Probe into Incident Where Private Military Conference Call at Singapore Hotel was Intercepted

5 Mr Yip Hon Weng asked the Minister for Defence in view of the recent incident where a private military conference call in a Singapore hotel was being intercepted (a) whether the Government is investigating the incident to identify and address specific vulnerabilities in our telecommunications infrastructure; and (b) whether there are measures in place to safeguard the security of communications lines originating from Singapore, especially during international meetings and military events which involve high-level foreign dignitaries.

The Senior Minister of State for Defence (Mr Heng Chee How) (for the Minister for Defence): Mr Speaker, this reply will only address the hon Member's question as to whether Singapore can safeguard the security of communications used by visitors to international and military events held here. It is a reply in general, without reference to any incident referred to by the Member.

Participants to international events and conferences, including those attended by military personnel and government leaders and officials do not, as a rule, expect the host country to provide secured means of communications. Even if a host country is to offer such means, it is questionable whether foreign participants are comfortable using it. Foreign guests who need to transmit sensitive information will typically arrange their own secured means, such as encryption hardware or software, commercial secured or embassy lines and other security measures. This is the practice of the Ministry of Defence (MINDEF) and the Singapore Armed Forces (SAF) officials when attending meetings overseas.

Mr Speaker: Mr Yip Hon Weng.

Mr Yip Hon Weng (Yio Chu Kang): Thank you, Mr Speaker. I thank the Senior Minister of State for his reply. Can the Senior Minister of State elaborate on the potential impact of this incident on Singapore's reputation for international military and defence-related discussions, like the Shangri-La Dialogue? And is the Ministry proactively conducting vulnerability assessments on our telecommunications infrastructure to prevent something like this from happening?

Mr Heng Chee How: Mr Speaker, I thank the Member for his supplementary question. First, I must explain that there is a difference between conferences and meetings that are organised by Singapore, that are of a sensitive nature, like Government meetings, military meetings where communications are sensitive. Secured measures are implemented for those meetings. That is one type.

Then, there are the general communications that visitors to Singapore – tourists and other visitors to Singapore – may choose to use, such as open communication lines. These are not within the purview of the Government or the military meetings that we are referring to. For those, the visitors would have to, as I said in my reply, take necessary measures themselves, such as using encryption hardware and software, or other means that they are confident of being secure. Overall, we will also encourage everybody to practise cyber hygiene and take care when using, for example, open wi-fi access.

For MINDEF and SAF, we take a proactive approach to cybersecurity when we are involved in high signature events, inclusive of those involving high level foreign dignitaries. And we work closely with event organisers, who remain accountable for the overall cybersecurity of these events.

These proactive efforts would include identifying events' digital footprint and cybersecurity risk areas, scanning the event websites and checking the commercial systems and applications used for the event, and working out the cybersecurity incident escalation and reporting processes.

If vulnerabilities are uncovered through these checks, the event organisers would be required to resolve them, prior to the events. MINDEF and SAF, however, do not cover the cybersecurity of foreign militaries' internal, unilateral virtual meetings, which are outside the scope of these events.