While sentries can be stationed to guard a military camp, what should be done for IT systems?
Introducing the Cyber Security Operations Centre (CyberSOC) 2.0, a major cybersecurity development that enhances MINDEF and the SAF’s ability to monitor, detect, analyse and respond to cyber incidents.
Developed by a team of cyber professionals and developers, CyberSOC 2.0 combines our technical expertise with MINDEF’s operational experience to provide a comprehensive spectrum of capabilities to enhance Singapore’s cyber defence.
Head Cyber Ops Centre Chua Boon Kwee said: “Our key challenge was managing the risk of innovation and integration. We adopted a sound design methodology where we defined and built upon a SOC reference model. Instead of a ‘big bang’ approach, we also developed the system using a spiral development process – where capabilities were transited to production in an ongoing basis, and a working prototype was developed to facilitate discussions with users. This enabled us to experiment with data and technologies in order to determine new ways of detecting cyber threats.”
CyberSOC 2.0 is also a step away from traditional rule-based systems, which do not allow security operators to interpret and prioritise cybersecurity incident alerts quickly. Instead, the team integrated commercial-off-the-shelf (COTS) solutions with technical innovations developed in-house to enable better detection and more informed response to a wide variety of cyber threats. They also harnessed artificial intelligence (AI) and machine learning techniques so the system could uncover potential cyberattacks automatically and accurately.
Head Engineering (Cyber AI) Stanley Chang explained: “We designed a modular architecture, which integrates the best-of-breed COTS solutions and other new innovations rapidly. We fused CyberSOC 2.0 with AI and machine learning techniques to help it learn and adapt constantly. The machine learning systems incorporated also help prioritise alerts on cyber incidents better.”
For better detection accuracy, the team conducted extensive testing, baselining and finetuning of CyberSOC 2.0’s detection algorithms, and enhanced the system’s detection capabilities continuously to ensure that it remains effective in the ever-changing cyber threat landscape.
Another key feature is the automation of incident response. To achieve this, the team codified the workflows, as well as the information gathering and analysis processes, allowing alerts to be enriched with actionable items to help operators make more informed decisions.
CyberSOC 2.0 also includes a Command & Control Information System, which provides analysts with an advanced visual display system that helps to scale their analysis across a greater range and volume of incidents. This allows them to coordinate response measures more effectively.
In 2020, the team received the Defence Technology Prize (DTP) – MINDEF’s most prestigious award for outstanding contributions in defence science and technology – in recognition of their efforts.
The team at the DTP Awards Ceremony, along with the event Guest of Honour Minister for Defence Dr Ng Eng Hen (second from left).