Fact Sheet - Enhancing Defence Cyber Capabilities

Fact Sheet - Enhancing Defence Cyber Capabilities

Defence Cyber Security Centre, Defence Cyber Organisation

The Defence Cyber Security Centre (DCSC) was established in the Defence Cyber Organisation (DCO) to enable a more effective and coordinated response to cyber incidents across the defence sector.

The DSC, inaugurated by Deputy Secretary (Special Projects) and Defence Cyber Chief Mr David Koh on 16 November 2018, is a vital component of MINDEF/SAF's cyber defence layout and serves as the ‘nerve centre' for the defence sector against increasingly sophisticated and malicious cyber threats. The DCSC oversees cybersecurity efforts for the SAF's military networks, MINDEF/SAF's Operational Support IT systems as well as IT systems for the Defence Science and Technology Agency (DSTA) and DSO National Laboratories.

The DCSC integrates a number of key functions, namely (i) cyber threat intelligence; (ii) security ops centre monitoring and investigation; and (iii) operational control of cyber defence and incident response activities. These integrated capabilities improve the shared situational awareness within the defence sector to identify and protect against cyber threats before they hit these networks. Anomalies detected in one network will be shared across the sector to heighten defences against a possible attack. When necessary, technical resources can also be centrally coordinated and directed to enable an effective response to a cyber incident, ensuring that the defence sector systems are sanitised and brought back online in the shortest possible time.

The DCSC also serves as the conduit for DCO's engagement with other stakeholders in the cyber defence ecosystem, such as the Cyber Security Agency of Singapore (CSA) and other international partners. This collaborative response is essential in dealing with the advanced and rapidly evolving cyber threats faced by the defence sector today.

Defence Cyber Incident Response Teams, Defence Cyber Organisation

The Defence Cyber Incident Response Teams (DCIRTs) are teams of trained professionals responsible for responding to cyber incidents within the Defence Sector. Their responsibilities include:

  • Identifying and analysing cyber threats to various networks and systems
  • Identifying root-cause of cyber incidents
  • Conducting digital forensic investigations and analysis on system and network devices
  • Supporting the containment of threats and recovery of services and systems

The DCIRTs are made up of members from MINDEF, SAF, DSTA, and DSO National Laboratories. Each DCIRT is trained to conduct incident triage1, investigation, digital forensic analysis, and malware analysis.

The DCIRTs can also be deployed to support other national cyber security agencies, such as the CSA, in providing technical expertise and added capacity for incident response to national cyber security incidents. 

Suggested Articles