In this information age, cyber threats have been rapidly evolving and are becoming increasingly sophisticated and destructive. Cyber threats do not respect sovereign boundaries and can originate from anywhere in the world. These threats range from hacktivist attacks to criminal hackers to advanced persistent threats that involve long-term planning and sophisticated techniques. The proliferation of cyberattack tools and techniques as well as hackers-for-hire has made it easier for those with malicious intent to carry out cyber-attacks, and this can be carried out with a high degree of anonymity. MINDEF/SAF has invested heavily in building a networked force, and it is therefore imperative to defend our networks and warfighting systems against any malicious actors who seek to extract military information or to degrade our military capability.
Defence Cyber Organisation
Established in 2017, the Defence Cyber Organisation (DCO) leads MINDEF/SAF’s cyber defence and cybersecurity efforts. DCO seeks to secure networks and systems across the defence sector. MINDEF/SAF recognises that cyber threats can cut across different sectors, and supports Singapore’s whole-of-government (WoG) approach to cybersecurity. DCO works closely with the Cyber Security Agency of Singapore and will provide expertise and resources to support response and recovery operations in times of national crisis.
SAF C4 Command and Cyber Defence Group
The SAF Joint Communications and Information Systems Department was reorganised into the SAF C4 (Command, Control, Communications and Computers) Command in 2017, to better ensure network availability to support SAF operations, while defending against cyber threats. The Cyber Defence Group (CDG) was created under the new SAF C4 Command to provide 24/7 cyber defence of the SAF’s networks. The CDG consists of dedicated cyber defence units that are responsible for cybersecurity monitoring, incident response and audits of SAF networks.
MINDEF/SAF adopts a multi-layered defence strategy for its networks. Networks of different security classification are physically separated. Our cyber defence units monitor MINDEF/SAF’s networks 24/7 and coordinate responses to any cyber incidents. We have implemented technical solutions to detect network intrusions and to protect MINDEF/SAF networks from cyber-attacks. Should an attacker succeed in getting past our defences, our computer emergency response teams will seek to isolate the cyber threat, work to quickly restore our systems and execute the necessary business continuity plans.
Modern computer systems cannot be fully secured against cyber-attacks because new vulnerabilities are constantly being discovered even while known ones are being patched. It is therefore important to build up the resilience of our systems to allow effective response and quick recovery. Recognising that our people have to be the strongest link in cybersecurity, MINDEF/SAF also places emphasis on educating users on how to protect themselves from malicious cyber activities, such as phishing and targeted cyber-attacks, and to follow the proper security protocols.
To stay ahead of the cybersecurity threats, there is a need for MINDEF/SAF to implement innovative solutions, such as the Bug Bounty Programme, to proactively identify and resolve vulnerabilities. The inaugural MINDEF Bug Bounty Programme was conducted in Jan 2018, involving “White Hat” hackers from Singapore and around the world. This crowd-sourced approach allowed MINDEF/SAF to identify previously unidentified vulnerabilities quickly and effectively, allowing us to strengthen the security of our systems.
Building a Strong Cyber Core
Cyber defenders serving in MINDEF/SAF will need to be highly-skilled in order to effectively defend our networks against cyber-attacks. MINDEF/SAF has created new cyber defence vocations for national servicemen and Regulars. The Cyber NSF scheme was launched in Feb 2018 to enable the SAF to better tap on the pool of cyber talent available in each enlistment cohort. In the steady-state, DCO will have about 2,600 cyber defenders supported by scientists and engineers in the Defence Science and Technology Agency (DSTA) and DSO.
Building International Cooperation and Partnerships
The cyber threats that MINDEF/SAF faces are not unique to Singapore. MINDEF/SAF works with like-minded international and industry partners to build up our defence cyber capabilities in the area of information sharing, technology collaboration and competency development. Together, we seek to establish a secure and stable cyber environment for MINDEF/SAF and Singapore.