Singapore’s Mounting Cyber Threats

Security agencies will find it increasingly challenging to deal with the threat of terrorism, as terrorists can now easily access sophisticated capabilities through the internet or dark web, said Senior Minister of State for Defence and Foreign Affairs Mohamad Maliki Osman.

In the face of such non-traditional security challenges, regional militaries have to step up cooperation and adapt to the new security environment, he added in a speech recently at the S Rajaratnam School of International Studies’ 19th Asia-Pacific Programme for Senior Military Officers (APPSMO).

Below is an excerpt from his speech.

The world has experienced an eventful year of turbulence and security challenges. Allow me to share some perspectives on our increasingly complex security environment.

Ongoing conflicts continue to simmer and threaten regional peace and security.

All of us are deeply concerned by the series of deliberate and provocative actions by North Korea, including the two nuclear tests in January and September last year, as well as what appears to be a ballistic missile just last week.

While Singapore is not a major player on the Korean Peninsula, we watch developments there keenly as any disruption to peace and stability on the Peninsula could destabilise the whole region.

Any miscalculation could have devastating consequences and upset the existing rules-based international order that has allowed peace and security to flourish in the Asia-Pacific for the last few decades. We hope the major players on the Korean Peninsula can find a way to resume dialogue and prevent the situation from deteriorating.

Over the past one year, we have also seen a proliferation of non-traditional security threats, such as cyber and terrorist attacks.

On cyber-security, I’m sure all of you present are aware of the recent Wannacry and Petya attacks which crippled the critical infrastructure of some states and shut down numerous businesses around the world.

The damage from such attacks would be incalculable for many countries, especially as we become more and more reliant on computer networks and the internet.

Terrorism is also increasingly becoming a key threat to our region.

While we are seeing a defeat of ISIS militarily in Iraq and Syria, we are also witnessing a re-emergence of terrorism in the Asia-Pacific.

ISIS has intentions to establish a caliphate in our region too. It has been estimated that more than 1,400 Southeast Asian citizens have travelled to Iraq and Syria to support ISIS, and a large proportion of this number could return after the defeat of ISIS in the Middle East.

There have been an increasing number of attacks claimed by ISIS in Southeast Asia in recent years, such as a grenade attack in Malaysia in June last year and the Jakarta bombing in May this year.

The ongoing siege in Marawi is a reflection of the increasing likelihood of the violent extremism spreading from the Middle East to the Asia-Pacific.

In addition, regional terror groups are well-funded, using charities and non-profit groups as a cover to support terrorism. The ease with which terrorists can conduct small-scale attacks with everyday materials, such as pipe bombs, is also a significant concern.

For example, in Marawi, unlike previous incidents with Abu Sayyaf that were typically kidnappings for ransom, the current Abu Sayyaf is well-armed, well-organised and well-funded by ISIS.

It is supported by funding from illegal drug trafficking networks and a very complex and sophisticated chain of command that runs from Syria, through the Philippines, to Indonesia and elsewhere in the region.

As of early June, the death toll was about 100 including terrorists, government troops and civilians. While the actual fighting is limited to Marawi for now, the trafficking and funding ties, as well as the spillover of terrorist insurgencies, to other parts of Southeast Asia and beyond is a significant source of concern.

The barrier for such terrorist elements to access sophisticated capabilities ranging from cyber to biological and chemical weapons is also lower as they are easily available through the internet or dark web.

This will have a concomitant impact on the security and stability of our region. Militaries and Homeland Security forces will also find themselves increasingly hard-pressed to deal with such adversaries as they gain almost “near-peer” capabilities.

The modus operandi of terrorists is also constantly evolving. ISIS has been very effective in its use of social media thus far.

For example, ISIS has adapted its propaganda material into various languages to cater to the different populations in our region. We are also witnessing increasing sophistication in ISIS’ use of the internet.

Recently, ISIS started creating its own social media platforms to avoid security crackdowns on their communications, as companies like Facebook and Twitter start clamping down on ISIS’ accounts.

An equally great concern for us in this regard is the challenge of fighting self-radicalisation of individuals as they are exposed to radical ideologies via the Internet. Linked to this is how we should strengthen the resilience of our people in the face and aftermath of such terrorist attacks.

Role of Armed Forces Today

In the face of such non-traditional security challenges, how relevant are the armed forces, which have traditionally been structured for full-on conventional warfare.

As conventional conflicts become increasingly unlikely, how prepared are our Armed Forces to address the new challenges in today’s security environment?

The fight against terrorists has moved beyond the frontlines in Iraq, Syria and Afghanistan and come closer to home.

As seen from the Paris attacks, these terrorist attackers are striking in cities, where the terrain is significantly more complex and challenging – urban, high rise, and densely populated areas where militaries are unable to bring the full range of their capabilities to bear.

At the same time, homeland forces may find themselves overwhelmed should these attackers be equipped with military grade capabilities. Militaries will need to find ways to adapt to the new security environment.

The Singapore Armed Forces is therefore building a SAF Training Institute City (SAFTI City), to train our battalions to fight across both conventional and urban terrains successively.

The SAF also recognises that counter-terrorism is a Whole-of-Government endeavour which requires seamless interagency coordination, underpinned by an effective legal framework.

Unfortunately, the threat of terrorism is no longer simply confined to kinetic attacks.

With the availability of cyber tools leaked from the US National Security Agency, terrorists now possess advanced cyber weapons that can take out critical infrastructure and retrieve sensitive military information even as they perpetrate their attacks with devastating impact.

In this regard, it is also important for a country’s cyber infrastructure and defence to be adequately prepared. The Ministry of Defence is in the midst of establishing the Defence Cyber Organisation, which will have about 2,600 soldiers when it is fully stood up.

Regional Cooperation

To counter the cross-border nature of these emerging threats and maintain the existing rules-based international order, Singapore is fortunate to enjoy strong support and cooperation from our friends and partners around the world.

In particular for our region, we have multilateral platforms like the Asean Defence Ministers Meeting (ADMM) and ADMM-Plus to build confidence and interoperability.

Besides addressing non-conventional threats, the ADMM and ADMM-Plus are also valuable platforms in our regional security architecture to build trust and confidence among regional militaries.

As Singapore assumes the ADMM Chairmanship in 2018, we hope to promulgate common guidelines across the maritime and air domains as confidence-building mechanisms for our militaries to reduce tensions and the risk of miscalculations in the region. This is particularly pertinent as the maritime and air traffic in the Asia-Pacific increases with the rising development and prosperity of countries in the region.

In this regard, we hope to expand the Code for Unplanned Encounters at Sea, or CUES in short, to all ADMM-Plus countries. We also hope to establish a set of guidelines for air encounters between military aircraft, akin to the US-China Memorandum of Understanding on the Rules of Behaviour for Safety of Air-to-Air Encounters.

These confidence building mechanisms would be practiced during upcoming ADMM-Plus Exercises, such the maritime security exercise that Singapore will co-organise with the Republic of Korea.

In addition, CUES would also be practiced during the ASEAN-China Maritime Exercise that Singapore will facilitate in our capacity as the ASEAN-China Dialogue Relations Coordinator.

As we grapple with the threat of terrorism, regional countries will have to come together to shoulder this collective responsibility.

Closer cooperation with each other is critical especially as terror attacks could be planned or even launched from one country to damage another.

Last year, Singapore convicted four Bangladeshi nationals who plotted to finance terror attacks in their own home country. We also saw an ISIS-linked group plotting to launch a rocket attack on Singapore from the island of Batam.

Singapore and Indonesia worked closely together to foil the attack and arrest the group.

As Malaysian Defence Minister Hishammuddin Hussein rightly said, such joint initiatives and cooperation will show ISIS that they are not just facing individual countries but a united Southeast Asia.

Intelligence sharing is also essential in countering the threat of terrorism.

Given the transnational nature of terrorist threats, no one country has the bandwidth to identify all the threats out there. The only way we can address this is if countries pool our resources together and share intelligence.

During my visit to Indonesia in June this year, the Indonesian Defence Minister General Ryamizard Ryacudu suggested to develop a regional framework for intelligence sharing, joint training and exercises on counter-terrorism.

Hisham and I think that this is a good and timely idea given the increasing terrorist threat, exemplified by the Marawi situation in the Philippines.

Beyond the Asia-Pacific region, we also recognise the global nature of threats like terrorism and cyber-attacks. In this regard, we welcome all our partners to also share their experiences and ideas through professional exchanges and exercises between militaries.

Of course, aside from the military exercises that we conduct, dialogue is also important. Particularly in times when we may not always agree on the way forward, we can leverage platforms like the Shangri-La Dialogue and APPSMO. These are useful in developing shared perspectives on security threats and finding constructive solutions.

Today Online:

You Might Also Read:

Singapore Defense Ministry Under Remote Attack:

Australian Government Networks Hacked:

« Australian Spy Data Helps Business Cyber Threats
The US Power Generation System Is Under Siege »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

itWatch

itWatch

itWatch is focused on data loss prevention (DLP), endpoint security, mobile security, encryption, and cost reducing solutions for IT operations.

BetterCloud

BetterCloud

BetterCloud puts IT in control of the modern workplace through user lifecycle management, data discovery, and IT and security automation purpose-built for SaaS.

Identillect Technologies

Identillect Technologies

Identillect Technologies provide a user-friendly secure email solution to protect critical information, with an emphasis on simplicity.

Evidence Talks Ltd

Evidence Talks Ltd

A leading forensic computing authority developing unique digital forensic technologies. Tools that detect potential terrorists & criminals & used by the military, enforcement & intelligence commmunity

Expel

Expel

Expel provide transparent managed security services, 24x7 detection, response and resilience.

David Hayes-Export Controls

David Hayes-Export Controls

David Hayes-Export Controls provides assistance to companies affected by export controls or who are considering entering the market but are unsure of the commercial and regulatory implications.

Digital Craftsmen Ltd

Digital Craftsmen Ltd

We're ISO27001 & Cyber Essentials Cybersecurity experts, delivering full cloud security and managed services. We take a bespoke approach for each client from hosting, optimising & securing them online

AgileBlue (Agile1)

AgileBlue (Agile1)

AgileBlue (formerly Agile1) is a managed breach detection company with an Autonomous SOC-as-a-Service for 24×7 monitoring, detection and guided response.

Clear Skye

Clear Skye

Clear Skye, an Identity Access and Management (IAM) software company, reimagines enterprise identity access and risk management software to make a complicated problem easier to manage.

Zaviant Consulting

Zaviant Consulting

Zaviant Consulting is a leading data security and privacy consulting firm assisting organizations comply with constantly evolving security frameworks and privacy regulations.

Verica

Verica

Verica uses chaos engineering to make systems more secure and less vulnerable to costly incidents.

iVision

iVision

iVision is a technology integration and management firm that engineers success for clients through objective recommendations, process and technology expertise and best-of-breed guidance.

SecurityBridge

SecurityBridge

SecurityBridge provide a cybersecurity connection between our customers’ IT departments, the forward-facing business services, and their SAP applications.

CMIT Solutions

CMIT Solutions

CMIT Solutions is a recognized leader in Managed IT Services for businesses. We empower businesses like yours by providing innovative technology solutions, managed IT services and cybersecurity.

Emircom

Emircom

Emircom is one of the Middle East's leading independent providers of IT infrastructure services, helping clients to drive growth and deliver measurable outcomes.

Cylerian

Cylerian

Cylerian is a Next Generation SaaS Security Platform - One unified cloud platform to achieve your security, compliance, and operational objectives.