A new Defence Cyber Organisation (DCO) will be set up to monitor and defend the Singapore Armed Forces’ (SAF) networks around-the-clock from cyberthreats, Defence Minister Ng Eng Hen announced in Parliament on Friday (Mar 3).
Earlier this week, a breach in an Internet access system at MINDEF resulted in the personal data of 850 national servicemen and employees being stolen. The growing risk of such threats in recent times has seen the SAF doubling the number of cyberdefence personnel and investing in emerging technologies through the Cyber Security Operations Centre 2.0 initiative in April last year. A Cyber Defence Operations Hub was also built in 2013.
“The next-generation SAF needs to prepare for this environment where state-orchestrated cyber and information campaigns against another state are not only considered legitimate, but can be ongoing all the time,” said Dr Ng. “The impact of that threat can have real and damaging physical consequences.”
Citing cases of cyberattacks and fake news in Ukraine, Estonia, the US presidential elections and Indonesia, Dr Ng warned that more incidents such as the MINDEF breach can be expected in future.
In recognition that the cyberdomain is the battlefield today, the new DCO will lead and develop cybersecurity strategies and policies across SAF’s military networks, corporate IT systems, the Defence Science and Technology Agency, DSO National Laboratories and more.
“The SAF must keep up with the tactics and operations of aggressors in the cyber realm … because this is a never-ending game, as we do in conventional warfare,” said Dr Ng.
The DCO will be about 2,600-strong and made up of four formations – the operational response arm that is the Cyber Security Division, the Policy and Plans Directorate tasked with capability development, the Cyber Security Inspectorate to assess vulnerability and the Cyber Defence Group.
The Cyber Defence Group consists of a security monitoring unit, an incident response and audit unit as well as the Cyber Defence Test and Evaluation Centre (CyTEC). Opened in 2015, CyTEC facilitates network security testing and conducts training, among others.
The SAF has also created a new cyberdefence vocation for both full-time and operationally ready national servicemen. Those who have demonstrated their abilities at cyber competitions, as well as those currently working in the cybersecurity industry, may also be selected and identified to be “cyberdefenders”.
“Our cyberdefenders will need to possess a high level of skill given the increasing frequency and complexity of cyberattacks,” said Second Minister for Defence Ong Ye Kung. “They will be entering a very selective and demanding vocation, comparable to the commandos or naval divers.”
In their vocation, which will be implemented from August, they are expected to perform roles such as monitoring networks and systems, responding to incidents and forensic analysis. As a pilot project, they may also be deployed to support the Cyber Security Agency to defend critical information infrastructure supporting Singapore’s key networks.
MINDEF also announced that the Headquarters Signals and Command Systems, which includes the SAF training institute for cyberdefence, will sign a memorandum of understanding with Singapore Technologies Electronics (Info-Security) and Nanyang Polytechnic this month.