Tuesday, March 7, 2017

Commentary on MINDEF/SAF Defence Cyber Organisation: Bytes are bullets for SAF's cyber defenders


The establishment of the Defence Cyber Organisation (DCO) by the Ministry of Defence (Mindef) aims to strengthen Singapore's defences against current and anticipated threats in cyberspace.
The move is timely, given the recent incident in which the Mindef network was hacked by perpetrators of unknown origin.
While no sensitive military information was lost apart from the theft of personal data on some 850 Singapore Armed Forces (SAF) and Mindef staff, the February attack is a sign of things to come.
New cyber defence vocations have also been created, and soldiers are expected to be deployed in these roles from August this year. Both full-time national servicemen and operationally ready national servicemen with the requisite academic or work backgrounds can be tapped to join these vocations.
Among all the SAF vocations, SAF cyber defenders can expect to come under "attack" more often and more intensely during peacetime than any other SAF personnel, with their battles waged in cyberspace. Their mettle will be tested against state and non-state actors, who will continuously probe and test our cyber defences for weaknesses that can be exploited.
They will have to be on their toes as Singapore is one of the world's most digitally connected nations in the world. This means that DCO's cyber defenders need to be made of sterner stuff than your average keyboard warrior and be equipped with the professional know-how and warfighting techniques, tactics and procedures to fight and prevail in cyber warfare.
The high stakes and likelihood of future attacks make it imperative that our cyber defenders operate under clear and well-defined rules of engagement for cyber engagements.
The Cyber Security Strategy that Singapore released last year sketched out the high stakes. The document forecast that cyber attacks on the Republic's critical information infrastructure (CII) "may have spillover effects regionally and globally".
It added: "As an international financial, shipping and aviation hub, Singapore also houses critical systems that transcend national borders, such as global payment systems, port operations systems and air traffic control systems. Successful attacks on these supra-national CIIs can have disproportionate effects on the trade and banking systems beyond Singapore's shores."
The recent attack drives home the clear and present danger posed by cyber warfare and why vigilance must be backed by a round-the- clock capability to act against such threats.
But when does a cyber attack become an act of war - if at all - especially if it targets mission-critical infrastructure?
All over the world, governments are grappling with defining the threshold above which a cyber attack would justify the use of military force. Singapore, too, will have to figure this out and develop new rules of engagement for such attacks.
Britain's National Cyber Security Strategy indicates that the "full spectrum of our capabilities will be used to deter adversaries and to deny them opportunities to attack us".
The Cyber Strategy articulated by the United States Department of Defence (DoD) mentions the "full range of tools" and added: "To ensure unity of effort, DoD will enable combatant commands to plan and synchronise cyber operations with kinetic operations across all domains of military operations."
While cyber attacks don't involve firepower in the traditional sense of bullets, bombs, rockets or guided munitions, their impact can be just as devastating.
Attacks on, say, computer networks that control infrastructure such as ports, power or water supply, or a country's banking system, can disrupt or destroy such infrastructure as effectively as a conventional military attack - perhaps even more so.
Cyber warfare is a relatively new battlespace, so new that international agreement on what constitutes proportionate response or jus ad bellum (right to war) in a cyberwar has not been mapped out definitively.
International law and military experts consulted for the Tallinn Manual 2.0 were divided on the level of military force that a country could exert in response to, or in anticipation of, a cyber attack. The manual, released last month, is said to be the most comprehensive analysis of how international law applies to cyber operations.
In the US military, the information battlespace is regarded as the fifth dimension of war. The other four dimensions are land, sea, air and space. The Tallinn Manual 2.0 attempts to harmonise international law and military tactics, techniques and procedures with threats in the fifth dimension.
Singapore is well aware that much work is needed on this front. Minister for Defence Ng Eng Hen told Parliament last Friday: "In the steady state, the DCO will have about 2,600 soldiers, supported by scientists and engineers in Defence Science and Technology Agency (DSTA) and DSO, and this is a significant build-up from the current numbers and reflects the importance of this new battlefront."
To put things in perspective, the headcount of 2,600 soldiers that will serve DCO in about 10 years' time is roughly four battalions strong. This is almost half the number of soldiers in the Singapore Army's nine active infantry battalions. Amid the birth dearth that has led to smaller cohorts of full-time national servicemen, the commitment of such a sizeable number of cyber defenders underscores the severity of fifth-dimension threats envisaged by our defence planners.
Apart from clarifying rules of engagement in a cyber attack, DCO needs to reassure our citizen soldiers that computer networks fielded by the tech-heavy new-generation SAF will be protected in peacetime and during operations by astute cyber defenders fighting in the fifth domain.
Mindef/SAF defence planners also need to be vigilant to tell when a cyber attack, say, on a telco system, crosses the threshold from an inconvenience to the public to one with a more sinister endgame aimed at knocking out vital infrastructure as a prelude to a conventional attack.
Like other defence forces, those in Singapore will have to think through the end-state of cyber warfare. Once cyber defenders swing into action by wielding bytes as "bullets" in a cyberwar, when and how would one achieve conflict termination? What are the success factors for achieving victory? Would a cyberwar presage a period of tension that could spiral into the use of real-world military firepower?
Just as Total Defence enlisted the whole nation to underpin the SAF's approach to conventional defence, there's a part for everyone as Mindef/SAF takes on cyberthreats from state or non-state players.

3 comments:

  1. 2600 NS men earmarked for DCO is quite a number, perhaps too many.

    Good cyber defenses are
    1. Multi-tiered and highly automated and cover all devices deployed in an environment.
    2. Need to be continually updated and tested for all devices
    For instance, Apple keeps pushing updates for the various OSes on the devices that they ship.
    The back end systems are also continually vetted for security issues and updated to meet new threats.
    Other vendors such as Cisco, Oracle and Google also do so.
    3. The maintenance of such systems are handled by dedicated, highly skilled and motivated teams who
    have cyber security speciality career jobs working on compilers, fuzzing, code inspection, physical
    security, memory layout, cryptography, random number generation, ...

    ReplyDelete
  2. Dear David

    Time for a juicy update please..the cat seems to be outta the bag:


    http://www.snafu-solomon.com/2017/03/st-kinetics-tosses-its-hat-in-ring-for.html#disqus_thread

    2 questions: 1) Will it replace the Sm1? 2) 105mm or 120mm

    ReplyDelete
  3. I presume that some members of DCO will contain personnel from the intelligence branches of the SAF like Signals Batallion in the SIngapore Army.

    ReplyDelete