SINGAPORE: Owners of Singapore’s critical information infrastructure (CII) will soon be required to report any incidents suspected to be caused by advanced persistent threats (APTs).
The reports must be made to the Cyber Security Agency of Singapore (CSA), said Minister for Digital Development and Information Josephine Teo at the Operational Technology Cybersecurity Expert Panel (OTCEP) Forum on Tuesday (Jul 29).
The new regulations, to take effect later this year, come as Singapore raises its cyber threat alert level in the face of an ongoing attack, according to Mrs Teo.
Earlier this month, Coordinating Minister for National Security K Shanmugam said Singapore is actively dealing with a “highly sophisticated threat actor” attacking its critical infrastructure.
Known as UNC3886, the entity has been described by Google-owned cybersecurity firm Mandiant as a “China-nexus espionage group” that has targeted prominent strategic organisations on a global scale.
“On several occasions in the past, CSA has raised the National Cyber Threat Alert Level (NCTAL). This is to urge everyone to be more alert to cyber threats across Singapore, and especially across all CIIs,” said Mrs Teo.
“Given the UNC3886 attack and heightened APT activity, it should not come as a surprise to anyone that we are currently in a heightened state of alert.”
She shared that the CSA has also convened the CEOs of all CII owners for “a classified briefing on the threat landscape, focusing particularly on the threat from APTs”.
This is all part of efforts to share guidance on the threats and help the CIIs sharpen their readiness response, said Mrs Teo.
She urged the sector not to view the new measures, which flow from last year’s Cybersecurity Act amendments to strengthen incident reporting requirements, as a burden.
“If organisations suspect that they have been targeted, they cannot – and should not – confront the attackers on their own,” said Mrs Teo.
“Reporting such detections early allows CSA to help you. It will also help us coordinate an appropriate national response.”
REAL-WORLD CONSEQUENCES
In her speech, Mrs Teo said it is easy to underestimate the importance of basic cyber hygiene, something that has caused many preventable attacks.
She said that cybersecurity is often likened to a team sport. However, while sports have rules, referees, and the principle of fair play, the cyber realm is more adversarial.
“Those of us in this room today are indeed, on the same team. We are playing defence. But our opponents do not play by the same rules,” she told attendees at Tuesday’s forum.
“And a loss for us could have severe consequences for the people we have been entrusted to take care of.”
Mrs Teo cited cases in Ukraine, Russia and Norway, where critical functions like heating and sewage management were disrupted.
In fact, there are more of such attacks taking place worldwide, with the actors driven by various reasons, she said.
One is financial gain, while another is for long-term persistence, like in the case of APTs, said Mrs Teo.
APTs deploy advanced tools, evade detection and maintain persistent access in high-value networks, she said.
“APTs are often state-linked, well-resourced and determined. They may conduct espionage for their state sponsor. Their other task may be to develop the capacity to disrupt the services and assets in other states,” said Mrs Teo.
She noted that the ongoing UNC3886 attack on Singapore’s critical infrastructure is part of a broader trend, with APT activity detected in Singapore rising over four-fold from 2021 to 2024.
“Until recently, we had not said much about APT activity. Nor had we named any of the groups involved,” said Mrs Teo.
However, the Singapore authorities are now doing so for the first time to let the public know that such threats are not imagined, but real, she said.
“We also need everyone to understand that the potential consequences to our economy and society are very serious,” said Mrs Teo.
APTs target critical infrastructure, which provides essential services for the country, and any attack will have serious real-world consequences.
“These ‘live’ attacks remind us that cybersecurity is not a nice-to-have. It is a must, not just for the IT personnel, but for the CEO and the board,” said Mrs Teo.
“In particular, the owners of CIIs must raise your vigilance, because you provide essential services that Singapore and Singaporeans depend on.”
The CSA will sign a memorandum of collaboration in OT cybersecurity with ST Engineering, to secure access to the latest tools and expertise, and let engineering teams on both sides jointly study and develop solutions in the sector, said Mrs Teo.
In his opening remarks at Tuesday’s event, CSA chief executive David Koh said the agency will continue to work closely with local organisations and international partners to share information and take action against any threats.
He also announced that the agency will support the upcoming inauguration of the OT special interest group by global IT governance association ISACA, on top of its existing groups in cybersecurity and data privacy.
