Singapore cyber defenders fight simulated attacks on AI-enabled systems in 4-day exercise

SINGAPORE – More technology is moving onto the cloud – meaning its data is hosted on remote servers rather than on personal devices – and integrating artificial intelligence (AI), which opens it up to new kinds of malicious attacks.

To improve Singapore’s ability to counter these emerging threats, soldiers from the Singapore Armed Forces (SAF) and civilians from various agencies and key industries took part in a four-day exercise from Nov 12 to 15.

They had to identify and stop threats to a system operating on cloud and AI technology, and six other key services – power, water, gas pipelines, the 5G network, airports and the rail system. 

More than 200 participants – including those from SAF’s Digital and Intelligence Service, the Cyber Security Agency of Singapore and 26 other agencies such as the Land Transport Authority, Government Technology Agency and national water agency PUB – took part in the exercise, known as the Critical Infrastructure Defence Exercise (Cidex).

During Cidex, teams were given various challenges mimicking tactics adopted by real-life cyber attackers. 

They included attacks intended to disrupt operations and civilian life, such as compromising a 5G mobile network and interrupting power supply and rail operations. 

To prepare for Cidex, participants underwent a six-day, hands-on training programme.

Participant Neo Jie Ling, 40, who works in information security at telco StarHub, brushed up on her skills in detecting and analysing anomalies in a mobile network during the training and exercise. She said: “I was mainly looking at the threat actors and trying to map their tactics and attack patterns to try to see how they correlate with the data that we’re seeing.”

The drills will help participants improve their skills in combating threats, said the exercise’s director, Senior Lieutenant-Colonel Benjamin Lim.

“Beyond just having the knowledge and skills, we also try to hone their instincts to detect the type of trails that potential attackers could leave,” he added.

This is the third edition of Cidex and the first time that simulated cloud, AI and rail systems were included. It is a response to emerging threats in cyberspace amid the increasing use of new technologies, said defence cyberchief Edward Chen.

Brigadier-General Chen added: “One of the things we have done for Cidex this year is to build a new cloud and AI test bed, so that our cyber defenders can have a first-hand understanding of these systems, to be able to identify new things, for example, cloud vulnerabilities, as well as AI-centric threats like prompt injection attacks.”

Prompt injections are a kind of cyber attack targeting large-language models that power generative-AI applications such as the widely used chatbot ChatGPT.

Such an attack feeds malicious prompts, or instructions, to such chatbots, causing them to ignore built-in security features and possibly divulging sensitive information.

The pace of change of technology means that it is important for SAF to continue to partner the private sector in cyber defence, BG Chen added.

He said: “Our cyber defenders must understand the terrain that they operate in... especially with the introduction of new technology.

“With the support of the private sector, we can continually innovate and find new ways to understand the related threats, as well as think about how to leverage some of these tools.”