SINGAPORE, July 29 — Critical infrastructure operators in Singapore will soon be required to report suspected advanced persistent threat (APT) attacks under new measures introduced in an amended Cybersecurity Act.
The move, reported by The Straits Times, was announced by Minister for Digital Development and Information Josephine Teo at a cybersecurity forum on Monday.
She said the requirement — part of broader changes to the law — is expected to take effect later in 2025 and will mandate reporting to the Cyber Security Agency of Singapore (CSA).
The amendment follows the recent July 18 disclosure of state-linked cyber-espionage activity by group UNC3886, believed by experts to be China-linked.
It’s among several APT actors whose targeting of Singapore’s critical systems has surged more than four-fold between 2021 and 2024.
“If organisations suspect they’ve been targeted, they cannot and should not confront the attackers on their own,” said Teo during the fifth Operational Technology Cybersecurity Expert Panel forum.
“These requirements will support the early detection of APT activities, and enable CSA to take more timely actions, together with other government agencies, to defend CII owners against the attacks.”
APT actors are often state-sponsored and operate with significant resources, using stealthy tools to infiltrate high-value networks, steal data, or disrupt essential services.
Singapore’s 11 critical information infrastructure (CII) sectors include energy, water, land transport, healthcare, and government systems.
Other sectors are aviation, maritime, security and emergency services, banking and finance, maritime, as well as infocomm.
The Act was previously amended in 2024 to expand CSA’s oversight to cloud and supply chain risks.
CII operators are now required to report not only direct attacks but also any disruption stemming from service providers or third parties.
With the latest revision, temporary systems supporting major events — such as vaccine distribution or international summits — will also fall under CSA’s purview.
This marks the first time Singapore has publicly acknowledged specific APT threats.
“We want the public to know these threats are real,” said Teo, citing recent global incidents including a Ukrainian malware attack that cut heating to 600 homes, and a breach in Norway that caused a dam to release seven billion litres of water.
“The threats you face are no longer simple ransomware attacks. APTs have you in their sights,” she warned CII operators.
In response to the heightened threat level, CSA has convened a closed-door briefing with CII leaders and is ramping up collaboration across sectors.
On July 29, the agency also signed a memorandum of collaboration with ST Engineering to jointly develop cybersecurity tools tailored to operational technology systems.
CSA chief executive David Koh said the agency will continue partnering with global and local entities to share actionable threat intelligence.
He also welcomed the formation of a new operational tech-focused special interest group by IT governance body ISACA, calling it crucial to improving information-sharing in the sector.
“A partnership approach will help to ensure a safe and resilient digital future for Singapore,” said Teo.
