COI Report – Part VII Page 337 of 425 42.1.4 Classified information provided by security partners in other countries 975. Gen. Alexander’s view is that the sharing of threat intelligence is a good area for allies to work together, and should be driven by sharing of threat indicators across governments. Dr Lim’s evidence is that there area lot of collaborations at the country level, and that most countries are prepared to share threat intelligence where it does not target a specific sensitive area. 976. CE, CSA’s evidence is that Singapore has memoranda of understanding with several countries to facilitate cooperation in sharing threat intelligence. Such sharing enables a broader view of threats and threat actors. 977. CSA will again distil this threat intelligence into actionable intelligence and share it with CII operators. 42.2 Partnerships with ISPs should be strengthened 978. Dr Lim gave evidence that ISP analytics with national network and DNS data is a valuable tool in Singapore’s multilayered cyber defence capabilities. This capability allows real-time streaming of data where anomalous or malicious activities can be identified. It also goes further to forewarn of imminent threats. This is a capability that should be further studied and developed. 42.3 Defence beyond borders – cross-border and cross-sector partnerships should be strengthened 979. We have covered the sharing of threat intelligence between countries above. In addition to this, partnership between countries can take place on a wider basis, including sharing of best practices, and response to cyber attacks. 980. In addition to government-to-government sharing, sharing can also take place between CII sectors and enterprises both within Singapore and from other jurisdictions. We recommend the continuation of sector-level sharing of best
