Reporting suspected advanced cyber attacks will provide a defence framework: Shanmugam
Sign up now: Get ST's newsletters delivered to your inbox
(Seated, from left) Minister for Digital Development and Information Josephine Teo and Coordinating Minister for National Security K. Shanmugam touring the exhibits at Exercise Cyber Star on Aug 1.
ST PHOTO: CHONG JUN LIANG
Follow topic:
SINGAPORE - Mandating that operators of critical systems, such as those that manage energy, water and transportation services, report suspected advanced cyber attacks will provide the necessary framework for Singapore to defend itself, said Coordinating Minister for National Security K. Shanmugam on Aug 1.
Declining to name the country behind a recent advanced persistent threat (APT) attack on Singapore, he urged organisations to have the mentality that there are and will be breaches.
“Accept that, and be prepared to defend,” he said, speaking on the sidelines of a biennial cyber-security exercise called Exercise Cyber Star, organised by the Cyber Security Agency of Singapore (CSA).
“Tell us immediately the moment you suspect (something). We work with you to try and deal with it,” he added.
Mr Shanmugam’s comments came after the authorities revealed in July that Singapore’s critical information infrastructure (CII) came under attack from UNC3886, a state-linked APT actor.
UNC3886 is one of several APT actors that target Singapore’s CII. Their activities rose more than fourfold from 2021 to 2024.
In the light of increased threats, Singapore amended its Cybersecurity Act in 2024 to require that CII operators declare any cyber-security outage, and any attack on their premises or along their supply chain.
In particular, operators of critical systems must report suspected APT attacks to CSA, whose oversight will expand to include risks that come from suppliers and cloud services. The amendments are expected to kick in later in 2025.
When asked to comment on reported links between China and UNC3886, Mr Shanmugam said: “We release information that we assess is in the public interest... Naming a specific country is not in our interest at this point of time.”
Experts have said that the group is linked to China.
On naming the group, Mr Shanmugam added: “In this case, we felt that the situation and the threat of the attack and compromise were serious enough, and we were confident enough to name UNC3886.”
Responding on July 19 to media reports about UNC3886 being linked to Beijing, a spokesperson for the Chinese Embassy in Singapore said: “China expresses strong dissatisfaction with this, and we resolutely oppose any unwarranted smearing against China.
“In fact, China is one of the main victims of cyber attacks. We reiterate that China resolutely opposes and combats any form of cyber attacks in accordance with the law, and will not encourage, support or condone hacker attacks.”
On Aug 1, Mr Shanmugam, who is also Minister for Home Affairs, also spoke about the need for cyber-security exercises, to be better prepared for attacks, which is why Exercise Cyber Star is important.
The exercise is in its sixth edition, and is the largest to date. It was held over a period of 11 days and involved nearly 500 participants from CSA, sector leads, owners from Singapore’s 11 critical sectors, and the Singapore Armed Forces’ Digital and Intelligence Service.
At the event, CII operators were tested on their skills in countering simulated cyber attacks, such as those from APT actors. CII operators were also tested on their ability to deal with spillover effects from attacks that affect the larger business community and society.
“This exercise brings together the different sector leads, critical infrastructure owners... They come together, put a face to a name, exercise real-life scenarios – things that have happened elsewhere,” said Mr Shanmugam.
“Imagine millions of people travelling on our subways, and something goes wrong... What’s your approach to dealing with the attack? How do you recover from it?” he said, noting that the private sector also needs to have the know-how to better work with the Government to contain the damage.
Singapore’s 11 CII sectors are aviation, healthcare, land transport, maritime, media, security and emergency services, water, banking and finance, energy, infocommunications and government.
Past APT attacks that have hit Singapore include a security breach in the Ministry of Foreign Affairs’ technology systems back in 2014, and intrusions in the networks of two local universities in 2017 believed to be aimed at stealing government and research data.
The Republic in 2018 experienced its worst data breach,
The attacker in this breach on SingHealth was said to have been persistent in efforts to access the electronic medical records system, and is believed to have lurked in the healthcare group’s network for at least nine months.
