Singapore plans to arm itself with 300 specialists trained in cybersecurity skills to better safeguard its systems and networks, and has opened a school to prepare future recruits with relevant skillsets in cyberdefence. The new hires will carry out various tasks such as cyber incident responses, vulnerability assessments, as well as being responsible for operations planning and policy formulation, among others.
These initiatives are led by the Defence Cyber Organisation and will support the country's Ministry of Defence (Mindef) and Singapore Armed Forces (SAF), said the defence ministry in a statement on Wednesday.
The new cyberdefence roles would come under the Command, Control, Communications, and Computers Expert (C4X) vocation for uniformed military personnel as well as the Defence Cyber Expert (DCX) job specialisation for non-uniformed professionals. Both uniformed and non-uniformed personnel would work together with full-time national servicemen to safeguard systems operated by Mindef and SAF. National servicemen encompass male citizens of Singapore, all of whom are required to undergo mandatory uniformed services such as military or police.
C4X staff, specifically, would focus on military cyber operations and build on their understanding of military systems and networks. They also would have to undergo military courses to attain leadership skills and military knowledge, so they would be able to operate alongside their military peers in the SAF.
Depending on their roles, both uniformed and non-uniformed personnel would be trained in technical skills including threat hunting, malware forensics, cryptography, network security, and cyber analytics. Their skills would be built up via in-house training and through professional courses provided by established industry players.
The SAF Cyber Defence School also was established to serve as a training hub in cyber defence and education for Mindef and SAF personnel.
Located at Stagmont Camp, the new training ground aims to equip cyber personnel with the skillsets and knowledge required for their deployment to the various cyberdefence teams in Mindef and SAF. Curriculum and training programmes are regularly reviewed to ensure they are up-to-date with industry developments and personnel are prepared to effectively defend both organisations' networks against cyber threats, according to the ministry.
The school also conducts cybersecurity workshops to beef up education on cyber standards, regulations, and best practices, and to build strong cyber awareness and cyber hygiene.
Pointing to the nation's focus on boosting its long-term cyber defence capabilities, Singapore's Senior Minister of State for Defence Heng Chee How said: "Today, the SAF is using networks and a networked force to fight. So inherent in this approach is the use of high-end technology and digital means. This allows us to multiply the effectiveness of our forces but, at the same time, it also opens up us to being attacked by cyber means.
"This is why we have set up these cyber capabilities to defend our systems, to ensure that our systems are resilient against these attacks, and that we are operationally ready so that we can protect our sovereignty and give peace of mind to Singaporeans," Heng said.
Mindef in February 2017 reported a security breach that compromised the personal data of 850 national servicemen and employees. The cyberattack broke through its I-net system, which supported web-connected computer terminals its employees and national servicemen used for personal online communications or internet browsing.
The following month, in March 2017, the ministry unveiled plans to set up a cybersecurity command centre to combat increasing threats and boost skillsets in cyberdefence. Running 24 by 7, the Defence Cyber Organisation encompassed four key groups and comprised top-ranking military and armed officers, and was manned by 2,600 soldiers operating in cybersecurity operations, policy and planning, vulnerability assessment, and cyberdefence.
In December that same year, the ministry invited 300 white hackers to attempt to penetrate eight of its systems, including the ministry's public website, NS Portal, and Defence Mail. The move marked the first time Mindef embarked on a crowdsourcing effort to uncover bugs in its systems.
The review committee also finds IT staff to be lacking in cybersecurity awareness and resources and SingHealth's network misconfigured with security vulnerabilities, which helped hackers succeed in breaching its systems.
Singapore government will launch a bug bounty initiative by end-2018, when local and international hackers will be invited to test systems for vulnerabilities, as well as a cybersecurity hub next year to facilitate collaboration and training efforts amongst Asean country members.
Singapore government has inked partnership agreements with both countries that encompass data sharing as well as joint technical certification programmes and capacity building initiatives.
Defence Ministry will set up a new 24 by 7 cybersecurity command unit, comprising top-ranking military and armed officers, to monitor potential threats and intrusions.
Country's Ministry of Defence will run a "bug bounty" programme, led by HackerOne, inviting hackers worldwide to identify vulnerabilities in its internet-facing systems.