MDDI's Response to PQ on Stepped-Up Vigilance or Measures for Zero-Day Vulnerabilities Following UNC3886 Cyberattacks

Parliament Sitting on 25 February 2026

Question for Oral Answer

*22. Mr Dennis Tan Lip Fong asked the Minister for Digital Development and Information in view of the UNC3886 cyberattacks, how is the Government working with technology vendors to ensure that zero-day vulnerabilities exploited by such actors are patched or mitigated across all sensitive public sector systems.

Answer

Zero-day vulnerabilities cannot be completely eliminated. By definition, the risk they pose cannot be fully addressed because “patches” are not yet available. However, the government does put in place measures to detect and prevent significant damage to key systems.

When we receive credible information on zero-day exploits, CSA and GovTech work with vendors to confirm the nature of incidents and accelerate remediation efforts where needed. In addition, we require critical system owners to conduct frequent security testing and threat hunting. This facilitates timely detection and remediation.

It is also important to put in place a layered defence approach. This means controls at the perimeter of systems, coupled with systematic efforts to detect unauthorised activity within our networks, deal with them robustly, and deal with attacks before significant damage is done.

*Converted to written answer