Poisoning a water treatment plant, ceasing water distribution and cutting off its power supply. These were the attacks that 55 cyber defenders were fending off over a two-day period on 15 and 16 Nov.
Participants from the Singapore Armed Forces’ (SAF’s) Digital and Intelligence Service (DIS) and various national agencies took on roles as cyber defenders – also known as the Blue Team – to defend the exercise’s digital infrastructure, which comprised a water treatment plant, a water distribution plant and a power grid system.
Their enemy? A team of cyber attackers (the Red Team) made up of both DIS and Cyber Security Agency of Singapore (CSA) personnel.
Held from 15 to 16 Nov at the National University of Singapore (NUS) School of Computing, the inaugural Critical Infrastructure Defence Exercise (CIDeX) involved over 100 participants from the DIS and 16 other national agencies across the Critical Information Infrastructure sectors.
These included the Land Transport Authority; Maritime and Port Authority of Singapore; PUB; Sembcorp; Senoko Energy; SingTel; SMRT Corporation and ST Engineering.
Speaking to the media on at NUS on 16 Nov, Chief of Defence Force Lieutenant-General Melvyn Ong said that the CIDeX is a step in the right direction to better deal with threats in the digital space.
“The CIDeX allows industries, government agencies and private sectors to come together to work on common issues that threaten all of us, especially in the area of critical infrastructure. It is extremely important that we work together, talk more and exercise together.”
Realistic training for cyber defenders
Supported by CSA, iTrust/Singapore University of Technology and Design as well as the National Cybersecurity R&D Laboratory, CIDeX is the largest Operational Technology (OT) Critical Infrastructure defence exercise focused on training and strengthening WoG cyber capabilities to detect and tackle cyber security threats to Information Technology and OT networks that control the operations of critical infrastructure.
This is also the first exercise that the DIS is taking part in, since its inauguration on 28 Oct.
Head of Organising Secretariat for CIDeX, Military Expert (ME) 6 William Teo said: “We want to give our cyber defenders a realistic experience of what it is like to defend the nation when we are under cyberattack.
“We need to train them to be ready in times of crisis…because defending the nation is our core business.”
To prepare them for the exercise, the participants went for a three-day hands-on training programme at the SAF’s enhanced Cyber Defence Test and Evaluation Centre at Stagmont Camp to develop and hone their cyber defence competencies.
“Besides honing their skills, we also want them to build rapport as cyber defence is a team sport,” said ME6 Teo, 45.
For ME5 Eugene Tay, the three-day training not only helped him to dive deep into the tools and protocols required of a cyber defender, it also gave him an opportunity to bond with personnel from other agencies and understand one another’s strengths.
“The network is very big and everyone has to focus on different areas, so communication between the teams is very important,” said the 36-year-old Blue Team lead.
“An attack in one area can possibly mean that the attack also happened in other sectors, so we need to share information, work together and cover all grounds.”
The training also gave the cyber defenders time to develop a dashboard which helped them detect early intrusions through anomalous cyber traffic.
“When we spot any anomalies in traffic, we will investigate further and deep dive into the network logs to pinpoint the attack.”
Think like an attacker
2nd Sergeant (2SG) Alden Wong, who was in the opposing Red Team, said that the cyber defenders exceeded his expectations in fending off their attacks.
“We did not expect them to be doing so well, so we had to adjust our attacks quite a bit,” said 2SG Wong with a laugh.
Being on the opposing team was also an eye-opener, and it allowed him to learn from his colleagues as well as industry experts from the CSA.
“I’ve learnt a lot from this experience and participating in CIDeX has taught me to better find and connect the pieces, as well as think like an attacker,” added the 22-year-old.
Securing national cyberspace
To establish close cooperation in defending Singapore’s cyberspace, a Joint Operations Agreement (JOA) between the DIS and CSA was signed on the sidelines of the exercise on 16 Nov.
Signed by Defence Cyber Chief Brigadier-General (BG) Edward Chen and CSA’s Deputy Chief Executive (Development) Gaurav Keerthi, the agreement establishes a framework for cooperation and collaboration in joint operations and capability development.
BG Chen said: “The JOA between CSA and DIS is an important step forward in institutionalising our ongoing collaboration and expanding our partnership in areas such as joint cyber training.
“By partnering in large-scale cyber exercises like CIDeX, we provide our national cyber defenders a platform to train together and strengthen our ability to protect our critical infrastructure systems in Singapore.”
ME6 Teo also said that the DIS will be looking at possibly larger-scale cyber exercises in the future with more participating agencies.
“In the field of cyber defence, we need to always be vigilant and ready in times of crisis. So we will continue to work with CSA, our partners and the WoG to make sure that our national cyberspace is safe.”