MDDI's Response on PQ on Safeguarding Sensitive Information when Sharing Classified Threat Intelligence with Critical Sector Organisations

Parliament Sitting on 4 November 2025

Question for written answer

*39. Dr Choo Pei Ling asked the Minister for Digital Development and Information in light of the Government’s decision to share classified threat intelligence with organisations in critical sectors (a) what measures are in place to ensure that sensitive information will remain safeguarded to minimise vulnerability exposures; and (b) whether the Government can share an update on the progress of measures to strengthen our Singaporean core for cybersecurity in critical sectors.

Answer

Globally, malicious cyber activity has been increasing. As a digital hub, Singapore is not immune to these threats. Like other countries, we have been experiencing a rise in attacks by cyber criminals as well as state-linked actors. Our critical information infrastructure (CII) is a strategic target. As these systems support essential services, there can be severe consequences if they are compromised.

To safeguard the cybersecurity of our CII, the Cyber Security Agency of Singapore (CSA) holds CII owners to higher cybersecurity standards and obligations under the Cybersecurity Code of Practice. CSA will continue to update these standards and obligations to keep pace with the evolving threat landscape.

We will also partner CII owners by equipping them with tools and capabilities to help them deal with advanced cyber threats. This includes sharing classified threat intelligence with CII owners, which will help them be on the lookout for specific threats. CSA will put in place safeguards to ensure that the information is properly handled. CII owners will also have to comply with the Official Secrets Act. Sensitive information which may affect national security, or foreign relations, will be appropriately redacted.

Having a strong cybersecurity workforce that can meet Singapore’s needs is critical. CSA has also partnered with associations, industry and academic partners to facilitate the training of fresh and mid-career professionals for the cybersecurity profession. Today, Singapore is home to about 10,000 cybersecurity professionals. This figure has more than doubled compared to just eight years ago.

While the government will partner and support CII owners in cyber defence, CII owners are ultimately accountable for meeting the regulatory obligations under the Cybersecurity Act, and more importantly, for the cybersecurity outcomes of their organisations and systems. This is because they own the systems and networks, and are responsible for all decisions relating to their network, including system architecture and the day-to-day operations.

*Converted to written answer