SINGAPORE - As simulated attackers tried to overload an electrical system, cripple a water distribution network and shut down a gas plant, cyber defence operators across 26 national agencies sprang into action to neutralise the assaults on a fictional state’s critical infrastructure.
These were among the scenarios that more than 200 participants went through from Nov 22 to 24 during the second Critical Infrastructure Defence Exercise held at the National University of Singapore.
The three-day exercise organised by the SAF’s Digital and Intelligence Service (DIS) and Cyber Security Agency of Singapore (CSA) involved employees from organisations such as Changi Airport Group, national water agency PUB, Senoko Energy and Singtel.
To ensure that the scenarios were realistic, officers from the DIS, CSA, the Defence Science and Technology Agency and Infocomm Media Development Authority modelled their attacks on Advanced Persistent Threat (APT) and cyber criminal groups’ tactics and methods, said Colonel Tan Shengyang, commander of the DIS’ Cyber Defence Group.
Col Tan said the primary objective of the exercise is to prepare and train Singapore’s cyber defenders in the critical information infrastructure sectors, which includes “an experience of what it is like to be in a nation-under-attack scenario”. Such sectors include power, water, telecom and aviation.
Preparations for the exercise took about four months, and about 1,000 physical and virtual systems were created for this purpose, he added.
Military Expert 4 (ME4) Yvonne Tan, who was in charge of leading a team of participants from PUB and CSA in defending a water plant network, said the simulated attack started with a phishing e-mail, followed by an attack on the physical test bed, where values from the water plant were manipulated by hackers. “We had to closely monitor what are the vulnerabilities that are exposed to the external facing, Internet-connected systems, and how we can remediate this action,” she said.
Get a round-up of the top stories to start your day
Thank you!
Sign up
By signing up, you agree to our Privacy Policy and T&Cs.
Part of the scenarios included how quickly critical systems can be restored after being attacked. Often times, agencies have business continuity plans that can include steps like re-cloning a system, or reverting the digital platform to a previous stable version, she added.
Speaking to the media on Nov 24, Senior Minister of State for Defence Heng Chee How said cyber attacks have become a fact of life.
“You can see so many examples in the world – real wars, real attacks, commercial sector, security-related sectors – everyday life is disrupted,” he said.
This exercise therefore provides a platform for agencies to jointly prepare to deal with such attacks, he said.
“(It) brings together many agencies throughout Government to come together to learn how to defend together,” Mr Heng added.
This year’s exercise involved twice as many participants as the inaugural edition in 2022, a sign that more of the nation’s digital infrastructure needs to be prepared to face down cyber attacks. The number of participating agencies also grew from 17 to 26.
Separately, DIS also signed memorandums of understanding for cyber collaboration with Google, ST Engineering and Ensign InfoSecurity, a cyber security joint venture between StarHub and Temasek. The Ministry of Defence said the agreements will help expand DIS’ partnership with the technology sector.
Govt agencies, critical service providers tackle cyber attacks in 5th run of simulated exercise
New programme launched to help SMEs handle cyber attacks
DDoS attacks on the rise, 1.7 million attempts to bypass firewalls each month: MOH
The disruption to web services of public healthcare institutions on Nov 1 was triggered by abnormal spikes in Internet traffic, also known as a distributed denial of service (DDoS) attack.
Responding on Nov 22 to parliamentary questions filed by MPs on the seven-hour outage to the websites of public hospitals, polyclinics and healthcare clusters, Health Minister Ong Ye Kung said on Nov 22 that the abnormal traffic circumvented anti-DDoS blocking services and overwhelmed national healthcare IT provider Synapxe’s firewall.
This caused the firewall to filter out the traffic, as well as other services requiring Internet connectivity, including websites and Internet-reliant services, which became inaccessible.
On whether MOH knew the motives behind the attacks, Mr Ong said such attacks are generally on the rise, and that attack methods are changing.
“Those who deploy them have a variety of motives, from hacktivism to petty misdemeanor,” he said in a written reply. “The defences against DDoS attacks will have to constantly evolve to keep up with developing threats.”
Synapxe receives and blocks an average of 3,000 malicious e-mails per day, and 1.7 million attempts to bypass Internet-facing firewalls per month, he noted.
In a related reply, Minister for Communications and Information Josephine Teo said the Government and owners of digital infrastructure here will mitigate and manage cyber attack risks, taking into account how critical a given system is.
“We allocate more resources to harden the most critical systems, and ensure a baseline of measures for all systems,” she said. “Cyber security defence has to be complemented by business continuity plans that mitigate the impact of e-service disruptions when they occur.”
While some disruption might be inevitable, prolonged disruptions should not be the norm, she added. “In addition to prevention, we must also focus on recovering quickly.”
Following further investigations with the Cyber Security Agency of Singapore, Synapxe said on Nov 20 that there was no evidence to indicate that public healthcare data and internal networks had been compromised.
The IT provider added that it will step up its defences against cyber attacks.
Hackers trying to corrupt AI, raising level of ransomware threat: S’pore cyber-security director
Cyber security centres to be set up at NUS and NTU, with $110m in funding
Unlock premium articles with this Black Friday and Cyber Monday deal!
ST One Digital - Monthly $9.90 $0.99/month Cancel any time you want
99 cents a month for the first three months and then $9.90 per month thereafter.
Subscribe now
Get unlimited access to premium news plus subscriber benefits New feature: Personalise your newsfeed for important topics and follow your favourite writers with myST
Easy access at all times via ST app on one mobile device
Catch up on e-paper with a two-week archive so you don't miss out on content that matters to you
Join ST's WhatsApp Channel and get the latest news and must-reads.
Technology sector Cyber warfare Cyber security
Facebook WhatsApp X More Whatsapp Linkedin FB Messenger Telegram Twitter Reddit WeChat Pinterest Print Purchase Article Copy permalink https://str.sg/ixLw
Read this subscriber-only article for free!
Just sign up for a free account and log in to continue reading.
Cyber defenders fend off simulated attacks against cellular, gas and airport systems
Sign up
Already have an account? Log in.
All done! This article is now fully available for you
Cyber defenders fend off simulated attacks against cellular, gas and airport systems
Read now
Please verify your e-mail to read this subscriber-only article in full
Cyber defenders fend off simulated attacks against cellular, gas and airport systems
Resend verification e-mail
The gift link for this subscriber-only article has expired.
Get unlimited access to all stories at $0.99/month for the first 3 months.
Subscribe now
You have reached your limit of subscriber-only articles this month.
Get unlimited access to all stories at $0.99/month for the first 3 months.
Subscribe now
Read and win!
Read 3 articles and stand to win rewards
Let's go! Terms & conditions apply
Frequently asked questions
Good job, you've read 3 articles today!
Spin the wheel now
Let's go! Terms & conditions apply
Frequently asked questions