Singapore’s CSA conducts Exercise Cyber Star to test response of 11 critical sectors to complex cyber-attack scenarios

Cyber Security Agency of Singapore publishes CCoP 2.0 with regulations for owners of critical information infrastructure

Last Friday, the Cyber Security Agency of Singapore (CSA) conducted the fifth iteration of Exercise Cyber Star (XCS23) to evaluate and enhance Singapore’s crisis response capabilities, ensuring a swift and efficient response to cyberattacks. The Singapore Armed Forces’ Digital and Intelligence Service actively joined forces in XCS23. The exercise witnessed the active participation of over 450 individuals, including CSA personnel and representatives from the 11 critical information infrastructure (CII) sector leaders and owners, collectively contributing to the success of XCS23.

The CII sectors are aviation, banking and finance, energy, government, healthcare, info-communications, land transport, maritime, media, security and emergency, and water. This year’s exercise tested cross-sector incident management and emergency response plans for a wider range of attack scenarios on critical sectors using operational technology (OT) systems with a cyber-physical impact on essential service delivery. 

Exercise Cyber Star is a nationwide cyber crisis management exercise to improve Singapore’s crisis response capabilities and readiness to respond promptly and effectively to a cyber-attack.

“An attack on critical sectors would have a significant impact on Singapore and our people,” David Koh, chief executive of CSA, said in a media statement. “Safeguarding our CII sectors is a national priority. CSA will continue to work with CII sectors and organisations to improve their cyber resiliency so that we are not just able to respond to a cyber-attack, but can recover quickly as well.”

Teo Chee Hean, senior minister and coordinating minister for national security observed the exercise and interacted with exercise participants. He was accompanied by Josephine Teo, minister for communications and information and minister-in-charge of cybersecurity; and Dr Janil Puthucheary, senior minister of state for communications and information.

Cyber threats evolve constantly and are growing in scale and sophistication. In particular, cyber-attacks on industrial OT systems in critical sectors, such as info-communications, energy, and water can have knock-on effects on other sectors for the delivery of essential services that are vital for the country’s economy and society. Ransomware attacks targeting critical sectors like energy, maritime, and healthcare continue to pose a significant concern globally. 

In June, the agency identified that ever since the computer worm Stuxnet disabled Iran’s Internet-disconnected Natanz nuclear facility in 2010, threat actors have been researching and refining similar methods to strike targets. Given the high potential for disruption and destruction, they are widely regarded as national security concerns, the agency outlines that such threats have come a long way in the 13 years since Stuxnet first crossed the theoretical barrier that divided the cyber and physical worlds.

To ensure that all sectors remain responsive and coordinated in the event of a national cyber crisis, the sectors were exercised under XCS23 on numerous complex scenarios which included distributed denial-of-service (DDoS) attacks, ransomware attacks, phishing campaigns, and malicious exploits targeting Internet-based resources, corporate networks, and industrial control systems (ICS). Sectors were tested on their responses to attacks resulting in water supply disruption, large-scale power outages, data leaks, and communications network failure. 

CSA disclosed that this year, a new technical component, ‘Grid NetWars,’ was incorporated. Conducted in partnership with the SANS Institute, Grid NetWars required participants to use their technical skills to tackle a series of hands-on cybersecurity challenges involving ICS technologies commonly found in sectors, such as energy and water. 

CSA led the incident management and response for Exercise Cyber Star, with CII stakeholders working together through information sharing and knowledge exchange to respond to the cyber-attacks. “Processes pertaining to crisis response and recovery were practised and reviewed to ensure that critical systems could be restored as quickly as possible. The final component of the exercise was conducted today where exercise participants presented their incident management and remediation plans to CSA,” it disclosed. 

“A secure and reliable power supply is essential to our daily life and economy. With increasing digitalisation of the power sector which will bring greater efficiencies, it is also important to safeguard the power sector’s critical information infrastructure (CII) from cybersecurity threats that are constantly evolving,” Yeo Lai Hin, senior director for land and security department at Energy Market Authority, said. “With Exercise Cyber Star, it enables our cybersecurity specialists/engineers to work with other experts in this field to test and enhance crisis response measures to counter potential threats that may disrupt our power systems and networks.” 

“The telecommunication and media sectors play an important role in enabling Singaporeans to live, work and play. Thus, it is important that we ensure that both sectors are resilient and well protected against cyber threats,” Tony Lim, cluster director for resilience and cybersecurity Group at Infocomm Media Development Authority, identified. “Exercises such as Exercise Cyber Star provide us with opportunities to test and improve coordination and the linkages within our sectors, as well as with other sectors, to help identify and address ways to improve in how we proactively defend our infrastructure and leverage threat intelligence. This will ultimately allow IMDA and our sectors to guard against and respond effectively to any cyber-attack.”

During the Operational Cybersecurity Expert Panel (OTCEP) Forum in August 2023, Teo said that technologies like artificial intelligence (AI) and quantum computing, while exciting, also make the cyber threat landscape more challenging to navigate. She added that the OT cybersecurity sector has seen more than its fair share of disruption, as these systems were traditionally placed in protected environments, managed and monitored separately from Internet-facing IT systems.

“However, in recent years, digitalisation has accelerated in the OT industry, with more companies tapping on IT solutions to streamline and enhance the efficiency of their work processes,” Teo observed. “Unfortunately, the same technologies that enable OT operators to readily control their systems via a web interface can also allow bad actors to hijack OT systems and manipulate them to cause damage and destruction.”

Related