Singapore has never been just a backdrop for defence drills; it has become the arena where modern digital warfare is tested under the harshest, most honest light. What unfolded between Feb 9 and 13 was not a parade but an interrogation of readiness: over 2,500 cyber defenders from 29 countries converged — physically and virtually — to trade tactics, learn hard truths, and sharpen reflexes against advanced persistent threats that do not knock politely before entering a network.
What happened, and why it matters
Defence Cyber Marvel arrived in Singapore for the first time, its fifth iteration conducted by the British Army Cyber Association. This was not theatre. Defence, intelligence, industry and government teams faced simulations targeting critical infrastructure, government networks, and private systems. The combined team formed by the Republic’s Digital and Intelligence Service and British Armed Forces was put through scenarios crafted to mimic real-world APT behaviour: stealth, patience, lateral movement, and cunning.
Advanced persistent threat actors exploit time and trust. They bury themselves, observe quietly, and then turn that observation into action. That reality hit home during the event when authorities disclosed that UNC3886 had tried to infiltrate all four major telcos in Singapore. No sensitive data was exfiltrated, and crucial systems such as the 5G core remained intact, but the near miss was a reminder: detection and response are priceless.
Lessons from the field
- Speed without accuracy is wasted energy. Response must be quick, but decisive; otherwise, recovery becomes twice as difficult.
- Collaboration across borders is non negotiable. Cyber threats do not respect geography; neither should defence.
- Simulations reveal brittle assumptions. What seemed robust in diagrams often crumbles under live pressure.
Those three takeaways are not abstract. They were living, breathing lessons across the exercise floor. Tension was tangible: teams yelling over consoles, analysts digging through logs with surgical focus, commanders making split second tradeoffs between containment and continuity.
A personal note from the trenches
There was a particular drill that remains vivid. Our team shadowed a red team that executed a slow-burn intrusion while defenders chased decoys. For hours, alerts flared, systems were patched, and sighs grew heavier. Then the red team pivoted to a less-monitored service and the entire posture crumbled within minutes. That moment induced a cold, electric clarity. Frustration bubbled into urgency. Pride followed — for those who caught the pivot — and resolve hardened: visibility is everything.
Emotions like that belong in professional remits. They sharpen judgement. They demand improvement. The exercise was as much about technical fixes as it was about human responses: decision fatigue, teamwork dynamics, and the courage to shut down services to protect the greater good.
Why Singapore is the right stage
Singapore stands at a junction of commerce, connectivity and strategic importance. Hosting Defence Cyber Marvel here was deliberate. The Republic’s position in the Indo Pacific makes it a hub where regional and global cyber defence strategies intersect. Incorporating the perspectives of 29 nations — with different priorities, threat models and operational cultures — forces homogenous thinking out the door. That friction breeds innovation.
Air Marshal Suraya Marshall captured the gravity succinctly: staging the exercise here underscores the Indo Pacific’s strategic importance and demonstrates a shared commitment to strengthening defence partnerships. That commitment is not ceremonial. It translates into playbooks, joint exercises, and mutual trust when real incidents occur.
Practical steps organisations must take now
Being reassured that no data was exfiltrated in the UNC3886 probe would be a mistake if it leads to complacency. Real momentum demands action.
- Focus on detection across the life cycle. Hunting must be continuous, not episodic.
- Invest in realistic exercises. Tabletop discussions are important, but live-play, messy drills expose the gaps that calm conversations miss.
- Prioritise telemetry and visibility across cloud and on-prem systems. If something is unseen, it is uncontrollable.
- Build interoperable playbooks with partners — public and private. Knowing who calls whom under pressure saves minutes that become hours.
Closing — a firm call to action
Defence Cyber Marvel in Singapore was not a photo opportunity. It was an urgent, clarifying moment that showed what works and what fails under stress. The exercise reinforced a simple truth: preparedness is both technical and human. Machines can flag anomalies, but coordinated human decisions stop damage from turning into disaster.
There is a temptation to treat success as reassurance. Resist it. The right response to surviving an intrusion attempt is not congratulation but doubling down. Strengthen telemetry. Practice ruthlessly. Share information without politics. The threats will not wait; neither should any organisation that values service continuity and public trust.
The region watched, learned, and left with new scars and sharper tools. That combination — pain plus improvement — is the only sustainable path forward. Do not accept anything less than continuous readiness.