certain industries are willing to spend large amounts, the consumer segment is extremely competitive and cost sensitive. The right balance must be found for it to be commercially viable in a large-scale global deployment.

What We Are Looking For

Develop a centralised IoT Hub and its corresponding security architecture that integrates connected products and its ecosystem together for efficient security operations

Industry Types(s)
Digital/ICT, Marine & Offshore


A ship’s system is complex and runs on Information Technology (IT), Operational Technology (OT) for navigation, propulsion and machinery, access control, cargo management systems) as well as the Internet of Things (IoT).

With increased digitalisation, integration, and automation onboard, the originally isolated systems are now moving to a converged network. This introduces higher risk of unauthorised access or malicious attacks to the ships’ systems and network and may result to potential safety, environmental and commercial consequences.

A real time solution that profiles cybersecurity risk, detect threats, and protects critical assets across all 3 systems will be beneficial to ship operators to mitigate these risks.

What We Are Looking For

Build a threat detection and risk profiling system catered for maritime vessel systems that can analyse, correlate and provide a coherent overview of threat spans across the IT, OT and IoT systems networks in real time.

Challenge Owner(s)PacificLight Power
Industry Types(s)Digital/ICT

PacificLight Power

The volume of cyber-attacks on the power industry has escalated in recent years as threat actors seek to infiltrate energy infrastructure for cyber-espionage and sabotage. Protecting these critical Operational Technology (OT) networks from exploitation requires a multi-layered security approach that involves physical controls, firewalls, intrusion detection/prevention systems (IDS/IPS), a highly trained security team, and more. However, the tools (and the human teams managing them) have limitations (e.g. new malware may not be detected, inability to detect internal threats), which results in cyber risk for critical power networks.

One way to mitigate these limitations and continuously monitor the OT network is through the use of honeypots. OT honeypots can emulate a range of common industry control protocols to appear like a large facility, allowing hostile scanning and other activity to be detected without modifying existing network and system configurations.

They provide a means to gather data on attacker trends and tools, research potential countermeasures and test protocol implementations. Well-designed and deployed honeypots can serve as an early warning system, detect new malware and zero-day exploits, uncover insider threats and confuse cyber attackers.

What We Are Looking For

Construct a honeypot system to collect cyber-attack information for Operational Technology (OT) networks to serve as an early warning system, and provide the ability to analyse cyber attackers’ Tactics, Techniques and Procedures (TTPs), detect new malware and zero-day exploits, as well as confuse potential cyber attackers. The system could also be able to trace the intruder to its source or origin.

Challenge Owner(s)National Water Agency (PUB)
Industry Types(s)Digital/ICT

Public Utilities Board (PUB) Singapore

An OT plant contains many processes and workflows which generate large amounts of process data during routine operations. This makes it difficult for operators to detect spoofed values, especially if the spoofed value is within the permissible range.

Such anomalies will result in plant operators having an inaccurate picture of their systems, which can result in attackers being able to traverse through the plant network without being detected and this presents a serious security breach. Legacy OT communication protocols also do not have mechanism to authenticate and encrypt communication packets, allowing an attacker to freely launch attacks on PLC networks once they manage to gain access into the PLC network.

This challenge seeks an innovative solution that can help the plant predict process values and automatically trigger alerts if a deviation is detected. The solution should also be able to detect anomalies in a wide variety of process data based on historical behaviour and logs.

What We Are Looking For

Build a digital twin with a detection engine model to detect security incidents and unauthorised commands through packet inspection. The detection engine should be able to adapt to different SCADA network setups, data types and networks that can be scaled up through virtualisation with detailed simulation using hardware-in-the-loop (e.g. PLC).

Challenge Owner(s)SP Group
Industry Types(s)
Digital/ICT, Energy & Chemicals

SP Group

Part of Singapore’s Smart Nation Initiative is to push for more connectivity in the daily touch points of the citizens. One such way was the proliferation of connected devices in the form of the AMIs, or “smart meters” that are connected to the grid and can provide real time data. While previously offline, the new connected meters offer advantages in the form of real time consumption tracking, allowing for better load balancing and generation forecast. However, being connected has also opened it up to threats on the internet.

With the global trend towards electrification, charging points/stations for EVs are also being rapidly deployed, and such charging points need to be connected to the grid for its advanced functions to work.

As more devices are connected to the grid, the number of access points increases as well, raising the possibility of hackers gaining access to it the private grid network. The current method of securing the IoT devices before they are deployed will not be feasible when deployment ramps up, and there is also the requirement to keep them secure at all times against charging threats. A BAS for IoT devices is thus required to keep up with the threats.

What We Are Looking For

Develop a Breach and Attack Simulator (BAS) for IoT devices like Advanced Metering Infrastructure (AMI) and Electric Vehicle (EV) charging points to continuously identify potential vulnerabilities and weakness in deployed end-point devices at remote sites that are unattended

Challenge Owner(s)YTL PowerSeraya
Industry Types(s)Digital/ICT

YTL PowerSeraya

Organisations adopt commercial software and system tools for their day-to-day operations (e.g. Windows, SCOM, Altris, Ansible), which require regular patches and updates. However, we increasingly see threat actors embedding malware into these patches resulting in credential theft, privileged escalation and lateral movements, ransomware, data exfiltration and data theft which results in major disruptions to businesses.

One recent example is the SolarWinds incident where the company released a “rogue” software update of their Orion platform solution which resulted in malicious codes being pushed down to 18,000 of their customers. This compromise not only impacted SolarWinds products but also their customer’s own products.

Another example of a Supply Chain attack was the recent Kaseya ransomware attack that was triggered over the American Independence Day weekend. The attack carried out by threat actors who leveraged on a vulnerability within Kaseya’s virtual management software. Ransomware was then pushed via an automated, fake, and malicious software update to multiple managed service providers (MSP) who in turn passed it onwards to their customers.

What We Are Looking For

Provide a solution that can scan and review software and system patches of commercial software and applications commonly used in the IT/OT environment so as to identify malicious code and vulnerabilities, as well as provide recommendations on remediation actions

Industry Types(s)
Digital/ICT, Healthcare & Biomedical


Data collected in healthcare systems contain highly sensitive information, which includes PII and health records. These data are often transmitted to other digital systems for research and audit purposes via automated batch processing or as live streamed data. Current measures are taken to restrict availability of information through the following:

  1. Containment of data within the Intranet,
  2. Controlled access to only authorised personnel,
  3. De-identification and encryption of data-at-rest and data-in-transit, and
  4. Complete anonymisation of data and generation of synthetic data for use in unsecured instances

These measures, though effective, are highly restrictive and reduce the efficiency of secure data sharing.

Currently, de-identification and anonymisation are heavily reliant on human effort to apply these codes on multiple datasets, which is tedious and prone to error. Activities such as tokenisation of PII before transmission as well as the setting cryptographic keys are also manually performed. In addition, the periodic changing of cryptographic keys, and maintaining change logs often takes a long time to complete. Implementation could be further delayed or non-operational, if there were any changes in personnel.

This challenge seeks an innovative solution, which can detect and automatically de-identify PIIs of various datasets at scale; and to manage secure data cryptographic keys in a scalable and efficient manner.

What We Are Looing For

Detect and de-identify PII automatically, and manage secure data sharing in a scalable and efficient manner. 

There are 3 sessions for you to meet the end-users. During these sessions you will be able to ask the end-users questions about their challenge statements. Seize this opportunity to clarify the questions you may have about the challenge statements.


16 September (Thu), 3 – 4pm

CS05: Integrated Solution using Automation, Analytics and AI in Defense Model for Cloud

CS06: Forensic Acquisition in the Cloud

CS09: Operational Technology (OT) Honeypot

CS11: Breach and Attack Simulator (BAS) for an Internet of Things (IoT) connected Power Grid

23 September (Thu), 3 – 4pm

CS01: Cybersecurity Risk Assessment and Audit Data Analytics

CS02: 360 Cyber Fusion Analytics for IT/OT/IoT Convergence

CS03: Integrated Cybersecurity Risk Assessment and Remediation Management System

CS07: Unified IoT Security for Connected Products Utilising Edge Computing

CS10: Intelligent & Adaptive Detection Models for OT Systems

30 September (Thu), 3 – 4pm

CS03: Integrated Cybersecurity Risk Assessment and Remediation Management System

CS04: Purple Team Email Filter and Phishing Platform

CS08: Threats Detection and Risk Profiling system for Maritime Vessels

CS12: Supply Chain Security: Detection of Malicious Code and Vulnerabilities within Software Patches for IT/OT Environments

CS13: Protection of PII and Data Sharing in Healthcare


Register for the above sessions here