Singapore strengthens its cyber shield with a new Digital Defence Hub
Singapore has unveiled a new Digital Defence Hub (DDH) to bolster the nation’s protection of critical infrastructure against increasingly sophisticated cyber threats. The hub sits within the Centre for Strategic Infocomm Technologies (CSIT), a technical agency under the Ministry of Defence, and will provide advanced cybersecurity services to the whole-of-government. Its mission is to counter high-end threat actors, including advanced persistent threat (APT) groups, that loom as a growing risk to national security.
Why a dedicated unit now?
Coordinating Minister for National Security, K. Shanmugam, announced the DDH at the CSIT TechCon, the agency’s annual closed-door technical conference. He underscored a troubling trend: suspected APT attacks on Singapore’s government systems and critical infrastructure have risen significantly. The minister cited that threats have increased more than fourfold from 2021 to 2024 and highlighted the ripple effects of state-sponsored operations, such as those observed during the Russia-Ukraine conflict where critical infrastructure faced disruption.
In Singapore, the digital ecosystem has expanded across sectors. National digital identity Singpass underpins more than 2,700 digital services, while essential infrastructure—energy, healthcare, and public services—relies on interconnected digital networks. Against this backdrop, the DDH is charged with ensuring resilience through proactive defense rather than reactive responses to incidents.
What the Digital Defence Hub will do
The DDH will work with and support government agencies, including the Cyber Security Agency, by bringing technical expertise to monitor, detect, and counter cyber threats targeting national assets. Its activities include cyber threat research, malware analysis, threat hunting, and red teaming—a practice that simulates real-world cyberattacks to test defenses and training readiness.
Key capabilities housed within the hub include proactive threat detection and rapid investigation of suspicious activity across government networks. This involves translating threat intelligence into concrete defensive measures, patching gaps, and improving the resilience of critical systems before attackers can exploit them.
Malware analysis and rapid attribution
A standout capability is the Automated Malware Analysis and Attribution System (ACUBE), developed by CSIT. ACUBE speeds up malware analysis, helping investigators identify attackers and their methods more quickly, which in turn reduces the time needed to remediate compromised systems and close security gaps.
Threat landscape and broader collaboration
Beyond APTs, Singapore faces other digital threats, including ransomware, scams, and AI-driven abuse. The minister’s remarks emphasize the need for collaboration across agencies and with industry partners to uncover attacker activity and share best practices. The DDH’s collaborative approach is designed to extend beyond government to the broader digital ecosystem, leveraging threat insights to protect networks at scale.
Outlook: a more resilient digital nation
CSIT chief executive Darren Teo stressed that success hinges on close cooperation with industry and international partners, given the vast and globally interconnected nature of cyberspace. As Singapore digitalizes further, the DDH represents a strategic investment in national security—one that aims to deter, detect, and defeat sophisticated cyber threats before they disrupt critical services.
