Last week, Singapore’s Coordinating Minister for National Security and Minister for Home Affairs K. Shanmugam addressing a gathering to celebrate 10 years since the Cyber Security Agency of Singapore (CSA) was launched, revealed that the Southeast Asian nation was battling an ongoing cyberattack on its critical infrastructure. Shanmugam, a long-standing member of the Government, delivered the message clearly and was brief.
It was clear that the Government of Singapore wanted to inform the public and the world but not to alarm them. He concluded by saying that more information will be released as and when the State was confident that it will not hamper the countermeasures underway. The manner in which the message from the State was delivered to the public is an approach his counterparts in Colombo and this Government should observe and learn from. There are lessons which policy-makers, public officials and security agencies can learn from the Singaporean example, both on messaging, offering clarity to the public, so as to prevent false narratives gaining traction, and in reassuring local and foreign entities that the State is aware and in control of the situation.
“Tonight, I would like to speak about a very serious matter, a particular category of cyber threats, they are known as advanced persistent threats. APT’s are highly sophisticated and well-resourced actors; they typically act on state objectives, they steal sensitive information, they disrupt essential services. The APT groups have been identified as ‘sandworm’, ‘typhoon cluster’. They attack critical infrastructure like healthcare, telcos, water, transport, power, etc. Groups conducting such attacks is UNC3886; the label stands for uncategorised or unclassified. It simply means that industry analysts have not formally classified it, but that does not mean that it is any less of a threat. The industry has identified UNC3886 as a highly sophisticated threat actor. It deploys advanced tools to compromise systems. It is also able to evade detection and maintain persistent access in victim networks. Industry has associated UNC3886 with cyber-attacks against critical areas including defence telcos, technology organisations in the United States and in Asia. The intent of this threat actor in attacking Singapore is quite clear, it is going after high value strategic targets – vital infrastructure that deliver essential services. If it succeeds, it can conduct espionage and it can cause major disruption to Singapore and Singaporeans. UNC3886 poses a serious threat to us and has the potential to undermine our national security. Even as we speak, UNC3886 is attacking our critical infrastructure right now. The CSA and relevant agencies are actively dealing with this attack, and they are working with the relevant CII owners. It is not in our security interest to disclose further details of this attack at this point in time. But I can say it is serious, and it’s ongoing, and it has been identified to UNC3886. We will assess whether it is in our interest to disclose more details later,” Shanmugam said during his statement.
On Saturday, the Singaporean Government issued an update, telling its citizens that units in the Singapore Armed Forces (SAF) and the Ministry of Defence (MINDEF) have been responding to the ongoing cyberattack by an alleged China-linked threat actor on Singapore’s critical infrastructure. This was conveyed by the Minister for Defence Chan Chun Sing. “These select units will work with the Cyber Security Agency of Singapore (CSA) in a whole-of-government effort to manage the incident,” he added. Such following up flow of credible government sources, indicating the effort in place to secure one’s nation, goes a long way to reassure the public, industry and investors about the stability and security of a nation. Such effective communication helps build trust in the State and also doesn’t cause alarm.
Cyber Security and disruptions to critical infrastructure and essential public services are part of a growing trend of tactics used by States and non-State actors to harass, intimidate and disrupt democratic nations. Sri Lanka is no exception to such risks. However, as a nation, Sri Lanka is not proactive in keeping an eye out for such threats and vulnerabilities which make them possible. We have been in the past, and remain in the present, reactionary to such threats, not proactive. Another key issue where Sri Lanka is lagging behind is awareness-building on such national security threats and in building national resilience. This Government, like once before, going by the performance thus far, is lagging behind in its transparency and effective communications strategy. Let us hope they learn a lesson from Singapore, which has shown world-class character in crisis management, and communication. Such tools are vital for effective statecraft.