11 CII Sectors Tested on More Complex Cyber Attack Scenarios

Photo Credit: MCI

Scenarios such as a widespread compromise of industrial control systems exercised in third edition of Exercise Cyber Star

1           The Cyber Security Agency of Singapore (CSA) held its third edition of Exercise Cyber Star today. Exercise Cyber Star is a nationwide cyber crisis management exercise, to improve Singapore’s crisis response capabilities and readiness to respond promptly and effectively to a cyber-attack. To reflect the increasing sophistication and scale of cyber-attacks around the world, CSA as well as all 11 Critical Information Infrastructure (CII)^[1] sector leads and their CII owners came together to test and validate their operational plans in response to complex attack scenarios.

2           To ensure that sectors remain ready and responsive to the fast-evolving cyber landscape, exercise scenarios were designed to provide a realistic simulation of multi-dimensional cyber threats such as Distributed Denial of Service (DDoS), Domain Name System (DNS) manipulation, phishing websites and Operational Technology (OT) compromise. Scenarios exercised included internet connectivity disruption; communications network disruption; and compromise of Industrial Control Systems (ICS). 

3           More than 250 exercise participants, from both public and private sector companies, took part in the exercise. Participants went through a series of complex scenario planning sessions, workshops and table-top discussions before culminating in the final exercise today where they developed and tested their incident management and remediation plans in response to these simulated attacks. This is the second time that all 11 CII sectors and CII owners have come together to be exercised. The sectors were last exercised collectively in July 2017. 

4           Senior Minister and Coordinating Minister for National Security, Mr Teo Chee Hean observed the exercise and interacted with exercise participants. He was accompanied by Mr S Iswaran, Minister for Communications and Information and Minister-in-Charge of Cybersecurity; and Dr Janil Puthucheary, Senior Minister of State for Communications and Information and Senior Minister of State in-charge of Cybersecurity. 

^[1] Sectors responsible for the continuous delivery of essential services which Singapore relies on. The 11 critical sectors are: (1) Government, (2) Infocomm, (3) Energy, (4) Aviation, (5) Maritime, (6) Land Transport, (7) Healthcare, (8) Banking & Finance, (9) Water, (10) Security and Emergency, and (11) Media.

"The well-planned cyber attack on SingHealth last year shows us that Singapore is not immune. The need for our critical sectors to strengthen their cybersecurity readiness and response to cyber threats is pressing. These exercises help to enhance incident response processes and communication across sectors, and boost public and private sector cooperation, so that we can respond effectively in the event of a cyber attack."

Mr David Koh
Chief Executive, Cyber Security Agency of Singapore (CSA)

About the Cyber Security Agency of Singapore

Established in 2015, the Cyber Security Agency of Singapore (CSA) seeks to keep Singapore’s cyberspace safe and secure to underpin our Nation Security, power a Digital Economy and protect our Digital Way of Life. It maintains an oversight of national cybersecurity functions and works with sector leads to protect Singapore’s Critical Information Infrastructure. CSA also engages with various stakeholders to heighten cyber security awareness, build a vibrant cybersecurity ecosystem supported by a robust workforce, pursue international partnerships and drive regional cybersecurity capacity building programmes.

CSA is part of the Prime Minister’s Office and is managed by the Ministry of Digital Development and Information. For more news and information, please visit www.csa.gov.sg.