SINGAPORE: As simulated attackers tried to overload an electrical system, cripple a water distribution network and shut down a gas plant, cyber defence operators across 26 national agencies sprung into action to neutralise the assaults on a fictional state’s critical infrastructure.

These were among the scenarios that more than 200 participants went through from Nov 22 to 24, during the second Critical Infrastructure Defence Exercise held at the National University of Singapore.

The three-day exercise organised by the SAF’s Digital and Intelligence Service (DIS) and Cyber Security Agency of Singapore (CSA) involved employees from organisations such as Changi Airport Group, national water agency PUB, Senoko Energy and Singtel.

To ensure that the scenarios were realistic, officers from the DIS, CSA, the Defence Science and Technology Agency and Infocomm Media Development Authority modelled their attacks on Advanced Persistent Threat (APT) and cyber criminal groups’ tactics and methods, said Colonel Tan Shengyang, Commander of the DIS’ Cyber Defence Group.

Col Tan said the primary objective of the exercise is to prepare and train Singapore’s cyber defenders in the critical information infrastructure sectors, which includes “an experience of what it is like to be in a nation-under-attack scenario”. Such sectors include power, water, telecom and aviation.

Preparations for the exercise took about four months, and about 1,000 physical and virtual systems were created for this purpose, he added.

Military Expert 4 (ME4) Yvonne Tan, who was in charge of leading a team of participants from PUB and CSA in defending a water plant network, said the simulated attack started with a phishing e-mail, followed by an attack on the physical test bed, where values from the water plant were manipulated by hackers. “We had to closely monitor what are the vulnerabilities that are exposed to the external facing, Internet-connected systems, and how we can remediate this action,” she said.

Part of the scenarios included how quickly critical systems can be restored after being attacked. Often times, agencies have business continuity plans that can include steps like re-cloning a system, or reverting the digital platform to a previous stable version, she added.

Speaking to the media on Nov 24, Senior Minister of State for Defence Heng Chee How said cyber attacks have become a fact of life.

“You can see so many examples in the world – real wars, real attacks, commercial sector, security-related sectors – everyday life is disrupted,” he said.

This exercise therefore provides a platform for agencies to jointly prepare to deal with such attacks, he said.

“(It) brings together many agencies throughout Government to come together to learn how to defend together,” Mr Heng added.

This year’s exercise involved twice as many participants as the inaugural edition in 2022, a sign that more of the nation’s digital infrastructure needs to be prepared to face down cyber attacks. The number of participating agencies also grew from 17 to 26.

Separately, DIS also signed memorandums of understanding for cyber collaboration with Google, ST Engineering and Ensign InfoSecurity, a cyber security joint venture between StarHub and Temasek. The Ministry of Defence said the agreements will help expand DIS’s partnership with the technology sector.

DDoS attacks on the rise, 1.7 million attempts to bypass firewalls each month: MOH

The disruption to web services of public healthcare institutions on Nov 1 was triggered by abnormal spikes in Internet traffic, also known as a distributed denial of service (DDoS) attack.

Responding on Nov 22 to parliamentary questions filed by MPs on the seven-hour outage to the websites of public hospitals, polyclinics and healthcare clusters, Health Minister Ong Ye Kung said on Nov 22 that the abnormal traffic circumvented anti-DDoS blocking services and overwhelmed national healthcare IT provider Synapxe’s firewall.

This caused the firewall to filter out the traffic, as well as other services requiring Internet connectivity, including websites and Internet-reliant services, which became inaccessible.

On whether MOH knew the motives behind the attacks, Mr Ong said such attacks are generally on the rise, and that attack methods are changing.

“Those who deploy them have a variety of motives, from hacktivism to petty misdemeanor,” he said in a written reply. “The defences against DDoS attacks will have to constantly evolve to keep up with developing threats.”

Synapxe receives and blocks an average of 3,000 malicious e-mails per day, and 1.7 million attempts to bypass Internet-facing firewalls per month, he noted.

In a related reply, Minister for Communications and Information Josephine Teo said the Government and owners of digital infrastructure here will mitigate and manage cyber attack risks, taking into account how critical a given system is.

“We allocate more resources to harden the most critical systems, and ensure a baseline of measures for all systems,” she said. “Cyber security defence has to be complemented by business continuity plans that mitigate the impact of e-service disruptions when they occur.”

While some disruption might be inevitable, prolonged disruptions should not be the norm, she added. “In addition to prevention, we must also focus on recovering quickly.”

Following further investigations with the Cyber Security Agency of Singapore, Synapxe said on Nov 20 that there was no evidence to indicate that public healthcare data and internal networks had been compromised.

The IT provider added that it will step up its defences against cyber attacks. - The Straits Times/ANN