International: Now I am become Death, the destroyer of bytes

On August 9th, rouse yourself not for the anthem, the president, or the annual bonhomie between the PAP and “PAP-lite”; not the F-16s or Apaches puncturing an island’s calm with booms and whops that comfort, or the crafts crashing across waters in which fish once thrived, or the armoured vehicles barreling down tarmac that will soon host supercars; and not the over 3,000 performers and 39 artistes glowing in their finest hour. Save your fervour instead for a geeky group that has emerged from its digital den to bask in the national limelight for only the third time. 

The Digital and Intelligence Service was incorporated as the fourth branch of the Singapore Armed Forces in 2022, to “defend and dominate in the digital domain”. By then we had suffered a number of cyber attacks, notably the 2018 SingHealth data breach, which compromised 1.5m patients. Last week, K Shanmugam, home affairs minister, coordinating minister for national security and our swaggering sheriff, revealed that UNC3886, a state-linked advanced persistent threat (APT) actor, has been attacking our critical information infrastructure. “UNC3886 poses a serious threat to us, and has the potential to undermine our national security,” he said. Indeed. Attacks that knock out our power systems, or compromise telecommunications and payment systems, could have devastating consequences. APT attacks increased four-fold from 2021 to 2024, Shanmugam said. Mandiant, a Google cyber-security subsidiary, first identified the “suspected China-nexus cyber espionage actor” in 2022. Shanmugam was careful not to reference Beijing, but others did. (The Chinese embassy in Singapore denied links.)

Contemporary cyber-warfare can be traced to Iran’s nuclear enrichment programme. In 2010, almost 1,000 centrifuges were crippled by a “Stuxnet” worm targeting their German-made Siemens systems. A programming error allowed the worm to escape across the internet. Stuxnet was subsequently broadly recognised to be a joint US-Israel operation, codenamed Olympic Games. Initiated under George W Bush, the US’s cyberweapons programme was, according to The New York Times, accelerated by Barack Obama, who believed it to be the lesser of two evils—a cyberattack over a conventional one. He allegedly unleashed it while cognisant of the echoes with 1945’s atomic bombs, and that the US’s use might legitimise the same by terrorists and others. It is poetic that our world was thrust into cyber war by efforts to stamp out nuclear; and that in 2009, as he was quietly developing “Olympic Games”, Obama was publicly accepting a Nobel Peace Prize. 

“Unlike nuclear or chemical weapons, which have some kind of internationally enforceable inspection arrangements and balances of power, cyberweapons are deniable and denied, protected by a new kind of macho-geekery and silence,” said The Guardian in its review of “Zero Days”, a 2016 documentary about Stuxnet. Israel and the US, Singapore’s allies, have never accepted responsibility for it. Why would anybody? On August 9th, say hello to our new world. Here we are.

Some further reading: In “National Service: why we need a deeper discussion”, Jom argued that Singapore needs to refocus its defence efforts towards today’s primary external threats, including terrorists, cyber attackers, and cyber influence operations from the likes of Beijing and Moscow.