Our website will be unavailable on 30th March 2019 from 2:00 PM to 4:00 PM for a scheduled maintenance.We apologise for any inconvenience that may be caused.
1. The Digital and Intelligence Service
(DIS) organised the inaugural Critical Infrastructure Defence Exercise (CIDeX)
from 15 to 16 November at the National University of Singapore (NUS) School of
Computing. The cyber defence exercise involved
over 100 participants from the DIS and 16 other national agencies across the
Critical Information Infrastructure
Supported by the Cyber Security Agency of Singapore (CSA), iTrust/SUTD
and the National Cybersecurity R&D Laboratory (NCL), CIDeX is the largest
Operational Technology (OT)
Critical Infrastructure defence exercise focused on training and strengthening
Whole-Of-Government (WoG) cyber capabilities to detect and tackle cyber
security threats to Information Technology (IT) and OT networks that control
the operations of critical infrastructure.
2. Over the two days, participants from
the Blue Teams, comprising participants from the national agencies as cyber
defenders, defended the exercise’s digital infrastructure, which includes an
enterprise IT network and three OT testbeds – replicating a water treatment plant, a water distribution plant
and a power grid system – against live simulated
cyber-attacks launched by a composite Red Team made up of DIS and CSA
personnel. Exercise scenarios involved attacks on both the IT network and OT
testbeds that aim to disrupt operations and impact way of life, such as
poisoning the water treatment plant, ceasing water distribution and cutting off
power supply. Participants sharpened instincts and technical competencies to defend cyber networks by
leveraging cyber tools to monitor, detect and thwart cyber-attacks by the
3. Prior to the exercise, the
participants underwent a three-day
hands-on training programme at the Singapore Armed Forces (SAF)’s
enhanced Cyber Defence Test and Evaluation Centre (CyTEC) at Stagmont Camp to develop and hone their cyber defence competencies.
4. A Joint Operations Agreement (JOA) between the DIS and CSA was signed on
the sidelines of the exercise by Defence Cyber Chief (DCC) Brigadier-General
(BG) Edward Chen and CSA’s Deputy Chief Executive (Development) Mr Gaurav
Keerthi. The CSA-DIS JOA establishes a framework for cooperation and
collaboration in the areas of joint operations and capability development that
will contribute towards a secure national cyberspace.
the need for close partnership in securing Singapore’s cyberspace, BG Chen said, “The DIS recognises the
importance of fostering close cooperation with CSA and other national agencies
in defending Singapore’s cyberspace. The Joint Operations Agreement between CSA
and the DIS is an important step forward in institutionalising our ongoing
collaboration and expanding our partnership in areas such as joint cyber training.
By partnering on large-scale cyber exercises like CIDeX, we provide our
national cyber defenders a platform to train together and strengthen our
ability to protect our critical infrastructure systems in Singapore."
6. Mr Keerthi said, “Cybersecurity is a
team effort, and CSA welcomes the Digital and Intelligence Service to this
team. CSA has a longstanding partnership with MINDEF/SAF on national cyber
defence. Exercises such as CIDeX ensure our collective preparedness for cyber
incidents and emergencies. The CSA-DIS Joint Operations Agreement affirms SAF’s
continued support in the defence of Singapore’s cyberspace.”
 The 16
participating agencies are: Cyber Security Agency of Singapore (CSA), Infocomm
Media Development (IMDA), Land Transport Authority, M1, Maritime and Port
Authority of Singapore (MPA), Pavilion Energy, PUB, Sembcorp Industries, Senoko
Energy, Singapore LNG (SLNG) Corporation, Singtel, SMRT Corporation, SP Group,
ST Engineering, Tuas Power and YTL PowerSeraya.
 iTrust is a multidisciplinary research centre located at the
Singapore University of Technology and Design (SUTD) that was jointly
established by SUTD and the Ministry of Defence (MINDEF) in 2012.
 OT refers to
hardware and software that monitor and control devices, processes and
infrastructure. These include Industrial Control Systems (ICS), Supervisory
Control and Data Acquisition (SCADA) systems, safety instrumented systems, and
Programmable Logic Controllers (PLCs).