Nationwide Cyber Crisis Management Exercise to Test 11 Critical Sector’s Response to Complex Cyber-attack Scenarios

Published on 22 Sep 2023

More scenarios tested including widespread compromise of operational technology systems and ransomware attacks

SINGAPORE, 22 September 2023  –  The Cyber Security Agency of Singapore (CSA) held its fifth edition of Exercise Cyber Star (XCS23) today. Exercise Cyber Star is a nationwide cyber crisis management exercise to improve Singapore’s crisis response capabilities and readiness to respond promptly and effectively to a cyber-attack. This year’s exercise tested cross-sector incident management and emergency response plans for a wider range of attack scenarios on critical sectors using operational technology (OT) systems that have cyber-physical impact on essential service delivery. 

2      More than 450 participants from CSA and the 11 Critical Information Infrastructure (CII) sector leads and owners took part in XCS23. The CII sectors are Aviation, Banking and Finance, Energy, Government, Healthcare, Info-communications, Land Transport, Maritime, Media, Security and Emergency, and Water. The Singapore Armed Forces’ Digital and Intelligence Service also participated in XCS23. 

3      Cyber threats evolve constantly and are growing in scale and sophistication. In particular, cyber-attacks on industrial OT systems in critical sectors such as Info-communications, Energy and Water can have knock-on effects on other sectors for the delivery of essential services that are vital for our economy and society. Ransomware attacks targeting critical sectors like Energy, Maritime and Healthcare continue to pose a significant concern globally.     

4      To ensure that all sectors remain responsive and coordinated in the event of a national cyber crisis, the sectors were exercised under XCS23 on a wider number of complex scenarios which included distributed denial-of-service attacks, ransomware attacks, widespread phishing campaigns as well as malicious exploits targeting Internet-based resources, corporate networks, and industrial control systems (ICS). Sectors were tested on their responses to attacks resulting in water supply disruption, large-scale power outages, data leaks and communications network failure. 

5      This year, a new technical component, “Grid NetWars”, was incorporated. Conducted in partnership with the SANS Institute, “Grid NetWars” required participants to use their technical skills to tackle a series of hands-on cybersecurity challenges involving ICS technologies commonly found in sectors such as Energy and Water. 

6      CSA led the incident management and response for Exercise Cyber Star, with CII stakeholders working together through information sharing and knowledge exchange to respond to the cyber-attacks. Processes pertaining to crisis response and recovery were practised and reviewed to ensure that critical systems could be restored as quickly as possible. The final component of the exercise was conducted today where exercise participants presented their incident management and remediation plans to CSA. 

7      Senior Minister and Coordinating Minister for National Security, Mr Teo Chee Hean observed the exercise and interacted with exercise participants. He was accompanied by Mrs Josephine Teo, Minister for Communications and Information and Minister-in-Charge of Cybersecurity; and Dr Janil Puthucheary, Senior Minister of State for Communications and Information.

8      Mr David Koh, Chief Executive, CSA said, “An attack on critical sectors would have a significant impact on Singapore and our people.  Safeguarding our CII sectors is a national priority. CSA will continue to work with CII sectors and organisations to improve their cyber resiliency so that we are not just able to respond to a cyber-attack, but can recover quickly as well.” 

Quotes from CII Sector Leads

“A secure and reliable power supply is essential to our daily life and economy. With increasing digitalisation of the power sector which will bring greater efficiencies, it is also important to safeguard the power sector’s critical information infrastructure (CII) from cybersecurity threats that are constantly evolving. With Exercise Cyber Star, it enables our cybersecurity specialists/engineers to work with other experts in this field to test and enhance crisis response measures to counter potential threats that may disrupt our power systems and networks.” 

Mr Yeo Lai Hin, Senior Director (Land and Security Department)

Energy Market Authority

“The telecommunication and media sectors play an important role in enabling Singaporeans to live, work and play. Thus, it is important that we ensure that both sectors are resilient and well protected against cyber threats. Exercises such as Exercise Cyber Star provide us with opportunities to test and improve coordination and the linkages within our sectors, as well as with other sectors, to help identify and address ways to improve in how we proactively defend our infrastructure and leverage threat intelligence. This will ultimately allow IMDA and our sectors to guard against and respond effectively to any cyber-attack.”

Mr Tony Lim, Cluster Director, Resilience and Cybersecurity Group
Infocomm Media Development Authority

About Cyber Security Agency of Singapore

Established in 2015, the Cyber Security Agency of Singapore (CSA) seeks to keep Singapore’s cyberspace safe and secure to underpin our Nation Security, power a Digital Economy and protect our Digital Way of Life. It maintains an oversight of national cybersecurity functions and works with sector leads to protect Singapore’s Critical Information Infrastructure. CSA also engages with various stakeholders to heighten cyber security awareness, build a vibrant cybersecurity ecosystem supported by a robust workforce, pursue international partnerships and drive regional cybersecurity capacity building programmes. 

CSA is part of the Prime Minister’s Office and is managed by the Ministry of Communications and Information. For more news and information, please visit

About SANS Institute 

SANS Institute is the world's largest provider of cyber security training. For over twenty-five years, SANS has provided cutting edge training to governments and organisations across the world. Technology may have changed in that time, but SANS' core mission has remained constant: to protect through sharing cyber security knowledge and skills. SANS offers over 60 cyber security courses, operates across dozens of countries and has over 200,000 alumni. SANS training is built around a promise: students will be able to put into practice what they've learned as soon as they get back to their desk.

Grid NetWars is focused on industrial control systems (ICS) and operational technology (OT). The scenarios are designed around the complex nature of distributed wide-area control systems found in critical infrastructure sectors such as electric system operations. Utilising a variety of real-world technologies found in electrical generation and distribution systems, the challenges are themed to the power system scenario, though the technology, protocols, architectures, and lessons learned are applicable across numerous critical infrastructure sectors beyond the electric sector. The suite of hands-on, interactive learning scenarios are focused on enabling security professionals to develop, test, and master the real-world, in-depth skills needed to defend real-time systems.

Report a Cybersecurity Incident

SingCERT encourages the reporting of cybersecurity incidents as it enables us to better understand the scope and nature of cyber incidents in Singapore. This will enable us to issue alerts or advisories on relevant threats, and assist a broader range of individuals and organisations.
Report Incident