Singapore to develop its own threat detection tools on the heels of UNC3886 attacks
Sign up now: Get ST's newsletters delivered to your inbox
The Cyber Security Agency of Singapore said the nation’s own threat detection technology will be developed by the Centre for Strategic Infocomm Technologies.
ST PHOTO: CHONG JUN LIANG
- The Government will fund proprietary tools to detect advanced cyber threats, expanding critical infrastructure cybersecurity obligations to non-CII systems due to recent attacks.
- Singapore will mandate Cyber Trust Mark certification for critical infrastructure owners (Level 5 by 2027), auditors, and cybersecurity providers to raise national defence standards.
- Mandatory cybersecurity for residential routers will upgrade to CLS Level 2 by 2027; IP cameras are also being explored, to better protect users.
AI generated
SINGAPORE – Singapore will be developing and deploying its own threat detection tools to help critical information infrastructure (CII) owners here better uncover advanced persistent threats.
The doubling down on efforts to counter such threats comes on the heels of recent attacks by cyberespionage group UNC3886
The Cyber Security Agency of Singapore (CSA) said the nation’s own threat detection technology will be developed by the Centre for Strategic Infocomm Technologies, which is a technical agency under the Ministry of Defence. Such tools have already been deployed in selected critical CII systems, and will be progressively deployed across the rest.
“We will equip CII (owners) with proprietary threat detection systems to strengthen their abilities to detect malicious activities in their networks, especially those of state-sponsored APTs,” Mr Tan Kiat How said during the debate on the Ministry of Digital Development and Information’s budget.
The Senior Minister of State for Digital Development and Information said these proprietary tools complement commercial threat detection systems used by Singapore’s CII owners today.
Mr Tan was responding to a query from Mr Sharael Taha (Pasir Ris-Changi GRC) about plans to protect Singapore’s CII amid heightened threats.
The Republic’s 11 CII sectors are aviation, healthcare, land transport, maritime, media, security and emergency services, water, banking and finance, energy, infocomm and government.
Four major telcos in Singapore had come under attack by UNC3886 no sensitive or personal data was stolen
Mr Tan said national security efforts like developing cutting-edge technological systems to deal with various threats are typically the exclusive domain of governments.
“We have decided to avail some of the Government’s expertise to the private sector, to level the playing field between the defenders and the attackers,” he said, noting that the Government will consider funding CII owners for this.
The initiative complements previously announced plans to selectively share classified threat intelligence
The Government is also considering requiring non-CII systems to meet cybersecurity standards currently imposed on CII owners.
“We have observed that threat actors are also targeting non-CII systems because they may be less secured and can be entry points into CII systems,” said Mr Tan, adding that the Government will be mindful not to impose unnecessary costs on CII owners.
The Infocomm Media Development Authority (IMDA), for one, will be tightening telcos’ cybersecurity regulations – including those for managing virtualisation of infrastructure and credential management – following UNC3886’s attack. No details were shared.
Additionally, a voluntary Cyber Trust mark certification scheme will soon be mandatory.
Launched in March 2022 by CSA, the Cyber Trust mark certifies companies that demonstrate they have strong and appropriate cybersecurity practices. It was enhanced in 2025 to account for cyber risks in cloud, operational technology and artificial intelligence. The scheme is tiered, with five different cybersecurity preparedness levels.
Cyber Trust mark requirements will be mandatory for owners of CII, auditors overseeing cybersecurity checks for CII owners, and licensed cybersecurity service providers providing penetration testing and managed security operations centre monitoring services.
CII owners will have till the end of 2027 to obtain the highest-tier Cyber Trust mark level 5 certification for their non-CII systems that support their business operations and services.
Level 5 certification requires preparedness in all of 22 domains, including governance, asset protection and secure access. Lower-level certification requires preparedness in fewer domains.
Auditors of CII and licensed cybersecurity service providers have till the end of 2026 to obtain Cyber Trust mark certification.
Residential routers will also need to meet more stringent security requirements by 2027.
Currently, all residential routers sold in Singapore must meet level 1 requirements – such as having unique default passwords and updated software – under CSA’s Cybersecurity Labelling Scheme.
However, such measures are insufficient against more sophisticated attacks that exploit weaknesses in data encryption and authentication methods.
Routers will soon need to meet level 2 requirements, such as stronger security for communications, storage of sensitive data and methods to verify users before granting access.
“Residential routers are common targets for malicious cyber actors because these devices serve as gateways to home networks and can be exploited to either gain access to other connected systems on the networks or become bots to launch attacks on other systems,” said CSA and IMDA, which are also looking into requiring internet protocol (IP) cameras to also meet higher cybersecurity labelling standards at level 2 as well.
“Besides routers, IP cameras are another common target for cyberthreat actors. Threat actors exploit these cameras to spy on individuals. Exploited images are even uploaded onto pornographic websites, or used to blackmail individuals,” said Mr Tan.
