- Home
- News and events
- Latest Releases
- Oral Reply by SMS Heng Chee How to Parliamentary Question on Assessment of Whether Leaked classified US Military and Intelligence Documents Relate to Singapore on 21 Apr 2023
Oral Reply by SMS Heng Chee How to Parliamentary Question on Assessment of Whether Leaked classified US Military and Intelligence Documents Relate to Singapore on 21 Apr 2023
21 April 2023
This article has been migrated from an earlier version of the site and may display formatting inconsistencies.
Mr Gerald Giam Yean Song: To ask the Minister for Defence (a) whether any of the apparently classified US military and intelligence documents that appeared online addresses Singapore; (b) how does the Government ensure that information and intelligence that it shares with other countries is not compromised by those countries; and (c) in the event of a leak of information, whether the Ministry has damage assessment and mitigation protocols in place to protect related sources, information and intelligence.
Mr Alex Yam Ziming: To ask the Minister for Defence (a) what is the assessment of the purported leak of top secret security documents in the US; (b) whether any of the information relates to Singapore; and (c) how does the Government reduce the risk that sensitive discussions or information is leaked or spied upon.
Senior Minister of State for Defence, Heng Chee How:
With regard to the incident highlighted in the Members' questions, no classified information from Singapore has been reported or detected thus far. There were two pieces of information related to MINDEF in the "leaks" but these are not sensitive and in public domain: that the SAF uses the SPYDER air defence system and a British Defence Singapore Support Unit located in Sembawang to provide support services to visiting vessels from Australia, New Zealand and Britain, members under the Five Power Defence Arrangements (FPDA).
The need to protect our secrets is a paramount and perennial preoccupation for MINDEF and the SAF. As the dictum goes, "loose lips sink ships" and even our country too, if the plans and capabilities of the SAF are compromised and our defences weakened.
Guarding our secrets securely requires a systemic approach and layers of safeguards, both physical and virtual – something that all defence establishments and militaries put into place to prevent leaks of important and vital information. I will assume the members' questions relate more to protecting information online and will not deal with protection of physical assets.
At the highest level of security, highly classified information is stored in air-gap systems with only internal connectivity and strict protocols for access and monitoring. This keeps the information secure but there is always a trade-off which impacts on efficiency for the organisation. Apart from productivity, classified information needs to be shared when plans are reviewed or when dealing with quick cycle events, where information is needed expeditiously. All defence organisations face this conundrum through levels of classification, to balance protection and utility.
When dealing with external partners whether commercially or G-to-G, there are agreements for the protection and handling of classified information and mutual obligations to protect both parties' classified information. But there is a limit despite these agreements in which MINDEF/SAF can control or compel standards of protection in their systems. Therefore, their security standards form an integral part of the assessment when MINDEF awards contracts. In some cases, companies with inadequate security standards have been dropped from consideration even when their products are superior and competitively priced.
In all systems, even ones with the most stringent protection, humans are a potential source and cause for leaks. Attempts to enter into secure systems by exploiting the vulnerabilities of selected individuals with access, using phishing emails and other means are an everyday occurrence. Proactive steps are taken to educate our personnel to mitigate this vulnerability. MINDEF/SAF has also a cyber-monitoring centre – iMSANSOC – that is stood up to detect malware and other threats online.
When security breaches occur, there are established processes in place to thoroughly investigate and ascertain the information compromised and extent of damage incurred. The causes of the breach are also examined, and mitigating or improvement measures implemented where necessary.