On July 18, the Cyber Security Agency of Singapore (CSA) held the second run of Exercise Cyber Star on a whole-of-government basis to test Singapore’s cyber incident management and emergency response plans.
For the first time, the scope of Exercise Cyber Star was expanded to cover all 11 designated Critical Information Infrastructure (CII) sectors in Singapore. In the first multi-sector exercise conducted in March 2016, four of the eleven critical sectors were involved, namely the Banking and Finance, Energy, Government, and Infocomm sectors. In today’s exercise, the other seven sectors, Aviation, Healthcare, Land Transport, Maritime, Media, Security & Emergency and Water were also exercised.
The exercise consisted of a series of complex scenario planning sessions, workshops and table-top discussions, culminating in the final exercise today.
More than 200 participants, comprising sector leads and CII owners from the eleven sectors participated in the exercise. The exercise scenarios covered different types of cyber-attacks targeting essential services, including web defacement, wide-spread data exfiltration (the unauthorised copying, transfer or retrieval of data from a computer or server) malware infections, ransomware hits, Distributed Denial of Services (DDoS) attacks and cyber-physical attack. Exercise participants developed and tested their incident management and remediation plans in response to these simulated attacks.
Deputy Prime Minister and Coordinating Minister for National Security, Mr. Teo Chee Hean observed the exercise and interacted with exercise participants. He was accompanied by Minister for Communications and Information and Minister-in-Charge of Cybersecurity, Dr. Yaacob Ibrahim, and Senior Minister of State for Communications and Information and Education, Dr Janil Puthucheary.
Deputy Prime Minister Teo, Minister Yaacob and Senior Minister of State Janil were briefed on the exercise. They observed the technical competencies of the National Cyber Incident Response Teams (NCIRTs), as they were put through a technical validation exercise in a cyber range. The NCIRTs are currently drawn from the incident response teams from CSA, the Government Technology Agency of Singapore (GovTech), Ministry of Home Affairs (MHA) and Ministry of Defence (MINDEF). They are part of the Tier 1 (for cyber campaigns that threaten national security) and Tier 2 (or cyber attacks on a sector) response under the national cyber response plan.
Mr David Koh, Chief Executive of CSA, said, “These exercises are important in bringing all our critical sectors together to strengthen our incident response plans and enable better cross-sector coordination. With greater interconnectivity, and proliferation of cyber threats, the ability of our critical sectors to respond promptly to attacks is vital.”
Last week, the Ministry of Communications and Information (MCI) and CSA issued an invitation to the public to provide feedback on a proposed Cybersecurity Bill. The public consultation will run till August 3, 2017. There is a strong focus on defending CIIs, in the draft legislation, which formalises the duties of CII owners in ensuring the cybersecurity of their respective CIIs. The proposed bill also provides CSA with specific powers to manage and respond to cybersecurity threats and incidents.