MORE DANGEROUS WORLD
Mr Shanmugam said that the world faced more dangers in cyberspace now than it did 10 years ago.
“It is no longer enough only to guard our most critical systems. Potential targets have increased. They include external vendors, suppliers, service providers along the entire supply chain. Even residential devices like home routers, IP cameras are now being exploited by cyber attackers,” he said.
He noted that physical conflicts have also spilled over into the digital world, with actors launching cyberattacks to bring down critical infrastructure.
“Singapore has been attacked as well. We are a relevant country geopolitically. We are a digital and data hub that connects the world. And people want to get into our systems, to both influence us and threaten us,” he said.
In Singapore, nearly 80 per cent of organisations have experienced a cyberattack, most committed by cyber criminals.
“‘Hacktivists’ and foreign actors have also used cyber to promote their agendas. Both political and ideological agendas,” said Mr Shanmugam.
He noted that in October 2024, the government blocked 10 websites set up by foreign actors that were masquerading as Singapore websites.
These had the potential to be used for hostile information campaigns against Singapore, he said.
He also recalled last year’s cyberattack involving over 2,700 devices in Singapore, including baby monitors and routers.
These devices were part of a global “botnet” comprising hundreds of everyday devices that could have been used to disrupt critical services.
Mr Shanmugam illlustrated how a cyberattack could destabilise national security.
“Say there is a cyberattack on our power systems. They can disrupt our electricity supply. And the knock-on implications: other essential services, like water supply, transport, medical services – in fact, everything that depends on power, everything will be affected.
“There are economic implications. Banks, airport, industries would not be able to operate. Our economy can be substantially impacted.”
Attacks on telco systems and payment systems can also have serious consequences and impact how Singapore does business, he added.
Singapore will have to reexamine its vendors and supply chains. “And if we decide that we cannot trust them, then we may choose not to use them,” he said.
“At the same time, trust and confidence in Singapore as a whole can also be affected. Businesses may shy away if they are unsure about our systems, and whether the systems are clean, resilient, safe.”
Mr Shanmugam said the government must be “realistic” about what it is up against.
“We are up against very sophisticated actors, some backed by countries with vast resources.” These resources in manpower and technology are almost unlimited and can be deployed at a “formidable scale”, he said.
“Even countries at the frontier of technology have not been able to prevent APT attacks on their systems.
“So realistically, we will have to accept that some attacks, at least, will get through,” he said.
In the face of such threats, the government will have to continue to strengthen Singapore’s cyberdefences and focus on preventing and containing threats, he said.
