11 CII Sectors Tested on More Complex Cyber Attack Scenarios

Photo Credit: MCI

Scenarios such as a widespread compromise of industrial control systems exercised in third edition of Exercise Cyber Star

The Cyber Security Agency of Singapore (CSA) held its third edition of Exercise Cyber Star today. Exercise Cyber Star is a nationwide cyber crisis management exercise, to improve Singapore’s crisis response capabilities and readiness to respond promptly and effectively to a cyber-attack. To reflect the increasing sophistication and scale of cyber-attacks around the world, CSA as well as all 11 Critical Information Infrastructure (CII) ^[1] sector leads and their CII owners came together to test and validate their operational plans in response to complex attack scenarios.

To ensure that sectors remain ready and responsive to the fast-evolving cyber landscape, exercise scenarios were designed to provide a realistic simulation of multi-dimensional cyber threats such as Distributed Denial of Service (DDoS), Domain Name System (DNS) manipulation, phishing websites and Operational Technology (OT) compromise. Scenarios exercised included internet connectivity disruption; communications network disruption; and compromise of Industrial Control Systems (ICS). 

More than 250 exercise participants, from both public and private sector companies, took part in the exercise. Participants went through a series of complex scenario planning sessions, workshops and table-top discussions before culminating in the final exercise today where they developed and tested their incident management and remediation plans in response to these simulated attacks. This is the second time that all 11 CII sectors and CII owners have come together to be exercised. The sectors were last exercised collectively in July 2017. 

Senior Minister and Coordinating Minister for National Security, Mr Teo Chee Hean observed the exercise and interacted with exercise participants. He was accompanied by Mr S Iswaran, Minister for Communications and Information and Minister-in-Charge of Cybersecurity; and Dr Janil Puthucheary, Senior Minister of State for Communications and Information and Senior Minister of State in-charge of Cybersecurity. 

"The well-planned cyber attack on SingHealth last year shows us that Singapore is not immune. The need for our critical sectors to strengthen their cybersecurity readiness and response to cyber threats is pressing. These exercises help to enhance incident response processes and communication across sectors, and boost public and private sector cooperation, so that we can respond effectively in the event of a cyber attack."

Mr David Koh
Chief Executive, Cyber Security Agency of Singapore (CSA)

About Cyber Security Agency of Singapore
The Cyber Security Agency of Singapore (CSA) provides dedicated and centralised oversight of national cyber security functions and works with sector leads to protect Singapore’s critical services. It also engages with various industries, and stakeholders to heighten cyber security awareness as well as to ensure the holistic development of Singapore’s cyber security landscape. The Agency is part of the Prime Minister’s Office and is managed by the Ministry of Communications and Information. Information on CSA is available at www.csa.gov.sg.

^[1] Sectors responsible for the continuous delivery of essential services which Singapore relies on. The 11 critical sectors are: (1) Government, (2) Infocomm, (3) Energy, (4) Aviation, (5) Maritime, (6) Land Transport, (7) Healthcare, (8) Banking & Finance, (9) Water, (10) Security and Emergency, and (11) Media.