Cyber Defenders

Cyber Defenders

Singapore builds a world-class force of network guardians

Maj. Edwin Chua/Singapore Defence Cyber Organisation

The third-generation Singapore Armed Forces (SAF) possesses leading-edge capabilities that are networked together as an integrated fighting system. However, the networks that are the tendons of Singapore’s force can become an Achilles’ heel if the country cannot defend its networks and interests in cyberspace. To protect these interests, the Ministry of Defence, Singapore, has established the Defence Cyber Organisation.


When Singapore achieved independence in 1965, we needed to quickly build up the SAF to provide for our basic defense. The priority of the first-generation SAF was to build up the Army, Navy and Air Force. Subsequently, the second-generation SAF in the 1980s and 1990s focused on modernizing the military’s capabilities to decisively defeat any would-be aggressor. The SAF’s third-generation transformation started in the early 2000s and leveraged new military technology and the concepts of network-centric operations — precision strike, unmanned capabilities, and most of all, computers and communications systems, to establish an advanced networked force.

Singapore Defence Minister Dr. Ng Eng Hen heralded the start of the country’s Defence Cyber Organisation in March 2017. It is expected to grow to employ 2,600 people during the next decade. REUTERS

Today, the SAF has developed leading-edge hardware, networked as an integrated fighting system. Our Soldiers make use of networks to sense faster, maneuver forces effectively and apply firepower precisely across the battlefield. One example is Exercise Forging Sabre, an integrated live-fire strike exercise conducted every two years at the Barry M. Goldwater Training Area in Arizona in the United States. The latest exercise in 2015 saw the involvement of unmanned aerial vehicles (UAVs), special forces on the ground, an integrated air-land command post and F-15 and F-16 fighter jets. These forces networked in real time to deliver precision strikes onto multiple mobile targets nearly simultaneously.


Datalink and warfighting networks are key enablers of the SAF’s transformational capabilities. However, our reliance on these networks can also present a critical vulnerability. We can draw comparisons to the civilian world, where the internet, which connects the world and allows people to improve how they live, work and play, can also create opportunities for exploitation by malicious elements. The proliferation of the internet and internet-connected devices has created vulnerabilities that hackers can exploit to attack government agencies, private organizations and individuals. One example is the WannaCry ransomware attack. During a single weekend in May 2017, WannaCry affected more than 220,000 computer systems in 150 countries and severely disrupted the United Kingdom’s National Health Service. This disruption affected hospitals around the country and inhibited the provision of critical medical care to needy patients.

The scale and scope of the WannaCry attack also illustrate an important point about the global reach of the cyber threat. Unlike conventional military capabilities, which are limited by geography and physics, cyber threats are not bound by physical restrictions — they can originate from anywhere in the world and can have global reach. No military can afford to fall prey to cyber threats and have their capabilities and platforms held ransom over the internet.

It is because of the emergence of this new global threat that Singapore’s Ministry of Defence (MINDEF) adopted a multilevel approach to cyber defense, including physical separation between the internet and our internal and operational networks. However, a passive cyber defense posture is not sufficient to protect MINDEF and the SAF from all cyber threats. We also need to proactively develop and implement solutions to protect our networks from cyber intrusions, monitor our cyber defenses and networks 24/7 and coordinate responses to cyber attacks.


To protect our networks, MINDEF created the Cyber Defence Operations Hub in 2013. Since then, the risk of cyber threats continued to grow rapidly. We are also seeing more cyber threats that attack not just the government network directly, but also search for weak spots in the defense industry and military-related organizations. This could lead to the loss of sensitive defense information or affect military operations.

Singaporean Minister for Defence Dr. Ng Eng Hen announced in March 2017 the establishment of the Defence Cyber Organisation (DCO) to secure against cyber attacks for the entire defense cluster, including the SAF, defense industry partners and other related organizations. The DCO will consist of four formations across MINDEF/SAF, namely: the Cyber Security Division, the Policy and Plans Directorate, the Cyber Security Inspectorate and the Cyber Defence Group. Its mission is to lead efforts to secure defense networks and systems and overcome any cyber attacks decisively to maintain continuity of operations.

The Cyber Security Division is the operational arm of the DCO, providing day-to-day oversight of the cyber security of each of the individual defense sectors and responding to attacks. The Policy and Plans Directorate is the architect for the overall cyber defense development plan and will lead efforts to foster greater international engagement and collaboration for cyber defense. The Cyber Security Inspectorate will strengthen cyber defenses through vulnerability assessment exercises as well as ensuring that each entity adheres to established cyber security policies. The 24/7 cyber defense of the SAF’s operational networks will be undertaken by the Cyber Defence Group, which will enhance the robustness and resilience of the SAF’s military networks and systems against cyber threats, thereby strengthening warfighting capabilities.

The DCO will also contribute to national cyber security. One feature of the digital domain is that conventional labels such as “homeland security” and “external defense” may no longer apply. After all, the internet is borderless, and attacks can originate from anywhere with the point of origin masked. Furthermore, attacks against civilian critical infrastructure such as power grids and transportation networks can have implications for civilian and defense sectors. In recognition of the cross-cutting effects of cyber attacks, as a pilot project, Singapore will deploy some of its cyber defenders from MINDEF to support the national Cyber Security Agency in defending civilian critical information infrastructure.

A Cisco employee staffs the company booth during Singapore International Cyber Week 2016. The annual event brings private companies and government officials together to forge cyber security partnerships. AFP/GETTY IMAGES

The DCO will also lead the engagement of like-minded partners to strengthen collective cyber defense. In the cyber domain, no single country or organization can defeat transnational cyber threats on its own. Therefore, we will enhance our knowledge and capabilities through staff visits, operational sharing and training and exercises with international partners.

As part of Singapore’s effort to support international cyber norms, we will also facilitate open discussion on common cyber security issues and challenges and foster cyber security confidence and capacity-building developments. These discussions will support the development of international cyber norms and rules, which are an important area in which governments can cooperate to make cyberspace more stable and secure.


The work of the DCO will need to be supported by an expanded cyber workforce. It will consist of military professionals and national service members and is envisioned to grow to 2,600 personnel during the next 10 years. To meet the increased requirement for cyber defenders, we have created new cyber defense vocations for national service members. These vocations will allow us to tap into a wider pool of cyber talent available within Singapore to defend networks and systems.

Cyber defenders will need a high level of cyber skills and talent to defend against threats from anywhere in the world. Thus, we need world-class cyber defenders. Students who have demonstrated cyber talent, either through academic courses or through participation in cyber competitions, will be identified and invited to take selection tests. Those who are found suitable will have an opportunity to serve in cyber defense.

Cyber defenders can be expected to perform as Security Operations Centre (SOC) operators, incident responders and forensic investigators. SAF will deploy SOC operators to monitor critical networks and systems around the clock to detect anomalies and flag potential attacks. SAF will train incident responders to act rapidly to contain any incident and minimize its impact on SAF networks. In the aftermath of an incident, forensic investigators will analyze the data and discover patterns of activities that could allow us to better defend our networks against future attacks.

To strengthen our cyber defender training systems, MINDEF is leveraging commercial partners and Singapore’s education system. We have signed a cyber defense training memorandum of understanding (MOU) with Singapore Technologies Electronics (Info-Security) and Nanyang Polytechnic. The MOU will foster a tripartite partnership for cyber defense training in six areas: provision of specialized courses, which are internationally accredited and in line with industry benchmarks; co-development of customized cyber defense curriculum; industrial attachments; collaborative research and development; development of a professional network; and facilitation of information sharing.


The SAF today has a superior edge in its warfighting capabilities based on effective use of networks and networked warfighting concepts. This reliance on networks is expected to grow as we move toward the next generation of fighting platforms and systems. Without cyber defense, the networks that connect our fighting forces will become a critical vulnerability for any potential aggressor to exploit. Unlike conventional threats, which are limited to some extent by geography, the cyber domain is not restricted geographically, and threats can come from anywhere. The DCO will need to rapidly build up its strength and capabilities. To do so, it will tap into the national pool of cyber talent through conscription. Ultimately, cyber defense will be a key enabler for a technologically advanced, capable and networked SAF.