Why Singapore remains cautious over naming state actors in cyber-attacks

SINGAPORE — As Singapore ramps up efforts to confront cyber terrorism, Yahoo Singapore speaks to RSIS’ Muhammad Faizal Abdul Rahman about cyber threats and what you can do to be better prepared in 2026.

Faizal, who has a research background in terrorism and geopolitical cyber threats, also gives his thoughts on why Singapore is cautious about publicly identifying state actors and the government’s move to start sharing classified threat intelligence with organisations in critical sectors.

Q: What can the government do to better educate the regular person on cyber threats?

Faizal: The government has implemented cybersecurity awareness campaigns and cyber hygiene programmes, including in schools, to educate the public. These should be sustained and could be updated to adapt to changes in the threat landscape and could be further customised to suit different sections of the demography.

Q: A recent case involving three foreign hackers in Singapore mentioned the use of PlugX-related tools. What exactly is PlugX?

Faizal: Cybersecurity experts have described PlugX as a sophisticated malicious software that can avoid detection while infiltrating computer devices and performing a multitude of cyber espionage activities.

Q: Going back to the case: There’s quite a lot of information in the report to digest, can you pick out any key observations?

Faizal: One key observation is that the use of the same malware by both state-affiliated cyber threat actors and cybercriminals have blurred the lines between crime and national security as well as law enforcement and defence in the digital domain. Similar to how nation states have used mercenaries in the physical world to avoid international law and accountability in pursuing geopolitical interests, nation states can use cybercriminals as a deniable tool of state power to compete geopolitically in the digital domain.

Q: In a recent opinion piece back in July, you suggested Singapore prefers technical attribution over political attribution when it come to identifying state actors involved in cyber-attacks. Please explain.

Faizal: Countries that consider themselves neutral or non-aligned may prefer technical attribution over political attribution of malicious cyber activities. Technical attribution is based on factual data gathered during investigations and point to the perpetrator operating these activities.

Political attribution may not always use factual data and usually pins the blame on a nation-state believed to be behind the perpetrator. While technical attribution demonstrates an act of defence, political attribution could be perceived as escalatory.

So, countries need to assess where they stand in the realm of geopolitics and power to decide the course of action that best suits their national interests.

Q: In October, MINDEF established the Digital Defence Hub (DDH). Can you talk a bit about the importance of this development in light of the UNC3886 attacks?

Faizal: The Digital Defence Hub is a new unit in the Centre for Strategic Infocomm Technologies (CSIT), which has been around in MINDEF since 2003. It is likely that the strategic goal of the Hub is to better bring together defence capabilities and threat intelligence with those of the civilian Cyber Security Agency (CSA) and SAF’s Digital and Intelligence Service.

This development also shows that civilian and defence agencies need to work together in defending the digital domain where civilian interests are often the targets in cyber conflict between nation-states. It may also be a response to better prepare Singapore for the reality that the digital domain is being increasingly militarised, which is a reflection of the physical world today where there is an increase in armed conflicts and inter-state tensions.

Q: It was also announced in October that the government will start sharing its classified threat intelligence with organisations in critical sectors. Can you explain this shift?

Faizal: Sharing critical intelligence with critical infrastructure sectors reflects the reality today where critical infrastructures that provide essential services to the public and economy are targeted during peacetime and armed conflicts. There are international cyber norms that require nation-states not to damage critical infrastructure, but the reality today is that international rules and norms are increasingly being undermined. Physical borders as well as the digital backbone of critical infrastructure are the frontlines of conflict.

Q: Lastly, can you offer some advice to the layman on steps they can take to stay safer in 2026 with regard to their cybersecurity?

Faizal: It is necessary for the public to stay abreast of the situation by firstly regularly updating their devices’ software and apps and install security tools and secondly take note of advisories issued by the Cyber Security Agency of Singapore (CSA) and the Singapore Police Force.

For individual resilience, it would be useful to plan for situations where digital systems are down due to cyber threats. For example, do we need to keep some cash in the pocket in the event that digital payments are unavailable due to disruptive cyber-attacks to the financial infrastructure? Do we keep flashlights, spare batteries and power banks at home in the event that cyber-attacks targeting power grids cause blackouts?

Muhammad Faizal is a Research Fellow with the Regional Security Architecture Programme, Institute of Defence and Strategic Studies (IDSS) at the S. Rajaratnam School of International Studies (RSIS).

Read Full Article At Source