Digital and Intelligence Service takes part in first cyber defence exercise with national agencies

Actions /web/wcm/connect/pioneer/4556bbc2-9291-496e-b9eb-af10420bb4d4/pnr16nov22_photo_1.jpg?MOD=AJPERES&CACHEID=ROOTWORKSPACE.Z18_1QK41482LG0G10Q8NM8IUA1051-4556bbc2-9291-496e-b9eb-af10420bb4d4-oi08QzO /web/portal/pioneer/article/regular-article-detail/ops-and-training/2022-Q4/16nov22_news1
16 Nov 2022 | OPS & TRAINING

Digital and Intelligence Service takes part in first cyber defence exercise with national agencies

Story by Teo Jing Ting // Photos by Chua Soon Lye

English 华文
(From left) ME5 Eugene Tay, ME6 William Teo and 2SG Alden Wong were among more than 100 participants from the DIS and 16 national agencies who took part in the inaugural CIDeX.

Poisoning a water treatment plant, ceasing water distribution and cutting off its power supply. These were the attacks that 55 cyber defenders were fending off over a two-day period on 15 and 16 Nov.

Participants from the Singapore Armed Forces’ (SAF’s) Digital and Intelligence Service (DIS) and various national agencies took on roles as cyber defenders – also known as the Blue Team – to defend the exercise’s digital infrastructure, which comprised a water treatment plant, a water distribution plant and a power grid system.

Their enemy? A team of cyber attackers (the Red Team) made up of both DIS and Cyber Security Agency of Singapore (CSA) personnel.

Held from 15 to 16 Nov at the National University of Singapore (NUS) School of Computing, the inaugural Critical Infrastructure Defence Exercise (CIDeX) involved over 100 participants from the DIS and 16 other national agencies across the Critical Information Infrastructure sectors.

These included the Land Transport Authority; Maritime and Port Authority of Singapore; PUB; Sembcorp; Senoko Energy; SingTel; SMRT Corporation and ST Engineering.

During the CIDeX, participants from the DIS and national agencies underwent realistic training in defending cyber networks as well as monitoring, detecting and tackling cyberattacks.

Speaking to the media on at NUS on 16 Nov, Chief of Defence Force Lieutenant-General Melvyn Ong said that the CIDeX is a step in the right direction to better deal with threats in the digital space.

“The CIDeX allows industries, government agencies and private sectors to come together to work on common issues that threaten all of us, especially in the area of critical infrastructure. It is extremely important that we work together, talk more and exercise together.”

Realistic training for cyber defenders

Supported by CSA, iTrust/Singapore University of Technology and Design as well as the National Cybersecurity R&D Laboratory, CIDeX is the largest Operational Technology (OT) Critical Infrastructure defence exercise focused on training and strengthening WoG cyber capabilities to detect and tackle cyber security threats to Information Technology and OT networks that control the operations of critical infrastructure.

This is also the first exercise that the DIS is taking part in, since its inauguration on 28 Oct.

Head of Organising Secretariat for CIDeX, Military Expert (ME) 6 William Teo said: “We want to give our cyber defenders a realistic experience of what it is like to defend the nation when we are under cyberattack.

“We need to train them to be ready in times of crisis…because defending the nation is our core business.”

ME5 Tay (in uniform, standing) felt that the CIDeX allowed him to build rapport with his counterparts and learn from one another.

Building rapport

To prepare them for the exercise, the participants went for a three-day hands-on training programme at the SAF’s enhanced Cyber Defence Test and Evaluation Centre at Stagmont Camp to develop and hone their cyber defence competencies.

“Besides honing their skills, we also want them to build rapport as cyber defence is a team sport,” said ME6 Teo, 45.

For ME5 Eugene Tay, the three-day training not only helped him to dive deep into the tools and protocols required of a cyber defender, it also gave him an opportunity to bond with personnel from other agencies and understand one another’s strengths.

“The network is very big and everyone has to focus on different areas, so communication between the teams is very important,” said the 36-year-old Blue Team lead.

“An attack in one area can possibly mean that the attack also happened in other sectors, so we need to share information, work together and cover all grounds.”

The training also gave the cyber defenders time to develop a dashboard which helped them detect early intrusions through anomalous cyber traffic.

“When we spot any anomalies in traffic, we will investigate further and deep dive into the network logs to pinpoint the attack.”

A DIS cyber defender (sitting, centre) brainstorming with his fellow team members on how to fend off the attacks.

Think like an attacker

2nd Sergeant (2SG) Alden Wong, who was in the opposing Red Team, said that the cyber defenders exceeded his expectations in fending off their attacks.

“We did not expect them to be doing so well, so we had to adjust our attacks quite a bit,” said 2SG Wong with a laugh.

Being on the opposing team was also an eye-opener, and it allowed him to learn from his colleagues as well as industry experts from the CSA.

“I’ve learnt a lot from this experience and participating in CIDeX has taught me to better find and connect the pieces, as well as think like an attacker,” added the 22-year-old.

BG Chen (second from left) and Mr Keerthi (second from right) signed the CSA-DIS JOA on the sidelines of CIDeX. With them are Chief of Digital and Intelligence Service (CDI) BG Lee Yi-Jin (far left) and Chief Executive of CSA David Koh

Securing national cyberspace

To establish close cooperation in defending Singapore’s cyberspace, a Joint Operations Agreement (JOA) between the DIS and CSA was signed on the sidelines of the exercise on 16 Nov.

Signed by Defence Cyber Chief Brigadier-General (BG) Edward Chen and CSA’s Deputy Chief Executive (Development) Gaurav Keerthi, the agreement establishes a framework for cooperation and collaboration in joint operations and capability development.

BG Chen said: “The JOA between CSA and DIS is an important step forward in institutionalising our ongoing collaboration and expanding our partnership in areas such as joint cyber training.

“By partnering in large-scale cyber exercises like CIDeX, we provide our national cyber defenders a platform to train together and strengthen our ability to protect our critical infrastructure systems in Singapore.”

ME6 Teo also said that the DIS will be looking at possibly larger-scale cyber exercises in the future with more participating agencies.

“In the field of cyber defence, we need to always be vigilant and ready in times of crisis. So we will continue to work with CSA, our partners and the WoG to make sure that our national cyberspace is safe.”

Suggested Reading
Finding their way into DIS
Finding their way into DIS

One was inspired to become a soldier after attending her former students' Basic Military Training (BMT) graduation parades; the other is carrying on the legacy of his late father, who was a warrant officer in the Singapore Armed Forces (SAF). Military Expert (ME) 4 Evon Khoo and ME4 Kaviraj S/O Anbalagan show that it's never too late to find your calling or chase your passion.

Pioneer batch of DIS specialists graduate Feature
Pioneer batch of DIS specialists graduate

Among the DIS graduands is 3SG Philemon Tei, who had to cope with the loss of a loved one during training but eventually emerged as a Silver Bayonet recipient.

SAF sets up new Digital and Intelligence Service Feature
SAF sets up new Digital and Intelligence Service

This fourth Service will focus on building cyber capabilities and defend Singapore from evolving and increasingly complex threats in the digital domain.

SAF to sharpen capabilities & ramp up training, digitalisation efforts: Dr Ng Feature
SAF to sharpen capabilities & ramp up training, digitalisation efforts: Dr Ng

Defence minister Dr Ng Eng Hen outlines plans for the Singapore Armed Forces (SAF) to stay vigilant against heightened security threats, in his annual SAF Day interview on 30 Jun.

SAF's fourth Service to defend Digital domain
Cover story
SAF's fourth Service to defend Digital domain

The Digital and Intelligence Service will be set up by the last quarter of 2022, to defend against attacks in the cyber domain and help the Singapore Armed Forces fight better as a networked force.