Digital warfare is blurring civilian front lines

The distinction between the battlefield and the boardroom is vanishing, placing civilian organisations from hospitals to small businesses directly in the path of military-scale cyber operations, a top Singapore military commander has warned.

“There was a time when national security meant drawing new lines between soldiers and civilians, front lines and food fronts, threats and targets – but those lines are blurring,” said Colonel Clarence Cai, commander of the Defence Cyber Command, at the ST Engineering Cybersecurity Summit 2025 last week.

“You wouldn’t ask your local mama shop to stare down a T-72 main battle tank, but in cyber space, that’s almost what’s happening,” he added, referring to local provision shops in heartland neighbourhoods across Singapore.

Cai argued that civilian and commercial organisations – from hospitals and supermarkets to small and medium-sized enterprises (SMEs) – are being targeted by threat actors with the scale and precision of military campaigns.

“Just ask Marks & Spencer,” he said, noting that the British retailer was hit by a recent ransomware attack that resulted in a £300m loss. “You might say the tanks never rolled in, but the digital equivalent of a precision strike did.”

Cai, who is also the defence cyber chief of the Digital and Intelligence Service (DIS) in the Singapore Armed Forces, noted that adversaries are no longer just targeting weapon platforms, but the “digital backbone of civilian life”. He pointed to recent hostilities in the Middle East, where cyber attacks running in parallel with missile strikes disrupted air traffic, spoofed GPS, and interfered with healthcare and financial services.

Furthermore, he warned of a global trend of brazen activity against critical infrastructure – ports, utilities and transport networks – not for immediate disruption or commercial gain, but to map dependencies, identify vulnerabilities and pre-position for possible future conflicts. “The modern front line begins where vulnerabilities exist, and not just where uniforms are,” said Cai.

Adding artificial intelligence (AI) to the mix puts the threat landscape “on steroids”, said Cai. Attackers are already using AI to identify vulnerabilities at machine speed, scale social engineering with deepfakes and even build self-mutating malware that assembles itself at runtime to bypass conventional defences. “Velocity of change has become velocity of attack,” he warned.

However, Cai noted that AI could also be a powerful shield where AI could be used to detect anomalies, triage threats and prioritise alerts, leading to a “cyber utopia” where cyber security is democratised, accessible and affordable for everyone. But this outcome, he argued, depends on a mindset shift.

“Defenders think in lists; attackers think in graphs,” said Cai, attributing the notion to Microsoft’s John Lambert. He said that while defenders focus on inventories, compliance controls and policies, attackers see the relationships between systems – which credential unlocks which system, and which misconfiguration leads to privilege escalation.

“If defenders feed AI with linear inputs like logs, CVE [common vulnerabilities and exposures] checklists and policy files while attackers train AI on graphs of access, trust and topology, then the edge goes to the offence,” he explained. “But if we build graph-native defences, where AI learns to see the map the way attackers do, then we can start to level the game.”

This is the core mission of the DIS’s Cyber Testing and Experimentation Centre, which is developing AI-native workflows to autonomously map and identify complex intrusion paths without human intervention, using a combination of AI agents and reinforcement learning.