SINGAPORE - For the first time, more than 200 participants from all designated Critical Information Infrastructure (CII) sectors in Singapore took part in a cyber-security exercise on Tuesday (July 18).
Exercise Cyber Star, led by the Cyber Security Agency of Singapore (CSA), is a whole-of-government effort that tests Singapore's cyber incident management and emergency response plans.
All 11 designated CII sectors in Singapore were involved in the exercise. These include aviation, healthcare, land transport, maritime, media, security and emergency, and water, on top of the banking and finance, government, energy and infocomm sectors that took part in the inaugural exercise in 2016.
These agencies, which include both public agencies and private companies, were involved in scenario sessions, workshops and table-top discussions on how to react to a cyber attack on critical infrastructure.
Deputy Prime Minister and Coordinating Minister for National Security Teo Chee Hean, who observed the exercise and interacted with participants on Tuesday morning, said such an exercise is a good opportunity for Singapore to level up its cyber-security capabilities and ensure the country is as ready as possible for potential attacks.
“In this field, things evolve very, very quickly. You may be ready today, but may suddenly come up against a zero-day attack which you’re not even aware of. We must have a response capability if an attack does happen,” he said.
Minister for Communications and Information Yaacob Ibrahim and Senior Minister of State for Communications and Information and Education Janil Puthucheary were also present at the exercise.
Dr Yaacob, speaking on the new Cyber Security Bill which was recently open to public consultation, said it outlines the importance of ensuring the cyber-security requirements expected of those responsible for critical infrastructure in Singapore.
“We have a good Bill to bring the cyber-security preparedness of Singapore ahead. But more importantly, I see the Bill as a way to empower ourselves and the CII sectors to be ready for any cyber attack,” he said.
The exercise also tested the technical capabilities of the National Cyber Incident Response Teams through simulated incidents.
The exercise scenarios covered different types of cyber attacks targeting essential services, including Web defacement, widespread data exfiltration malware infections, ransomware hits, distributed denial of services (DDoS) attacks and cyber-physical attacks.
Participants had to develop and test their incident management plans in response to the simulated attacks.
CSA chief executive David Koh said: "These exercises are important in bringing all our critical sectors together to strengthen our incident response plans and enable better cross-sector coordination."