MDDI's response to PQ on Strengthening Protection for Singapore's Critical Information Infrastructure given rise in Advanced Pesistent Threat Attacks

Parliament Sitting on 22 September 2025

Question for oral answer

*122. Mr Sharael Taha asked the Minister for Digital Development and Information with the rise in Advanced Persistent Threat (APT) attacks against Singapore’s critical infrastructure (a) what safeguards beyond mandatory reporting will be required of Critical Information Infrastructure (CII) owners for early detection and containment; and (b) how the Ministry will strengthen capability, talent, and resources to defend against such threats.

*123. Mr Sharael Taha asked the Minister for Digital Development and Information in light of the Advanced Persistent Threat (APT) attacks against Singapore’s critical infrastructure (a) how will the Ministry work with international organisations and agencies to strengthen deterrence against such threats; and (b) whether the Ministry will consider a whole-of-Government approach to raise awareness and preparedness for such threats among organisations beyond critical information infrastructure (CII) operators, including businesses and the public.

*124. Mr Sharael Taha asked the Minister for Digital Development and Information how can Singapore better harmonise its cyber resilience across industries by adopting international standards on cybersecurity for operational technology such as IEC 62443 and MITRE ATT&CK for Industrial Control Systems, in light of a 46 recent attack on Singapore’s critical information infrastructure by advanced persistent threat actors (APT).

Answer

Singapore is indeed a target for cyber attacks by Advanced Persistent Threat (APT). From 2021 to 2024, suspected APT attacks on Singapore increased more than four-fold. Such attacks happen across the private and public sectors, and various industries. Most recently, agencies detected UNC3886 attacking our Critical Information Infrastructure (CII).

Such attacks seriously threaten our national security. They can disrupt the delivery of essential services like electricity and water. Our sensitive data may also be stolen. The Cyber Security Agency of Singapore (CSA) works closely with both domestic and international partners and stakeholders to protect our nation’s cyberspace against such threats.

Within Singapore, CII owners play a critical role in safeguarding the critical systems under their charge. Under the Cybersecurity Act and Cybersecurity Code of Practice, CII owners must meet certain baseline requirements to help protect them from known vulnerabilities. These requirements are generally aligned to international best practices, such as the IEC 62443 series of standards for Automation and Control Systems, and the MITRE ATT&CK framework for Industrial Control Systems.

CII owners must also conduct regular cybersecurity testing and audits to verify the robustness of their defences. To raise awareness and prepare organisations for cyber threats, CSA conducts “Exercise Cyber Star” each year. This nation-wide exercise tests critical sectors on their readiness to respond during a cyber crisis.

International collaboration is also key to countering cyber threats, given the borderless nature of cyberspace. To this end, Singapore participates in regular CERT-to-CERT exchanges and joint cross-border operations, including with regional partners through the ASEAN Regional Computer Emergency Response Team (CERT).

While we have the foundations laid, we cannot afford to be complacent. APTs are highly skilled, and well-resourced. They are constantly testing their targets’ defences and finding new ways to achieve their objectives. Therefore, CSA is reviewing how we can work with relevant agencies and stakeholders to better protect our CII. We will share more when ready.

*Converted to written answer