CDF

PS(DD)

CDI

Distinguished Guests

Guardians,

Let me wish everyone a good afternoon. It is a good day because, we gather here to mark a significant milestone, as you saw in the video, for the Digital and Intelligence Service (DIS), as we inaugurate two new Commands – the SAF C4 and Digitalisation Command or SAFC4DC, as well as the Defence Cyber Command or DCCOM (“D-C-COM”).

THE CHANGING LANDSCAPE OF THE DIGITAL DOMAIN

Two weeks ago, I announced at our Committee of Supply (COS) in Parliament that the DIS, first set up in 2022, three years ago, is now ready to set up two Commands that we are inaugurating today. It is useful to study public reactions to announcements, not only for the DIS, but MINDEF and the Singapore Armed Forces (SAF) and the whole-of-government, because it tells us the reactions of the public, and tells us whether they think we are on the right track in protecting Singapore, whether we are doing enough, whether we are doing too little or too much, and whether our efforts are rightly placed. Well, what were the reactions to the two announcements?

First, there was low online chatter. That is how we monitor, we see graphically, whether it spikes up or not. Low online chatter to me is a good sign. In the advent of social media, the public reacts stronger to mistakes made or if they are uncertain if moves are needed. A quiet affirmation is welcomed, but some individual comments did capture the sentiments. One individual expressed relief that the SAF is embracing new technology and that it is crucial that we remain vigilant and fully capable of defending ourselves, never caught off-guard. Another said that the SAF is not a given, especially for a resource-poor nation like Singapore.

I think these public reactions are gratifying because ultimately the SAF is set up to protect Singapore and its citizens. What we do must give confidence to Singapore and Singaporeans that the SAF is protecting.

I think we would have had a stronger negative reaction if the SAF had stood still, even as digital threats increase exponentially. Just imagine, that if we did not set up these Commands, or for that matter the DIS, as a fourth service. I suspect that in that situation, questions and doubts would arise, if the SAF and Singapore can protect against digital attacks.

But the corollary is also true – that Singaporeans will hold the SAF accountable if our digital backbone is disabled by cyberattacks from an external aggressor. As you heard from the CEO of the Cyber Security Agency of Singapore (CSA), the border for IT between civilian and military is not clear cut. In fact, it is very porous. Just as we discovered during the threat of terrorism, the public expects the investments into our defence budget to also deal with these emerging external threats. The SAF must step up to this challenge to protect our digital backbone and critical IT infrastructures. Various Government agencies must work together to deal with the digital threats, that is a process requirement, but that is not an accountability requirement. The responsibility and accountability to deal with threats from an external source – kinetic or non-kinetic falls squarely on the SAF, never mind the division of labour between agencies, because when something happens, I assure you, fingers will be pointed our way.

That is why in my COS speech, I made clear that the mission and accountability of these two new Commands – what they were. The set up of the DIS and the two new Commands today is timely. We have seen an alarming increase in the frequency, sophistication and scale of cyber threats. Cyber threat actors have refined their methods, used advanced techniques – they also use AI, zero-day exploits and ransomware to target critical infrastructure in healthcare, energy and government sectors. Even our own security sector is not immune to these threats. Remember in 2017, MINDEF and the SAF had a breach in our portals used by NSmen and staff. Recently, the HomeTeamNS was targeted by a ransomware attack, affecting servers that contained employees’ and members’ data. These attacks were limited in effect, because these were the systems that were meant to be outward-facing to be used by NSmen when they come in during In-Camp Training – they were separated from our operational system, so when these systems were compromised they did not degrade capabilities or performance for either the SAF or Home Team. Nevertheless, they remind us that there are activists out there, both state and non-state actors, that probe vulnerabilities in our digital defences.

Hackers are now able to exploit vulnerabilities even faster than before. In 2018 and 2019, it took an average of about two months for them to develop a malware to infiltrate systems, but by 2023, it takes just five days – I suppose, for the average hacker. I do not know where they got this reference, and what type of hacker, but reports also suggest Generative AI (GenAI) as well. It could accelerate cyberattacks. I suppose you could type in a prompt and say, “generate a malware to attack a particular system”, and AI may write the programme for you, and then teach you how to introduce it into this system. The experts say that AI can now reduce the time to exploit vulnerabilities – I said now it takes five days for hackers, but with AI, they can do it in minutes. These trends clearly illustrate why Singapore, and all other countries need to safeguard our critical infrastructure. All these challenges mean that the DIS and the two Commands have their work cut out for them.

At the same time, the SAF can harness digital technologies to help us in our mission. We have already begun to tap on Cloud computing, 5G and AI systems. In this effort, we want to ensure that we are not enticed by hype or false hope. Not only does it waste resources and money, but it wastes time and effort. There are huge commercial interests to be gained by providers, but as we have done in the past, I think MINDEF and the SAF must be the smart and sophisticated buyers, to ensure that our resources on precious dollars and time are justified. The DIS’ job is to guide the SAF in applying the right tools for the appropriate task.

THE INAUGURATION OF SAFC4DC AND DCCOM

The inauguration of the SAFC4DC and DCCOM will enable the SAF to fulfil these mentioned goals.

The SAFC4DC will bring under its command the Digital Ops-Tech Centre, and establish the SAF AI Centre, alongside the existing C4 Operations Group. Beyond ensuring connectivity, the Command will drive our SAF’s development and adoption of best-in-class digital technologies – Cloud computing, AI and 5G. By consolidating hardware and software capabilities, the SAFC4DC will accelerate our digital transformation across the SAF and enhance operational effectiveness.

The DCCOM will consolidate our cybersecurity capabilities by bringing together the Cybersecurity Task Force and the Defence Cyber Organisation under a single Command. They will deal with hostile digital threats against Singapore to safeguard our digital backbone and essential services. We are one of the most inter-connected countries in the World. As a modern economy, we are dependent on our IT grid. If the grid is disabled or even degraded, all of our society will be impacted – all of us know this, you just need to switch off the power and connectivity, and you will feel that you are disconnected. Just imagine if that happens to the homes and offices of our regulars and NSmen in the SAF and Home Team – there is a shutdown of IT and essential services, it will surely affect our preparedness because our SAF draws from civilians and NSmen.  It is therefore the responsibility of the DCCOM to ensure the resilience of our critical infrastructure and keep Singapore safe and secure.

STRONGER PARTNERSHIPS FOR A RESILIENT DIGITAL DEFENCE

The DCCOM will need to work with other partners, whether it is in government or industry to increase the resilience of our digital systems nationally. They will establish a dedicated Cyber Protection Group, that will work closely with the CSA and other relevant agencies to enhance our National Cyber Defence. The DIS already witnessed the virtuous effects of partnership in the Critical Infrastructure Defence Exercise (CIDeX) This is a national-level exercise that has been held since 2022.

NSmen are part of this crucial effort for our digital defence, particularly those with relevant skills and experience. We have tapped on this through the Enhanced Expertise Deployment Scheme (EEDS), which will put our NSmen with these skills into key advisory and technical appointments within these two new Commands.

Take CPT(NS) Ong Zhi Yuan, a cybersecurity professional, as an example. He joined one of the DIS's Cyber Incident Response Team through the EEDS. During his In-Camp Training, he will apply his expertise to protect Singapore's networks.

Our NSmen also participate in multinational cybersecurity exercises, such as in Exercise Locked Shields last year. This is a global cybersecurity exercise which simulates large-scale cyberattacks on critical infrastructure. They then pit their skills against the world’s top military cyber experts, and from there, gained valuable insights and hone their craft. Even veterans in the cybersecurity industry tell us that these opportunities are unique and useful and are not even readily available in cyber security companies.

To date, we have deployed about 500 NSmen across both Commands in cyber, software engineering, AI, cloud infrastructure and engineering appointments.  As the cyber threats and SAF’s capabilities grow, many more NSmen can step forward to build our digital defence of Singapore.

The DIS must partner the private sector to keep up with rapid innovation in cybersecurity and digital technologies. The IT cycle is very fast-moving, and we have to gain access to cutting-edge solutions and operational insights. Just recently, MINDEF and DSTA signed a contract with Oracle, a Cloud Service Provider, to jointly develop cloud environment suited for MINDEF’s use. Separately, a Memorandum of Understanding (MOU) was also established with Dragos, which is another leading cybersecurity company, to jointly develop advanced cybersecurity capabilities. This follows similar arrangements that the DIS has with Google, Microsoft, Ensign InfoSecurity and ST Engineering. All these tie-ups will better position the SAF to deal with rapid product cycles, inherent in this sector.

CONCLUSION

Today’s inauguration of the SAFC4DC and DCCOM is a positive and important step for the DIS and the SAF. I commend the leaders for this development that gives confidence to Singaporeans that Singapore’s critical digital infrastructure can be kept secure and resilient. To the appointed leaders, men and women of these two Commands, recognise that Singaporeans have placed a heavy responsibility on you. Shoulder this responsibility with professionalism and dedication to fulfil your missions.

It gives me great pleasure to announce the official inauguration of the SAF C4 and Digitalisation Command and the Defence Cyber Command.

Thank you.