Holding nine patents and with countless journal papers to her name, Vrizlynn Thing is a respected figure in a field dominated mostly by men.
Vrizlynn helms the Cybersecurity Strategic Technology Centre, at ST Engineering. She leads and drives technology innovation, catalyses a portfolio of solutions and products, and provides thought leadership in the area of Cybersecurity. In addition to her busy schedule, she holds the appointment of Adjunct Associate Professor at the National University of Singapore as well, and Honorary Assistant Superintendent of Police (Specialist V) with the Criminal Investigation Department, Singapore Police Force.
We've invited her to shed some light on the incredible work that she has done in cybersecurity and forensics, two fields that meet on the crossroads of technology.
Agil Blog : What are the latest observations and tech developments in Cybersecurity that you are actively working on now?
We observe that recent cyber-attacks and crimes show signs of increased sophistication in exploitations and deceptions, especially through automation by Artificial Intelligence (AI).
To sharpen our work, we proactively predict adversaries’ tactics, techniques and strategies, by adopting their mindset and think about their motivations and who, when, what, how, they would attempt to optimise their executions and operations of cyber attacks and crimes. We also explore and devise advanced attacks and countermeasures to defend against current and potentially, future adversaries.
I have been working actively in this area in recent years, such as creating an engine that automatically mutates malware and obfuscates traces to bypass security scanning. In another work, we explore evidence manipulation in a flawless and automated manner, and design counter-measures through advanced detection, thwarting a hacker’s intention to deceive both systems and humans.
Agil Blog : What are some of the exciting techniques developed in the area of forensics?
In the area of forensics, I’ve also been devising techniques that allow us to access data from devices that use end-to-end encryption. These include popular messaging apps, such as WeChat and WhatsApp, to aid in criminal investigations.
Another contribution my team and I did was to identify power grid fluctuations hidden in audio recordings. It functions somewhat like a signal “fingerprint” identification, extraction and matching, and is based on its intrinsic property similar to fingerprints, in that no two fingerprints are the same. It is important as it helps to verify the authenticity of a recording, as investigators often need to determine critical information such as the time the recording was made, for it to be used in court proceedings.
Agil Blog : How do you foresee the developed solutions will help secure a Smart Nation?
With the increased usage of Internet of Things (IoT) and the pervasive trends towards autonomous transportation systems, I believe these solutions can mesh into cybersecurity for a smart nation.
There have been several attacks targeting IoT infrastructure and autonomous vehicles. In 2018, the VPNFilter malware infected over half a million routers across 54 countries. The malware can perform man-in-the-middle attacks to inject malicious payloads to your network traffic and steal or modify sensitive information in transit. It can also be engineered to further exploit other devices connected to your network. Such attacks have severe damaging impact, erode trust and are costly to fix.
In 2015, a remote hacking demonstration involving a Jeep Cherokee rocked the industry at that time and prompted Fiat Chrysler Automobiles to send UBS sticks with software patches to the owners of 1.4 million cars and trucks. With better cybersecurity measures in place, autonomous vehicles can receive over-the-air updates, allowing auto companies to respond to threats and newly discovered vulnerabilities, like how you would do today with updating your smartphone's latest software. However, that alone is not enough. In 2019, hackers showed how they tricked a Tesla autonomous vehicle into swerving into an oncoming traffic lane.
We need to be more forward thinking about cybersecurity, instead of continuing to play catch-up with the adversaries. Being ahead of them in having a thorough understanding of what could be the potential security flaws and feasible exploitations as well as a future-proof defence are very important aspects of our work.
Agil Blog : With the pervasive trend of autonomous vehicles being deployed, what are some of the standards that would be incorporated to ensure safe and secure commute?
In the field of autonomous vehicles, I’ve been looking into attacks, impact assessment and defences. I’ve also acted as Co-Convenor with my fellow Co-Convenors, Director of Technology from Cyber Security Agency of Singapore (CSA) and Group Director of Information Technology, Cybersecurity & Digital Services from Singapore’s Land Transport Authority (LTA), on the Autonomous Vehicle Cybersecurity Principles & Assessment, which is recently published as a standard, to help ensure the safe deployment of fully driverless vehicles in Singapore.
Agil Blog : How would you see your role evolved in ST Engineering?
ST Engineering plays a key role in several strategic domains and very unique settings, such as satellite and space technologies, critical infrastructures, smart nation, aerospace, maritime and land systems. This provides me rare opportunities to further explore how cybersecurity can be assessed and deployed across each unique sectors and potential areas. Together with my team of cybersecurity specialists, we are excited to provide security assessments and advices, and devise innovative and differentiating security technologies for strategic projects across all sectors.