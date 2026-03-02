Sign up now: Get ST's newsletters delivered to your inbox

The Cyber Security Agency of Singapore said that the nation’s own threat detection technology will be developed by the Centre for Strategic Infocomm Technologies.

The doubling down of efforts to counter such threats comes on the heels of recent attacks by cyber espionage group UNC3886 , known to have executed many advanced persistent threat (APT) attacks on critical services sectors around the world.

The Cyber Security Agency of Singapore (CSA) said that the nation’s own threat detection technology will be developed by the Centre for Strategic Infocomm Technologies, which is a technical agency under the Ministry of Defence.

Such tools have already been deployed in selected critical information infrastructure (CII) systems and will be progressively deployed across the rest.

“We will equip CII (operators) with proprietary threat detection systems to strengthen their abilities to detect malicious activities in their networks, especially those of state-sponsored APTs,” said Mr Tan Kiat How, during the debate on the Ministry of Digital Development and Information’s budget.

The Senior Minister of State for Digital Development and Information said that these proprietary tools complement commercial threat detection systems used by Singapore’s CII owners today.

Mr Tan was responding to a query from Mr Sharael Taha (Pasir Ris-Punggol) about plan to protect Singapore’s CII amid heightened threats.

Singapore’s 11 CII sectors are aviation, healthcare, land transport, maritime, media, security and emergency services, water, banking and finance, energy, infocomm and government.

Four major telcos in Singapore had come under attack by UNC3886 . The attacks, which were discovered around March 2025, were first revealed in July 2025. The telco victims were subsequently disclosed on Feb 9.

Although no sensitive or personal data were stolen , the attackers were able to access servers that manage internal telco systems and exfiltrate network-related data.

Mr Tan said national security efforts like developing cutting-edge technological systems to deal with various threats is typically the exclusive domain of Governments.

“We have decided to avail some of the Government’s expertise to the private sector, to level the playing field between the defenders and the attackers,” he said, noting that the Government will consider funding CII operators for this.

The initiative complements previously announced plans to selectively share classified threat intelligence with CII owners so that they are better able to spot and respond swiftly to threats.

The Government is also considering requiring non-CII systems to meet cybersecurity standards currently imposed on CII owners.

“We have observed that threat actors are also targeting non-CII systems because they may be less secured and can be entry points into CII systems,” said Mr Tan, adding that the Government will be mindful not to impose unnecessary costs on CII owners.

The Infocomm Media Development Authority (IMDA), for one, will be tightening telcos’ cybersecurity regulations - including those for managing virtualisation of infrastructure and credential management - following UNC3886’s attack. No details were shared.

Additionally, a voluntary Cyber Trust Mark certification scheme will soon be mandatory.

Launched in March 2022 by CSA, Cyber Trust Mark certifies companies that demonstrate they have strong and appropriate cybersecurity practices. It was enhanced in 2025 to account for cyber risks in cloud, operational technology and artificial intelligence. The scheme is tiered, with five different cybersecurity preparedness levels.

Cyber Trust Mark requirements will be mandatory for: owners of CIIs; auditors overseeing cybersecurity checks for CII owners; and licensed cybersecurity service providers providing penetration testing and managed security operations centre monitoring services.

CII owners will have till the end of 2027 to obtain the highest tier of Cyber Trust Mark level 5 certification for their non-CII systems that support their business operations and services.

Level 5 certification requires preparedness in all 22 domains, including governance, asset protection and secure access. Lower level certification requires preparedness in fewer domains.

Audtiors of critical information infrastructure and licensed cybersecurity service providers have till the end of 2026 to obtain Cyber Trust Mark certifications.

Residential routers will also need to meet more stringent security requirements by 2027.

Currently, all residential routers sold in Singapore must meet Level 1 requirements - such as having unique default passwords and updated software - under the CSA’s Cybersecurity Labelling Scheme.

However, such measures are insufficient against more sophisticated attacks that exploit weaknesses in data encryption and authentication methods.

Routers will soon need to meet Level 2 requirements, such as stronger security for communications, storage of sensitive data and methods to verify users before granting access.

“Residential routers are common targets for malicious cyber actors because these devices serve as gateways to home networks and can be exploited to either gain access to other connected systems on the networks or become bots to launch attacks on other systems,” said CSA and IMDA which are also looking into requiring IP cameras to also meet higher cybersecurity labelling standards at level 2 as well.

“Besides routers, IP cameras are another common target for cyber threat actors. Threat actors exploit these cameras to spy on individuals. Exploited images are even uploaded onto pornographic websites, or used to blackmail individuals,” said Mr Tan.