Senior Minister of State for Defence Mr Heng Chee How and Senior Minister of State for Communications and Information and Health Dr Janil Puthucheary visited the Critical Infrastructure Defence Exercise (CIDeX) 2023 this afternoon. During the visit, Mr Heng and Dr Janil were briefed on the conduct and how CIDeX 2023 strengthened inter-agency collaboration to detect and tackle cyber security threats. They also interacted with CIDeX 2023 participants.

CIDeX 2023 is held from 22 to 24 November at the National University of Singapore (NUS) School of Computing. It is organised by the Digital and Intelligence Service (DIS) and the Cyber Security Agency of Singapore (CSA), and supported by iTrust^[1]/SUTD and the National Cybersecurity R&D Laboratory (NCL). CIDeX is an Operational Technology (OT)^[2] Critical Infrastructure defence exercise that focuses on training and strengthening Whole-Of-Government (WoG) cyber capabilities to detect and tackle cyber security threats to Information Technology (IT) and OT networks that control the operations of critical infrastructure.

This year's edition of the cyber defence exercise involved over 200 participants^[3] from the DIS, CSA and 24 other national agencies across six Critical Information Infrastructure (CII) sectors^[4]. CIDeX 2023 also featured an expanded digital infrastructure, with six enterprise IT networks and three new OT testbeds, enabling participants to operate on six OT testbeds across four CII sectors – power, water, telecom, and aviation.^[5]

During the exercise, Blue Teams which comprised participants from national agencies as cyber defenders, defended their respective digital infrastructure against live simulated cyber-attacks launched by a composite Red Team made up of DIS, CSA, DSTA and IMDA personnel. Specifically, Blue Team participants leveraged cyber tools to monitor, detect and thwart cyber-attacks by the Red Team. Exercise scenarios involved fictitious attacks on both the IT network and OT testbeds that could disrupt operations and impact way of life. These attacks include overloading the airport substation, water distribution and shutting down a gas plant. CIDeX provided participants with the opportunity to sharpen their instincts and technical competencies, and share expertise and perspectives across agencies.

Prior to the exercise, participants underwent a five-day hands-on training programme at the Singapore Armed Forces (SAF)'s Cyber Defence Test and Evaluation Centre (CyTEC) at Stagmont Camp to develop and hone their cyber defence competencies.

On the sidelines of CIDeX 2023, the DIS also signed Memorandums of Understanding (MoUs) for cyber collaboration with Ensign InfoSecurity, Google, and ST Engineering, to expand its partnership with the technology sector. This is in addition to the MoU that the DIS had signed with Microsoft earlier this year.

Sharing his thoughts on the visit, Mr Heng spoke on the importance of inter-agency cooperation and expressed the DIS's commitment to national cyber defence. "CIDeX is a platform where we bring together many agencies throughout government to come together to learn how to defend together. So for this year's exercise, co-organised by the DIS and CSA, they brought together another 24 entities within government, making a total of 26 (agencies), 200-odd participants, to train themselves ahead of this exercise and have put their best, their heart and soul in it… learning, not only how to better defend their particular domain but also working with related agencies to do it together. Because they understand that in this, really, you are as strong as your weakest link," he said.

Dr Janil also highlighted CIDeX's role in the WoG effort for cyber defence. "Defending Singapore's cyberspace is not an easy task, and it is a team effort. Cybersecurity exercises, whether they are at the national or sector level, are important to prepare ourselves for any cyber-attack or disruption. Today, I am glad to see the strong partnership between the Cyber Security Agency of Singapore and the Digital and Intelligence Service to bring together Critical Information Infrastructure stakeholders to hone their cyber incident response capabilities, challenge themselves during the hands-on exercises, exchange best practices, and demonstrate good teamwork in the process. This is a good example of our Whole-of-Nation efforts in strengthening Singapore's digital resilience and enhancing our national cybersecurity posture," he said.

The visit was hosted by Chief of Digital and Intelligence Service/Director Military Intelligence Major-General Lee Yi-Jin. Mr Heng and Dr Janil were also accompanied by Chief of Defence Force Vice Admiral Aaron Beng and Permanent Secretary (Defence Development) Mr Melvyn Ong.

[1]iTrust is a multidisciplinary research centre located at the Singapore University of Technology and Design (SUTD). It was jointly established by SUTD and the Ministry of Defence (MINDEF) in 2012.

[2]OT refers to hardware and software that monitor and control devices, processes and infrastructure. These include Industrial Control Systems (ICS), Supervisory Control and Data Acquisition (SCADA) systems, Safety Instrumented Systems (SIS), and Programmable Logic Controllers (PLCs).

[3]CIDeX 2022 involved over 100 participants.

[4]The 24 other participating agencies, in addition to the DIS and CSA, are: Changi Airport Group, Civil Aviation Authority Singapore (CAAS), Energy Market Authority (EMA), Infocomm Media Development (IMDA), Jurong Port, Land Transport Authority (LTA), M1, Maritime and Port Authority of Singapore (MPA), Pavilion Energy, Public The 24 other participating agencies, in addition to the DIS and CSA, are: Changi Airport Group, Civil Aviation Authority Singapore (CAAS), Energy Market Authority (EMA), Infocomm Media Development (IMDA), Jurong Port, Land Transport Authority (LTA), M1, Maritime and Port Authority of Singapore (MPA), Pavilion Energy, Public Utilities Board (PUB), PSA Singapore, SBS Transit, Sembcorp, Senoko Energy, SATS, Singapore Airlines, Singapore LNG (SLNG) Corporation, SingTel, SMRT Corporation, SP Group, SP Tel, Starhub, Tuas Power and YTL PowerSeraya.

[5]The three new testbeds are (i) gas pipeline; (ii) 5G network; and (iii) airport.