In a major effort to shore up its cyber-security capabilities, the Defence Ministry (Mindef) will not only set up a new cyber command but also rope in national servicemen as part of a new cyber-defence vocation.
The vocation, under the Singapore Armed Forces (SAF), will see selected soldiers deployed from August. These “cyber-defenders” will fan out across the new Defence Cyber Organisation, which will also house the SAF’s new Cyber Defence Group, Defence Minister Ng Eng Hen announced on Friday (March 3) in the debate on Mindef’s budget.
The aim is to have about 2,600 servicemen — regulars, full-time national servicemen and operationally ready NSmen — on board in about a decade.
As part of a pilot, some cyber-defenders who are doing National Service may also be deployed to support the Cyber Security Agency of Singapore (CSA) at the national level.
Servicemen can expect to fulfil three key roles: Monitor critical networks and systems around the clock to detect anomalies and flag potential attacks; respond quickly to contain cyber incidents and reduce their impact on regular network operations; and analyse data and detect patterns that may allow the SAF to better defend its networks against similar attacks in future.
Those chosen for the vocation, who will be assessed case-by-case, will need to have the relevant cyber skills, experience and academic background. They could include employees from the cyber-security industry and those who have demonstrated their abilities at cyber competitions.
Before this, only a small number of full-time national servicemen have been deployed to support the SAF’s cyber-defence efforts.
Helmed by Mr David Koh, chief executive of CSA, the new Defence Cyber Organisation will lead and coordinate cyber-security efforts across the defence cluster, including the Defence Science and Technology Agency and DSO National Laboratories.
Its key roles include charting cyber-defence strategies and policies, and supporting the CSA where needed.
As for the new Cyber Defence Group, a formation under the Defence Cyber Organisation, it will monitor and audit the cyber-defence of the SAF’s military networks around the clock and neutralise cyber threats, among other things.
With the SAF transforming itself into a more technology-centric force, the threat of cyber-attacks dealing a blow to its military capabilities has grown. Such hits are already happening overseas. For instance, it was reported last year that cyber-attacks against 160 South Korean firms and government agencies saw more than 140,000 computers compromised, resulting in the loss of more than 40,000 defence-related classified materials.
To ramp up training for cyber-defenders, the Headquarters Signals and Command Systems will this month sign a memorandum of understanding with cyber-security firm ST Electronics (Info-Security) and Nanyang Polytechnic. It will cover six areas, including providing specialised, globally accredited courses and co-developing a customised cyber-defence curriculum.
These new initiatives build on efforts over the years to improve cyber-defence, Mindef said, such as the Cyber Defence Operations Hub established in 2013.
Speaking to reporters earlier this week, Lieutenant-Colonel (LTC) Mok Chuan Hao, the hub’s operations control head, said that the SAF faced “all sorts of attacks”, from those that were less critical detected by its systems to the more advanced ones which require skills and analysis to decipher if an attack has indeed occurred.
“Cyber-attack methods are always evolving, and every year, there’re new methods,” he said, adding that it is thus important for military personnel to learn to spot and counteract such threats.
It takes about half a year to train a cyber-defender. Aside from grasping networks and the SAF’s systems, a cyber-defender — who will undergo a training programme that includes on-the-job training — must also be well-versed in areas such as operating the force’s cyber-defence tools, LTC Mok said.
As part of their training, the cyber-defenders will undergo activities at the Cyber Test and Evaluation Centre regularly. Activities such as network security testing as well as cyber-defence training and exercises have been held at the facility since it opened in 2015.
While figures for cyber attacks against Mindef are unavailable, Dr Ng noted in Parliament last year that cyber intrusions occurred daily: “For those of you in this business, it’s not tens; it’s not hundreds; it’s not thousands; it’s hundreds of thousands or millions of network event logs.”