
Digital warfare is blurring civilian front lines
Singapore’s defence cyber chief warns that the traditional lines between military conflict and civilian life are blurring, with adversaries now targeting civilian systems and using AI to put the threat landscape on steroids
The distinction between the battlefield and the boardroom is vanishing, placing civilian organisations from hospitals to small businesses directly in the path of military-scale cyber operations, a top Singapore military commander has warned.
“There was a time when national security meant drawing new lines between soldiers and civilians, front lines and food fronts, threats and targets – but those lines are blurring,” said Colonel Clarence Cai, commander of the Defence Cyber Command, at the ST Engineering Cybersecurity Summit 2025 last week.
“You wouldn’t ask your local mama shop to stare down a T-72 main battle tank, but in cyber space, that’s almost what’s happening,” he added, referring to local provision shops in heartland neighbourhoods across Singapore.
Cai argued that civilian and commercial organisations – from hospitals and supermarkets to small and medium-sized enterprises (SMEs) – are being targeted by threat actors with the scale and precision of military campaigns.
“Just ask Marks & Spencer,” he said, noting that the British retailer was hit by a recent ransomware attack that resulted in a £300m loss. “You might say the tanks never rolled in, but the digital equivalent of a precision strike did.”
Cai, who is also the defence cyber chief of the Digital and Intelligence Service (DIS) in the Singapore Armed Forces, noted that adversaries are no longer just targeting weapon platforms, but the “digital backbone of civilian life”. He pointed to recent hostilities in the Middle East, where cyber attacks running in parallel with missile strikes disrupted air traffic, spoofed GPS, and interfered with healthcare and financial services.
Furthermore, he warned of a global trend of brazen activity against critical infrastructure – ports, utilities and transport networks – not for immediate disruption or commercial gain, but to map dependencies, identify vulnerabilities and pre-position for possible future conflicts. “The modern front line begins where vulnerabilities exist, and not just where uniforms are,” said Cai.
Read more about cyber security in APAC
- Qantas is investigating significant data theft of personal information for up to six million customers after a third-party platform used by its call centre was compromised.
- Widespread warranty fraud is not only costing companies billions but also creating a breeding ground for advanced hardware exploits, warns hardware hacker and researcher Bunnie Huang at Black Hat Asia 2025.
- Singapore non-profit organisation HomeTeamNS suffered a ransomware attack that affected some servers containing employee and member data, prompting an investigation and enhanced security measures.
- Gil Shwed, Check Point’s co-founder, discusses the company’s focus on AI-driven security and his commitment to remaining an independent force in the cyber security market.
Adding artificial intelligence (AI) to the mix puts the threat landscape “on steroids”, said Cai. Attackers are already using AI to identify vulnerabilities at machine speed, scale social engineering with deepfakes and even build self-mutating malware that assembles itself at runtime to bypass conventional defences. “Velocity of change has become velocity of attack,” he warned.
However, Cai noted that AI could also be a powerful shield where AI could be used to detect anomalies, triage threats and prioritise alerts, leading to a “cyber utopia” where cyber security is democratised, accessible and affordable for everyone. But this outcome, he argued, depends on a mindset shift.
“Defenders think in lists; attackers think in graphs,” said Cai, attributing the notion to Microsoft’s John Lambert. He said that while defenders focus on inventories, compliance controls and policies, attackers see the relationships between systems – which credential unlocks which system, and which misconfiguration leads to privilege escalation.
“If defenders feed AI with linear inputs like logs, CVE [common vulnerabilities and exposures] checklists and policy files while attackers train AI on graphs of access, trust and topology, then the edge goes to the offence,” he explained. “But if we build graph-native defences, where AI learns to see the map the way attackers do, then we can start to level the game.”
This is the core mission of the DIS’s Cyber Testing and Experimentation Centre, which is developing AI-native workflows to autonomously map and identify complex intrusion paths without human intervention, using a combination of AI agents and reinforcement learning.
Shared responsibility
The theme of collective defence was echoed by David Koh, chief executive of the Cyber Security Agency of Singapore. He warned that the convergence of IT and operational technology (OT) has created a cyber-physical nexus where attacks can cause real-world harm. “This is what keeps me up at night – the cyber-physical threats,” said Koh.
Koh noted that cyber security is a shared responsibility, as a single gap in one organisation can allow an attacker to breach other systems. SMEs, in their efforts to digitise, will need to address cyber security, while large enterprises need to demand a certain level of cyber security from their SME suppliers, he added.
“Cyber security is like the brakes on a car,” said Koh. “If you want to go fast, you need good brakes. If you want to digitise, you need good cyber security.”
He recounted a recent incident where a ransomware attack on an SME printing company had significant downstream effects, affecting a number of organisations that handled important data for many Singaporeans. The CEO’s first comment to investigators was, “Oh, we didn’t expect to get hit.”
Koh said the incident resulted in hundreds of hours of recovery efforts, emergency purchase of equipment, stress and sleepless nights for those involved, and required cyber security experts to become experts in printing.
“Let this be a lesson to SMEs out there,” he said. “An ounce of prevention and cyber hygiene is far more effective and a lot cheaper than the proverbial pound of cure of incident response, rebuilding your systems and reprovisioning your network, not to mention aspects like recovering your clients’ trust.”