Singapore Beefing Up Cyber Defenses2,600 Cyber Defenders Will Be Trained in Next Decade
In the wake of a recent breach of the Singapore Ministry of Defense's I-net system, which provides internet access to military personnel and other employees for their personal communications, the ministry has unveiled a cyber defense strategy to help guard against similar attacks.
The ministry plans to eventually build a pool of 2,600 cyber defenders who will focus on helping to protect all critical information infrastructure sectors by supporting the Cyber Security Agency of Singapore. The pool will be assembled beginning in August.
The defense ministry breach earlier this month exposed National Registration Identity Card numbers, telephone numbers and dates of birth of about 850 servicemen and ministry employees.
The attackers apparently were attempting to gain access to official secrets, ministry sources tell Information Security Media Group. But that was prevented by the physical separation of I-net from the ministry's internal systems, they say.
Addressing Cyber Threats
Dr. Ng Eng Hen, Singapore's minister for defense, said in a recent speech that the nation must update and refresh its defenses and that modern militaries must not ignore cyber threats.
"MINDEF recently disclosed a breach in our I-net system, which is not a surprise; it's no revelation that we can expect more such cyberattacks in the future," Eng Hen says. Although the intrusion was detected early, a detailed forensic investigation has been ordered to determine the extent of the breach, he adds.
The defense ministry plans to establish a Defense Cyber Organization to build a resilient cyber ecosystem. The pool of 2,600 new defenders, to be assembled over the next decade, will be from Singapore Armed Forces and National Servicemen.
Eng Hen says the defense ministry will select and deploy cyber defenders acccording to operational requirements. As a pilot project, the ministry, as part of the DCO, will recruit cyber defenders to work in tandem with CSA of Singapore in combatting cyber threats.
The key focus of the cyber defenders, according to Eng Hen, will be:
- Monitoring to detect anomalies and flag potential attacks;
- Responding rapidly to incidents to minimize the impact;
- Conducting forensic investigations to analyze data after incidents and discover patterns that could enable organizations to better defend networks against similar attacks
Cyber Defense Framework
The defense ministry says that with increasing cyber threats, establishing the DCO is essential.
The DCO will collaborate with defense cluster, military networks, ministry's corporate IT systems, defense national laboratories and its partners.
David Koh, CEO of the Cyber Security Agency of Singapore, says it's no secret that government agencies, including the ministry of defense, are under constant cyberattack. "Hence, we must continually be vigilant and improve our cyber defences," he adds.
According to Eng Hed, DCO will play four critical roles:
- Serving as the lead agency for cybersecurity operations within the defense cluster;
- Developing cyber defense strategies and polices;
- Orchestrating capabilities for cyber defense;
- Supporting the CSA in ensuring Singapore's cybersecurity
Many security practitioners say the defense ministry must build awareness of cybersecurity and devise a pragmatic action plan to implement a cybersecurity framework and build relevant skills.
"Breaches are inevitable; a good mechanism to build required skill sets and a collaborative approach are very critical," says Robert Poh, director at FS-ISAC, Singapore chapter.
Ken Soh, CIO and director of security strategies at BHL Global, adds: "The plan should be not to focus on traditional detection tools and technologies. The nature of cyberattacks has evolved, making critical infrastructure sectors the target."
Defining the roles of cyber warriors is vital, as is training in OT and IT security, Soh says.
To develop a cybersecurity ecosystem for critical sectors, it's important to define clear roles and career pathways for information security professionals and establish strong collaboration to grow the work force, says Yum Shoen Yih, CSA's deputy director, government cybersecurity consultancy, critical information infrastructure division.
"Closer partnerships with industry and academia to engender faster and more relevant R&D outcomes is needed," Yih says.
Kumar Ritesh, senior vice president, cybersecurity, at Singapore-based Antuit Technologies, strongly believes Singapore needs information systems that can detect and recover from cyberattacks in real time.
"The future state of cyber defense should enable systems to understand their normal and abnormal behavior as a self-learning process and be able to roll back to their previous form as a self-healing process to combat cyber threats," Ritesh says.
Chuan-Wei Hoo, technical advisor, Asia-Pacific, at (ISC)², says a lack of cyber visibility and situation awareness is a serious concern. Vulnerabilities exist in the operational technology, and obsolete software that can no longer be patched is still widely used, he points out.
"There needs to be a clear separation of IT and OT networks, and the OT network infrastructure needs to be assessed individually to determine the exposure and systems/components upgraded/replaced where possible," he says.
The defense ministry will sign a cyber defense training memorandum of understanding with Singapore Technologies Electronics (Info-Security) and Nanyang Polytechnic this month, Eng Hen says. This joint effort will develop a customized cyber defense curriculum, collaborate on research and development and facilitate information sharing.
"The defense ministry is taking an intelligent approach in recruiting cyber warriors and capitalizing on the existing resources, while sending a clear message that cyber security is being considered critical to national defence," Hoo says.