Sir, in February, MDDI disclosed that all four of Singapore's major telcos — Singtel, StarHub, M1, and SIMBA — had been breached by UNC3886. This raises the question: does DIS have the talent pipeline to fight the next UNC3886?
DIS was established in October 2022 — three years ago. The Defence Cyber Command was inaugurated only last March. MINDEF has programmes to grow talent from within: the Sentinel Programme for youths, the Cyber Work-Learn Scheme for NSFs, the Enhanced Expertise Deployment Scheme for NSmen with relevant civilian skills. These are genuine efforts and I acknowledge them.
But the expertise to detect zero-day exploits in network firewalls, to identify custom rootkits like MOPSLED and REPTILE, to trace state-sponsored command-and-control infrastructure routed through commercial cloud services — this expertise sits predominantly in the private sector. At firms like CrowdStrike, Mandiant, Palo Alto Networks. The response operation CYBER GUARDIAN required coordination across six agencies precisely because no single entity, including DIS, had sufficient depth alone.
The Minister acknowledged last September that the lines between cyber threats in the military and civilian domains are increasingly blurred. I agree. But if the threat landscape is blurred, the talent pipeline should be too. And right now, it is not. Our programmes train soldiers to become cyber defenders. We have no dedicated pathway for cyber professionals to become soldiers.
The barrier is structural. Military service carries entry requirements designed for conventional soldiering — fitness standards, ten weeks of basic training, rigid career tracks, and compensation that cannot compete with the private sector. These are appropriate for infantry. They are counterproductive for recruiting a forty-year-old penetration tester.
The UK recognised this. Last year, it launched the Cyber Direct Entry Scheme — a fast-track pathway for civilians into military cyber roles. Basic military training: cut from ten weeks to one month. Fitness and medical standards: waived. No formal qualifications required — demonstrated skills and aptitude sufficient. Starting salary: over forty thousand pounds, with up to twenty-five thousand in additional skills pay. The first cohort of thirty entered operational roles by late 2025, helping defend UK networks against ninety thousand attacks annually.
I ask the Minister: will MINDEF consider a Cyber Direct Entry pathway for DIS — allowing mid-career industry professionals to serve in military cyber defence with adapted entry requirements and competitive compensation? Operation CYBER GUARDIAN showed what DIS can achieve when it mobilises the whole of government. The next step is to give it the tools to draw from the whole of industry.
