The physical and cyber infrastructures of Singapore’s key installations require protection from external threats. To evaluate the level of protection needed, a systematic vulnerability assessment is required. A multi-disciplinary DSTA team thus adapted the Critical Infrastructure Vulnerability Assessment (CIVA) methodology and applied it to assess a key army infrastructure.

The CIVA methodology was verified with the existing Critical Information Infrastructure Protection methodology and extended to the vulnerability assessment of physical systems. This was subsequently validated with international references. The resulting methodology enables the holistic treatment of the threat scenarios, risk and mitigation measures to suit Singapore’s context.

The team balanced the challenge of comprehensive treatment and practicality with risk management in the methodology. The wide spectrum of threats and the multi-faceted nature of the risk management required substantial resources and extensive consultation with subject matter experts in mechanical and electrical systems, fire safety, army vehicles and network infrastructure.

The methodology proposes efficient ways of identifying and assessing risks of credible threats and critical mission assets, coupled with risk management for efficient and effective use of limited resources.

DSTA is working with the SAF to apply the methodology to other key SAF assets and newer infrastructures using the overarching critical infrastructure protection framework. The methodology provides a way for DSTA to assess a wide range of threats and realise critical infrastructure protection capabilities for the SAF.