SINGAPORE – With cyber attacks becoming more sophisticated, the Ministry of Defence has established a new unit to equip the Government’s network defenders with stronger capabilities, while tightening their coordination.
The new Digital Defence Hub (DDH), which comes under Mindef’s Centre for Strategic Infocomm Technologies (CSIT), has also been tasked with driving cyber-security collaboration, both within the Government and with the private sector.
Coordinating Minister for National Security K. Shanmugam announced the new unit on Oct 17 at TechCon, an annual closed-door technical conference hosted by CSIT.
Speaking at the conference, he said the new unit will focus on developing and deploying capabilities to support a wide range of public agencies and missions important to national security, such as to counter advanced persistent threats (APTs).
APTs are well-resourced attackers, usually state-linked, who lurk in networks to steal sensitive information or disrupt essential services.
In July, Mr Shanmugam had said the authorities were dealing with an ongoing attack on Singapore’s critical information infrastructure by UNC3886, an APT group. While the authorities did not disclose UNC3886’s sponsors, experts have linked the group to China.
In his conference speech, Mr Shanmugam said suspected APT attacks on Singapore more than quadrupled between 2021 and 2024. Other forms of digital threats that can severely disrupt societies, such as ransomware attacks and digital scams, are also evolving quickly, he noted.
“The challenges are growing. As a highly connected and digital society, stepping up our digital defence, is a clear priority,” said Mr Shanmugam, who is also Home Affairs Minister.
Dr Adrian Tang, who is group director of the DDH, said the new unit aims to “better counter high impact digital threats, especially particularly advanced persistent threats against our government systems and critical infrastructure”.
The new unit will focus CSIT’s deep expertise in various technical areas like cyber threat research, malware analysis and red-teaming into better capabilities for public agencies to defend, investigate and respond against high-impact cyber threats, he added.
Red-teaming refers to ethical hackers simulating cyber attacks to improve an organisation’s ability to detect and nullify real attacks.
Set up in 2003, CSIT is the lead digital technology agency in Mindef that builds digital tools to meet the Republic’s national security needs.
These tools include ACUBE, a malware analysis platform that automates and streamlines the study of malicious software, which helps security researchers draw rapid insights into malware behaviour for more effective incident response and threat hunting.
Another is NEMOS, a threat detection system that uses CSIT’s expertise for the proactive hunting of cyber threats across networks.
CSIT, DSO National Laboratories, the Defence Science and Technology Agency and some Mindef departments together form Mindef’s 6,500-strong defence technology community, which has been credited with providing the technological cutting edge to the Singapore Armed Forces.
At CSIT’s 20th anniversary celebration in 2023, then Senior Minister Teo Chee Hean said the agency’s role had mostly been in the background for national security reasons, but that the capabilities it developed had helped other agencies such as the Ministry of Home Affairs, the Government Technology Agency and the Cyber Security Agency of Singapore (CSA) to defend against malicious threats.
After the SolarWinds attack was exposed in 2020, CSIT and CSA also worked together to investigate potential data breaches in Singapore. There was no indication found that the Republic’s critical information infrastructure had been adversely impacted.
SolarWinds, an attack attributed to a Russian-sponsored APT group, had been described by cyber researchers as one of the largest and most sophisticated the world had seen to date.
CSIT chief executive Darren Teo said that as a small country with an outsized digital footprint, Singapore needs to develop technologies and capabilities to safeguard its digital space, to ensure critical digital services can continue to run reliably even while under attack.
“Through the DDH, CSIT will provide a platform to collaborate in building capabilities and sharing intelligence and insights to better safeguard our digital space,” he said.
Mr Shanmugam also emphasised the importance of collaboration in tackling cyber threats. He said regular exchanges between government agencies and industry partners have helped all parties form a more complete picture of the threat landscape and threat actors, and helped the Government investigate activities by UNC3886.
“We have to work together because the attackers, the bad guys, are increasingly very sophisticated, and they are able to conceal their activities,” he said. “And we need, as it were, many different brains, many different torches to shine the light and uncover the activities and make it much more difficult for the attackers.”
