In a significant move to bolster Singapore's cybersecurity posture, board members of critical services operators will soon be mandated to undergo comprehensive cybersecurity training. This development comes as part of a series of updates to the nation's cybersecurity framework, with the aim of fortifying the protection of essential services and national interests. The government has announced that these board members will also be required to enhance their supervision and responsibility over the critical information infrastructure (CII) and adjacent systems, ensuring a more robust defense against potential threats. The critical sectors in question include energy, healthcare, telecommunications, finance, and media, all of which are vital to the country's functioning and security. The updates are a direct response to the evolving threat landscape, with the government sharing classified threat intelligence with these organizations to prevent cyber attacks that could jeopardize national security. The Cybersecurity Act, which came into force in 2018 and was amended in 2024, mandates CII operators to declare any cybersecurity outage or attack on their premises or supply chain that may cross borders. This move is part of a broader strategy to strengthen the country's cybersecurity defenses, with the annual Critical Infrastructure Defence Exercise (Cidex) serving as a key platform for honing these skills. The 2025 edition of Cidex, held at the Singapore Institute of Technology, saw over 250 participants from 33 governmental and private organizations test their skills against simulated cyber attacks. The focus of this year's exercise was on incorporating intelligence from ongoing cyber operations into the design of the attacks, ensuring that defenders are prepared for the latest threats. The exercise also highlighted the importance of unity and vigilance, with the strength of the network dependent on the weakest link. Participants, including Changi Airport Group, telco M1, OCBC Bank, and the Government Technology Agency, among others, gained valuable insights from industry players like Google and Amazon Web Services, which shared their observations on cyber threats across different cloud environments. The ultimate goal, as emphasized by Defense Minister Chan Chun Sing, is resilience, ensuring that all sectors can level up their competency to bounce back from any setback as quickly as possible.
