Singapore’s new Defence Cyber Organisation (DCO), which aims to strengthen the nation’s ability to deter current and anticipated threats in cyberspace, seems to have come not a moment too soon.
Just days before Defence Minister Ng Eng Hen announced the new organisation on March 4, the network of the Ministry of Defence (Mindef) was hacked.
While no sensitive military information was lost, the personal information of some 850 people on its “I-net” system, which is separate from servers holding classified information, was stolen.
One analyst said there was a “high probability” that the hack was state-sponsored. Others believe the attack is a sign of things to come.
Mindef has created cyberdefence roles, and soldiers are expected to be trained and in position from August this year. Both full-time national servicemen and operationally ready national servicemen with the requisite backgrounds will take on these new roles.
They will no doubt have to be on their toes, since Singapore is one of the world’s most digitally connected nations. This means that DCO’s cyberdefenders need to be equipped with the proper techniques, tactics and procedures to fight and prevail in cyberwarfare.
The Cyber Security Strategy that Singapore released last year underscored the high stakes. The document forecasts that cyberattacks on the republic’s critical information infrastructure (CII) “may have spillover effects regionally and globally”.
All over the world, governments are grappling with defining the threshold at which a cyberattack would justify the use of military force in retaliation.
Britain’s National Cyber Security Strategy indicates that the “full spectrum of our capabilities will be used to deter adversaries and to deny them opportunities to attack us”.
The strategy against cyberattacks articulated by the United States Department of Defence (DoD) mentions the “full range of tools” and adds: “To ensure unity of effort, DoD will enable combatant commands to plan and synchronise cyberoperations with kinetic operations across all domains of military operations.”
An assault on a computer network that controls infrastructures such as ports, power or water supplies, or a country’s banking system could be as devastating as a conventional military attack.
Yet cyberwarfare is a relatively new battleground, so there is no international agreement on what constitutes proportionate response to various levels of attack.
Singapore is well aware that much work is needed on this front. Minister for Defence Ng told parliament last Friday: “The DCO will have about 2,600 soldiers [devoted to cyberwarfare], supported by scientists and engineers ... this is a significant build-up from the current numbers and reflects the importance of this new battlefront.”
That number represents about half the current troop levels in the Singapore Army’s nine active infantry battalions.
Defence planners also need to be vigilant to tell when a cyberattack crosses the threshold from an inconvenience to a public threat – one with a more sinister endgame aimed at knocking out vital infrastructure as a prelude to a conventional attack.
With digital systems now in complete control of vital analogue operations, those charged with defence must be prepared when enemies come not by land or sea, but rather descend from a “cloud”.
David Boey, a former defence correspondent of The Straits Times, is a member of the Advisory Council on Community Relations in Defence