Home Front

Cyber defenders wanted on the new battlefield

The move to introduce 'cyber defenders' in the military is a good one. It can draw lessons from Israel's Unit 8200 that has buttressed cyber security and spawned an entire industry.

Singapore's education system couldn't inspire enough students to start a career in cyber security - so the military is being called in to lend muscle.

A cyber security vocation will start in national service (NS) in August to allow tech prodigies to receive cyber security training in incident response and forensic investigation, among other areas.

It may be the answer to Singapore's need to develop its own "cyber defenders", as they are called, in the wake of the recent data breach at the Ministry of Defence (Mindef).

The February discovery of the theft of 850 national servicemen's and Mindef staff's personal data was said to be a "carefully planned" attack that exploited a vulnerability in a Mindef server.

Last week in Parliament, Defence Minister Ng Eng Hen announced his ministry's target to train 2,600 cyber defenders in 10 years - a big jump from the current undisclosed numbers that "reflects the importance of this new battlefront".

It is perhaps ironic that the very people who failed to plug a system vulnerability are given the reins of leadership in Singapore's renewed drive to ramp up its cyber security talent. But there is no better place to catch every eligible male Singaporean and permanent resident than in NS. In Singapore, male citizens and PRs serve mandatory full-time national service for about two years when they turn 18.


ST ILLUSTRATION: MIEL

Mr Jeffrey Kok, CyberArk's director of Asia-Pacific and Japan, said that cyber security training is "a natural extension" of NS to protect Singapore's assets.

ISRAEL'S UNIT 8200

Enlisting a crack team of cyber security talent in the military is not a novel idea. Israel is known for it. Its elite cyber intelligence team, known as Unit 8200, is the latest iteration of the nation's effort that dates back to the 1930s - driven by a desire to survive in a hostile environment.

Just what does it take to be a cyber defender?

Mr Amir Ofek, 41, spent five years in Unit 8200 as an officer in charge of new trainees in the elite unit.

Now the chief executive officer of Israeli cyber security services firm CyberInt, he told The Straits Times: "In Israel, we do not just look at grades or credentials but people's ability to think."

The Israeli military looks for people with "rosh gadol", which in Hebrew means "big head", said Mr Ofek. It is a positive term for people who can see the big picture or think out of the box. It also describes people who take responsibility and initiative, demonstrate leadership potential and are willing to go beyond the call of duty.

He said that potential candidates are put through a series of assessments and interviews - to determine their character, aptitude and psychology - over six months in high school before enlisting them at 18.

"It is just as important to screen out people who are dishonest," he said. "You may inadvertently train an enemy."

Mr Ofek would not go into the details of training in the elite unit. Suffice to say, their experience is highly regarded as the rigorous programme had reportedly put trainees through life-and-death scenarios, including hacking the systems of enemies.

Unit 8200 also has a high tolerance for "stretched boundaries" that is atypical of a military set-up, he said. "It gives people a sense of ownership."

ALUMNI AND INDUSTRY LINKS

One concern about the cyber defence vocation is the waiting time that will be required for Singapore to develop a steady pipeline of talent, and whether it can find people with the relevant experience and skills to train newly-enlisted cyber defenders.

Mindef used 10 years as its timeframe, which many security experts think is a realistic one.

Mr Ofek said that in Israel, Unit 8200 benefits from a strong alumni network, as older members often make an effort to integrate new 8200 graduates into the workforce.

"Many Israelis aspire to join the 8200 knowing that being part of it guarantees them a job in the future," said Mr Ofek.

Case in point: Half of the 50 people-strong workforce at CyberInt are 8200 alumni.

In fact, not only does Unit 8200 augment the nation's cyber security, it spawned an entire industry, as many young men trained in the military went on to found companies.

US business magazine Forbes estimated in a May 2016 report that more than 1,000 Israeli start-ups had been founded by Unit 8200 alumni. Many of these companies were acquired by global tech giants. In October 2013, Facebook reportedly paid US$120 million for Israeli mobile analytics firm Onavo. In September 2015, Microsoft bought Israeli e-identity and security services firm Adallom for US$250 million.

Today, Israel is the world's second-largest exporter of cyber security products and services, reportedly worth US$6 billion (S$8.5 billion) a year - second only to the United States - despite its population of just 8.6 million.

In the first quarter of this year, 28 Israeli firms were listed among the world's top 500 hottest and most innovative cyber security firms, according to US-based market research firm Cybersecurity Ventures. They include Check Point and CyberArk.

INTERIM MEASURES

Meanwhile, critical systems still need to be protected even as Singapore prepares its future pipeline of cyber security experts.

The Cyber Security Agency (CSA), the national agency overseeing Singapore's cyber security efforts, is chipping in by starting a new scheme in July to enhance cyber security professionals' career progression in the public sector.

Dubbed Cybersecurity Professional Scheme, it hopes to draw more people into cyber security jobs.

The target is to double the existing pool of cyber security professionals in the public sector to 600 over the next few years.

At the same time, the Government is minimising its risks amid heightened security threats by hiving off Internet access from the work computers of more than 100,000 public servants from May.

The aim is to create an "air gap" between the Web and the Government's internal systems to prevent classified information from leaking on the Internet, and malware from infiltrating government internal networks.

While the move drew flak for being draconian when news first broke, it doesn't seem an over-reaction now, given the recent Mindef hacking incident, and attacks in other countries.

Last December, the US Central Intelligence Agency discovered that Russian hackers were able to break into the Gmail account of top-ranking Democrat John Podesta and access some 60,000 e-mail messages, presumably to help Mr Donald Trump in the US presidential election.

In another example, cyber attacks on Ukraine's power grid in 2015 cut off power to an area about 20 times the size of Singapore in the depth of winter.

In Mindef's case, no classified information was stolen because it had already delinked classified systems from the Internet. But Dr Ng warned last week of more attacks that could wreak "utter chaos".

Such threats are intensifying amid the Government's push for more local companies to go digital to weather the economic disruptions brought about by new technology.

There is also increased risk from the push for more e-transactions among citizens.

Last May, a government-backed digital vault of personal data - MyInfo - was launched. People can access MyInfo with their SingPass, which Minister-in-charge of the Smart Nation Initiative Vivian Balakrishnan had criticised in Parliament last week as being "not good enough" as a secure digital identification system.

In the absence of a more secure biometric authentication system - which the Government started exploring in March last year with a Mobile Digital ID tender - it's time to make individuals pay more attention to their own cyber hygiene.

Every individual needs to do his part in defending his own cyber turf, even with crack cyber defender troops defending the nation's infrastructure.

The weakest link can take down the entire chain.

A version of this article appeared in the print edition of The Straits Times on March 09, 2017, with the headline 'Cyber defenders wanted on the new battlefield'. Print Edition | Subscribe