Strategic Situation Summary
The May 2026 threat picture is dominated by the immediate aftermath of Operation Epic Fury — the US-Israel joint military campaign against Iran (28 Feb – 5 May 2026) that killed Supreme Leader Khamenei in its opening salvo and triggered massive Iranian retaliation across the Middle East. Iran's continued throttling of the Strait of Hormuz has created a global oil shock and refocused attention on the Strait of Malacca as the next potential chokepoint flashpoint. Singapore's primary near-term security risk remains a coordinated hybrid campaign targeting critical national infrastructure (CNI), social cohesion, and economic confidence simultaneously — but the Iran war has materially raised the probability of spillover effects: energy market disruption (jet fuel prices at record highs), Iranian or proxy retaliation against US-aligned hubs, accelerated radicalisation linked to regional conflict, and intensified cyber and information operations. Six pressing concerns dominate this issue: hybrid cyber-physical attacks on CNI (highlighted by the May 2026 ShinyHunters/Canvas breach affecting 275M records globally); unchecked drone proliferation (Russia targeting 7.3M FPV drone production for 2026) with no published Singapore C-UAS framework; accelerating youth self-radicalisation (8 self-radicalised Singaporeans dealt with under the Internal Security Act (ISA) since July 2024, including a 14-year-old in November 2025); AI-generated disinformation now identified by the Internal Security Department (ISD) as a primary terrorism enabler; biological threats amplified by AI-assisted pathogen design and Changi's transit exposure; and the Strait of Malacca emerging as the world's next contested maritime chokepoint after Hormuz. Immediate action is required on six fronts: stand up a C-UAS Command with detection coverage at Changi, Tuas, and Marina Bay; harden CNI through red-team exercises on PSA International port and Jurong Island and military protection of undersea cable stations; establish a military-ISD counter-radicalisation fusion cell with insider threat wargames; deploy a 24/7 disinformation monitoring cell with deepfake detection capability; develop a joint military-Ministry of Health (MOH) biological response framework with Changi-specific protocols; and lead an Association of Southeast Asian Nations (ASEAN) Malacca security framework before disruption escalates.
under ISA since Jul 2024
May 2026 Canvas breach
Russia for 2026
Operation Epic Fury
(IBM, 2025)
since 2015 (12 in last 5y)
Overall Assessment: The global security environment in May 2026 is defined by the immediate aftermath of Operation Epic Fury (28 Feb – 5 May 2026) — the joint US-Israel campaign against Iran that has reshaped the Middle East, displaced millions, and tightened Iran's hold over the Strait of Hormuz. Convergence across ten threat domains — Cyber, Geopolitical, Biological, Terrorism, Economic, Environment, Military, Information, Social, and Technology — continues to intensify. No single threat operates in isolation. For Singapore as a globally connected city-state and the world's most exposed Strait-of-Malacca-dependent economy, disruption in any one domain — particularly maritime, energy, or information — cascades rapidly across all others.
Multi-Domain Threat Convergence
Traditional security planning addressed threats in silos. The May 2026 threat environment demands a fundamentally different posture: state and non-state actors now combine cyber operations (the ShinyHunters Canvas breach, the largest educational data theft on record, was disclosed only weeks before this issue), disinformation, economic coercion via chokepoint control (Iran's continued throttling of Hormuz has set a precedent that adversaries could replicate at Malacca), autonomous weapons (Russia plans over 7 million FPV drones for 2026 alone), and biological risks in hybrid campaigns designed to stay below the threshold of conventional military response. Singapore's strength as a hub — financial, digital, logistical, diplomatic — is simultaneously its greatest vulnerability. Each domain assessed in this brief should be read not as a standalone risk, but as a node in an interconnected threat network — one that is now operating against the backdrop of an open Middle East war and a contested global maritime order.
Consolidated Threat Assessment
| Threat Domain | Global Level | SG Relevance | Current Readiness | Key Concern |
|---|---|---|---|---|
| Cyber | Critical | Critical | Moderate | Banking, port, and power grid as high-value targets; AI-accelerated attacks |
| Geopolitical | High | High | Moderate | Grey-zone operations; undersea cable sabotage; Strait of Malacca exposure |
| Biological | High | High | Moderate | AI-accelerated bioweapon design; pandemic preparedness gaps post-COVID |
| Terrorism | High | High | Moderate | Self-radicalisation accelerating; youth detentions; VIP targeting risk |
| Economic | High | Critical | Moderate | Supply chain weaponisation; financial sector targeting; trade route dependency |
| Environment | High | High | Developing | Sea-level rise; water dependency on Malaysia; regional resource conflict |
| Military | High | High | Developing | Drone proliferation; no publicised C-UAS framework; PLA capability growth |
| Information | High | High | Emerging | AI disinformation targeting racial/religious fault lines; deepfake surge |
| Social | High | High | Moderate | Youth radicalisation; social cohesion erosion; foreign influence operations |
| Technology | High | Medium | Not Assessed | Autonomous weapons proliferation; GPS jamming; AI weapons race |
Closing Assessment
Singapore enters mid-2026 as one of the world's safest and best-governed nations — ranked second globally for Order and Security by the World Justice Project, and now operating under the second-term Lawrence Wong government formed after the May 2025 general election. However, the global threat environment is evolving faster than any single nation's institutional response capacity. Operation Epic Fury has demonstrated that 21st-century wars now compress strategic shock into weeks, not years — and that chokepoint control (Hormuz today, potentially Malacca tomorrow) is back at the centre of great-power competition. The most significant risk to Singapore is not any one domain, but the convergence of all ten simultaneously: a cyber-physical attack on CNI, accompanied by AI-driven disinformation targeting racial fault lines and amplifying narratives from the Israel-Iran conflict, executed under cover of a drone incursion during a major public event, in the context of broader regional geopolitical tension and Malacca-route disruption. This is no longer a hypothetical scenario — it is the adversarial playbook now playing out in real time. Singapore's readiness must match its ambition.
Impact to Singapore Homeland Security
CNI Protection Posture Lagging Threat Velocity
Singapore's Ministry of Home Affairs (MHA) 2025 security overview confirmed sustained increases in CNI-targeted cyber incidents. Water, energy, financial, and digital infrastructure remain deeply interdependent — a successful attack on any single node cascades across all others within hours, faster than current civilian protection frameworks can respond.
Changi Airport — Converging Multi-Vector Threat Entry Point
A documented security incident at Changi Terminal 4 on 1 January 2026 — in which arriving AirAsia AK721 passengers were briefly co-located with departing passengers in the same boarding-gate holding area — illustrated how rapidly even minor procedural deviations can compromise sterile-area integrity at the world's most-awarded airport. Despite improved ICA detection rates, Changi simultaneously concentrates aviation security, biosecurity screening, immigration enforcement, and drone incursion risk in a single location handling 65+ million passengers annually. Singapore Airlines' May 2026 priority-screening trial at Terminal 3 — a response to global travel disruption from the Hormuz oil shock — adds further differentiation in lane-by-lane risk profiles that silo-based agency frameworks were not optimally configured to manage.
Mass Casualty Risk at High-Profile Public Events
Singapore's Formula 1 Night Race, National Day Parade, Chingay, and major diplomatic summits such as the IISS Shangri-La Dialogue create recurring high-density mass casualty windows. The combination of self-radicalised lone actors, commercially available drones, and AI-generated targeting intelligence represents a qualitatively new threat profile that existing crowd security protocols were not designed to address.
Social Cohesion Under Sustained Information Attack
ISD's 2025 threat assessment identified ongoing regional conflict — including the Israel-Hamas war and, since late February 2026, Operation Epic Fury against Iran — as a significant local radicalisation and social cohesion risk. ISD now explicitly names AI as a terrorism enabler for propaganda translation, synthetic multimedia, personalised recruitment, and attack planning. AI-generated disinformation can manufacture and amplify interracial and interreligious grievances faster than government counter-messaging systems can respond — with POFMA enforcement speed insufficient at AI scale even after the first criminal POFMA prosecution was filed in March 2026.
Self-Radicalised Insider Threat Within Security Services
Eight self-radicalised Singaporeans have been dealt with under the ISA since July 2024, with the youngest yet — a 14-year-old Secondary 3 student issued a Restriction Order in November 2025 — radicalised online by ISIS content from age 12 and aspiring to die as a martyr overseas. Combined with previously documented cases including the 18-year-old national serviceman detained in December 2024, the pattern creates a credible insider threat risk to military bases and government facilities. Self-radicalised individuals generate minimal pre-attack intelligence signatures, making them harder to detect through traditional surveillance methods.
Inter-Agency Coordination Gaps Under Simultaneous Attack
Singapore's Home Team agencies — Singapore Police Force (SPF), Singapore Civil Defence Force (SCDF), Immigration and Checkpoints Authority (ICA), and ISD — are well-coordinated for single-domain incidents. A simultaneous multi-domain attack combining a cyberattack on utilities, a public order incident, and a drone incursion would stress inter-agency command structures in ways that have not been adequately war-gamed at the operational level.
Existing Laws Outpaced by Emerging Threat Vectors
Key statutes governing Singapore's homeland security — the Internal Security Act, the Public Order Act, and the Computer Misuse Act — were not drafted with AI-generated threats, drone weaponisation, or synthetic biology in mind. Legal gaps in prosecuting drone offences, deepfake-based incitement, and AI-assisted attack planning create enforcement vulnerabilities that adversaries can exploit ahead of legislative updates.
Deterrence Calculus Weakened by Grey-Zone Ambiguity
Singapore's deterrence posture — built on credible military capability, strong alliances, and rule of law — is calibrated for state-on-state conflict. Grey-zone hybrid attacks are deliberately designed to fall below the threshold that triggers conventional deterrence responses. The absence of a publicly articulated response framework for sub-threshold attacks risks signalling to adversaries that Singapore's deterrence does not extend to their preferred attack modes.
Public Preparedness for Non-Conventional Threats Insufficient
The SGSecure movement has built commendable community awareness for terrorism response. However, public preparedness for cyber-physical disruptions — extended power outages, water supply interruption, financial system failures — remains limited. In a sustained hybrid attack scenario, an unprepared public becomes a force multiplier for the adversary through panic, misinformation sharing, and erosion of trust in government institutions.
Singapore Relevance: Singapore's homeland security architecture was designed for a threat environment that no longer exists in its original form. The convergence of AI-enabled attacks, autonomous weapons, biological risks, and information warfare demands a fundamental rethink of how homeland security is organised, resourced, and executed across all agencies. The threats are faster, cheaper, more deniable, and more interconnected than at any prior point in Singapore's post-independence security history.
Proposed Recommendations
Establish a Whole-of-Government CNI Protection Command
Create a unified command structure — integrating military, Cyber Security Agency (CSA), SPF, and sector regulators — with authority to mandate and enforce CNI hardening standards across all critical sectors.
- Mandate quarterly red-team exercises across all CNI sectors
- Classify undersea cable landing stations as military-protected assets
- Establish a 24/7 CNI threat fusion centre with military intelligence access
- Develop a CNI attack playbook with pre-authorised response actions
Create an Integrated Changi Airport Security Command
Consolidate aviation security, biosecurity, immigration, and counter-drone functions under a unified Changi security command, eliminating agency coordination seams at Singapore's highest-risk single location.
- Deploy permanent C-UAS detection perimeter around all Changi terminals
- Integrate biosecurity screening with military biological threat protocols
- Establish a joint operations centre co-located with ICA, SPF, and SAF
- Conduct a full multi-vector attack simulation at Changi annually
Revise Mass Event Security Protocols for Drone & AI Threats
Update all mass event security frameworks — Formula 1, National Day Parade, Chingay, diplomatic summits — to account for weaponised drones, AI-assisted targeting, and simultaneous physical and digital attack scenarios.
- Mandate C-UAS deployment at all Tier 1 mass events
- Integrate SIGINT monitoring into all VIP diplomatic event security plans
- Develop AI-assisted crowd threat detection for major public venues
- Establish a dedicated multi-agency mass event crisis command structure
Launch a National Psychological Defence Upgrade Programme
Elevate psychological defence from a community engagement function to a core national security capability, with military-grade resourcing and command accountability under a dedicated centre.
- Stand up a National Psychological Defence Centre (joint MCI–military–ISD)
- Deploy AI deepfake detection tools to all government communicators
- Create pre-approved rapid response narratives for foreseeable disinformation scenarios
- Integrate psychological defence training into all NS and Home Team programmes
Implement an Insider Threat Detection Programme Across Security Services
Establish a systematic, rights-respecting insider threat monitoring programme across military and security service personnel, with particular focus on online radicalisation indicators.
- Deploy behavioural analytics tools for early radicalisation detection
- Establish a confidential peer-reporting channel for flagging concerns
- Conduct annual insider threat wargames simulating a radicalised serviceman scenario
- Integrate mental health support as a primary radicalisation prevention measure
War-Game a Simultaneous Multi-Domain Attack on Singapore
Commission a classified whole-of-government tabletop exercise simulating a coordinated attack combining cyber, physical, biological, and information vectors to identify inter-agency coordination gaps before adversaries exploit them.
- Scenario: simultaneous cyberattack on utilities + drone incursion + disinformation surge
- Involve all Home Team agencies, SAF, MAS, and key CNI operators
- Produce a classified gap assessment and remediation roadmap
- Repeat annually with updated threat scenarios reflecting current intelligence
Update Homeland Security Legislation for Emerging Threat Vectors
Commission an urgent review of all homeland security legislation to identify and close gaps relating to drone weaponisation, AI-generated incitement, deepfake fraud, and synthetic biology threats.
- Introduce specific drone weaponisation offences with deterrent sentencing
- Extend the Computer Misuse Act to cover AI-assisted attack planning
- Create a legal framework for government deepfake takedown authority
- Align biosecurity legislation with military biological threat protocols
Articulate a Public Grey-Zone Deterrence Doctrine
Develop and communicate a clear, credible Singapore response framework for sub-threshold hybrid attacks — closing the deterrence gap that currently signals impunity to adversaries operating below conventional military thresholds.
- Define Singapore's red lines for grey-zone attacks on CNI and social cohesion
- Establish proportionate, attributable response options for each red line
- Communicate the framework publicly to maximise deterrent effect
- Align with Five Power Defence Arrangements partners on collective grey-zone response
Expand SGSecure to Cover Hybrid & Non-Conventional Threat Preparedness
Extend the SGSecure framework beyond terrorism preparedness to equip the public with practical knowledge and behaviours for cyber-physical disruption, disinformation events, and biological emergencies.
- Launch public training modules on cyber hygiene, disinformation identification, and emergency preparedness
- Establish community emergency supply caches for extended disruption scenarios
- Create a National Resilience Score as a measurable public security metric
- Embed homeland resilience curriculum into all secondary school National Education programmes
Cyber Threats & Digital Infrastructure
ShinyHunters Canvas Breach — Largest Educational Hack on Record
The May 2026 ShinyHunters compromise of Instructure's Canvas learning management system exposed approximately 275 million records across 8,809 educational institutions in the US, UK, Canada, Australia, NZ and Europe — including names, email addresses, student IDs and private student-teacher messages. Instructure paid an undisclosed ransom and announced settlement on 11 May. The same threat group also breached Cushman & Wakefield (500,000+ Salesforce records) and NVIDIA's GeForce NOW partner in Armenia in the same month — illustrating how single threat groups now operate across education, real estate, and tech simultaneously.
Jaguar Land Rover — £1.9B Ransomware
The most economically damaging cyber incident in UK history. Ransomware halted production for five weeks, affecting 5,000+ supply chain businesses across multiple countries — illustrating how attacks on private industry create national-level economic damage.
Ransomware Industrialisation — 57 New Groups in 2025
Cyble recorded nearly 6,500 ransomware incidents in 2025 — a 47% rise over the prior two years — alongside 57 new ransomware groups, 27 new extortion groups, and over 350 new strains. The market has shifted from a few mega-syndicates to many smaller, agile crews sharing codebases and infrastructure. In March 2026 alone, medical technology firm Stryker was hit by an Iran-aligned hacktivist group, with employees reportedly watching computers wiped in real time.
AI-Enabled Phishing Up 400% in Effectiveness
AI-generated phishing has surged 400% in effectiveness, with AI-crafted emails achieving a 54% click-through rate versus 12% for traditional attempts. Over 82% of phishing emails now use AI in some form. Global organisations experienced an average of 1,925 cyber incidents per week in Q1 2025, a 47% year-on-year rise; the education sector faced 4,484 weekly attacks on average.
Third-Party & SaaS Ecosystem Exposure
The 2025 SalesLoft OAuth supply chain breach compromised TransUnion, Qantas, Google, Chanel, and Workday via trusted SaaS integrations. The 2026 Canvas breach further illustrated how a single SaaS provider's compromise cascades across thousands of institutions globally. Modern organisations remain deeply exposed through cloud platforms, supplier ecosystems, and shared digital infrastructure.
Banking Cyberattacks Up 280%
Banking sector cyberattacks surged 280% in 2025. With Singapore as Asia's premier financial hub, MAS-regulated institutions, payment infrastructure, and the Singapore Exchange represent high-value targets for both state-sponsored and criminal actors.
Singapore Relevance: As Asia's premier financial and data centre hub, Singapore presents one of the highest-value cyber targets in the region. A successful attack on MAS-connected banking infrastructure, Singtel's communications backbone, PSA port systems, or the national power grid would have cascading regional consequences and undermine trust in Singapore as a safe operating environment.
Proposed Recommendations
Harden CNI Against Cyber-Physical Attack
The convergence of cyber and physical threats to CNI demands a coordinated whole-of-government hardening programme for financial, port, and energy systems.
- War-game cyber-physical attack scenarios on PSA International port and Jurong Island
- Establish redundant military communications independent of civilian ISPs
- Protect undersea cable landing stations as defence-grade assets
- Mandate quarterly CNI penetration testing with military red teams
Build AI-Driven Military Intelligence & Quantum-Ready Cryptography
The proliferation of AI in adversary operations and the approaching quantum decryption threat require Singapore to build AI-powered intelligence capability and transition to post-quantum cryptography now.
- Establish an AI Intelligence Centre modelled on US Maven Smart System
- Begin transition of classified military communications to post-quantum encryption
- Train military intelligence officers in AI threat analysis and deepfake detection
- Partner with DSO National Laboratories to develop bespoke OSINT AI tools
Geopolitical Tensions & Grey-Zone Threats
Operation Epic Fury — US–Israel War with Iran
Operation Epic Fury (28 Feb – 5 May 2026) was the joint US-Israeli military campaign against Iran. The opening salvo killed Supreme Leader Ali Khamenei and triggered hundreds of Iranian ballistic missiles and thousands of drones across the Middle East. Casualties of around 1,100 in Iran (including senior commanders and nuclear scientists) and dozens in Israel are publicly reported, with millions displaced across Iran, Lebanon, Israel and the Gulf. The war has reset deterrence calculus globally, validated chokepoint coercion as a strategic tool, and established the precedent that supreme leadership of nuclear-threshold states is now an in-bounds target.
Hormuz Blockade — 21 Million Barrels/Day at Risk
Iran's continued throttling of the Strait of Hormuz — through which approximately 21 million barrels of oil per day (roughly 21% of global petroleum consumption) transit — has created the most severe global energy shock in decades. Saudi Arabia, the UAE, Qatar, Kuwait and Iraq face restricted sea access; jet fuel prices have hit record highs; and Singapore Airlines launched a priority-screening trial at Changi T3 on 10 May 2026 in part to manage the cascade of global travel disruption. The blockade has set a precedent that Beijing and other powers are studying closely.
Malacca as the Next Chokepoint Flashpoint
Roughly 440 commercial vessels transit the Strait of Malacca daily, with about a third of global trade and over a quarter of the world's seaborne oil passing through. Post-Hormuz, regional analysts and ASEAN officials have warned publicly (May 2026) of plans to disrupt Malacca. The April 2026 US-Indonesia "major defence cooperation partnership" gives Washington enhanced access to Indonesian airspace adjacent to the strait, raising the stakes if Beijing perceives encirclement intent in any Taiwan or South China Sea contingency.
151 Russian Sabotage Incidents in Europe
Between February 2022 and February 2026, 151 confirmed Russian-sponsored sabotage incidents were recorded across Europe — including arson, explosive parcels, undersea cable damage, and assassination plots — using proxy criminal networks for deniability. Damage to undersea internet cables across the Baltic and North Seas continued through 2025. Singapore sits at the junction of major undersea cable routes connecting Europe, the Middle East, and Asia-Pacific.
Axis of Technology Sharing — Now War-Tested
Iran, Russia, China, and North Korea continue to share military technologies — ballistic missiles, drones, and cyber tools. Operation Epic Fury has provided unprecedented operational data on Iranian missile and drone performance under sustained Western targeting; that data is now flowing to Beijing and Pyongyang. This technology-sharing axis accelerates proliferation of advanced, combat-validated capabilities to state and proxy actors across the Indo-Pacific.
Decapitation Strikes Normalised as a Tool
The targeted killing of Iran's Supreme Leader in February 2026, the assassination attempts on heads of state (Somalia, 2025), attacks on diplomatic staff (Israeli Embassy, Washington DC, 2025), and dissident-targeting on European soil (France, 2025) collectively demonstrate that state-backed decapitation and targeting cells are operationally active in peacetime environments — and that retaliation patterns are increasingly unpredictable. This is directly relevant to Singapore's role as a summit host (IISS Shangri-La Dialogue, ASEAN, regional bilaterals).
Singapore Relevance: Operation Epic Fury has demonstrated three things that directly affect Singapore: chokepoint coercion now works as a strategic tool; decapitation strikes against senior state leadership are within the new norm; and global energy and shipping disruption can be imposed by one regional actor against a global system. Singapore's undersea internet cables, the Strait of Malacca, and cross-border infrastructure with Malaysia and Indonesia are potential targets in any regional escalation. Singapore's role as a neutral financial hub could be deliberately targeted by state actors seeking to disrupt Western access to regional markets or pressure Singapore's foreign policy alignment with the US, which deepened materially through the April 2026 Indonesia defence partnership.
Proposed Recommendations
Strengthen Strait of Malacca Surveillance & Rapid Response
The Strait of Malacca handles 40% of global trade. Grey-zone provocations or proxy sabotage of shipping would severely impact Singapore's economic lifeline and trigger regional escalation.
- Expand maritime patrol drone coverage across the Malacca and Singapore Straits
- Establish a trilateral rapid response protocol with Malaysia and Indonesia
- Invest in undersea sensor networks to detect submarine and diver incursions
- War-game a simulated tanker sabotage scenario with RSN and RSAF
Upgrade VIP & Diplomatic Event Security Protocols
Given the global pattern of state-sponsored assassination plots, Singapore's role as a summit host city makes diplomatic event security a front-line military concern.
- Integrate C-UAS perimeter at Shangri-La Dialogue and all ASEAN events
- Establish dedicated SIGINT monitoring during all high-profile diplomatic events
- Develop rapid-response protocols for assassination threat intelligence
- Conduct annual tabletop exercises simulating VIP attack scenarios
Biological Threats & Health Security
AI Lowers Barrier to Bioweapon Design
AI-powered protein folding models and generative biology tools have dramatically reduced the expertise required to design dangerous pathogens. Security researchers have demonstrated that large language models can provide meaningful uplift to individuals attempting to synthesise novel biological agents — a watershed threat development.
HMPV & Novel Respiratory Outbreaks
Human Metapneumovirus (HMPV) surges in China and Southeast Asia in early 2025 highlighted ongoing pandemic preparedness gaps. WHO's alert systems detected multiple novel respiratory pathogen clusters in 2025, underlining that the post-COVID risk environment remains elevated, particularly for densely populated transit hubs like Singapore.
Alleged State Bioweapon Programmes
Multiple intelligence assessments in 2025 flagged concern over undeclared biological weapons research in Russia, China, and North Korea. The Biological Weapons Convention (BWC) lacks a robust verification mechanism, leaving significant uncertainty about the true state of state-level bioweapon stockpiles.
Airport as Pathogen Amplifier
Changi Airport's status as one of the world's busiest transit hubs — handling 65+ million passengers annually — creates a structural vulnerability for rapid pathogen dissemination. A deliberately or naturally introduced infectious agent could spread globally within 24–48 hours before detection.
Food Supply Chain Vulnerability
Singapore imports over 90% of its food. A deliberate or accidental introduction of agricultural pathogens into regional food supply chains — targeting livestock or staple crops in Malaysia, Indonesia, or Thailand — could rapidly trigger food security crises with no domestic buffer.
Gain-of-Function Research Risks
International debate over gain-of-function research — which deliberately enhances pathogen transmissibility or virulence — remains unresolved. Laboratory accidents at BSL-3/4 facilities in the region pose low-probability but catastrophic consequence risks that current international frameworks are inadequate to prevent.
Singapore Relevance: Singapore's open borders, dense urban population, world-class healthcare system, and role as a regional pharmaceutical and biomedical hub make biological threats a tier-one security concern. The COVID-19 experience demonstrated Singapore's capacity to respond rapidly — but also revealed dependencies on global supply chains for PPE, vaccines, and critical medical equipment that adversaries could exploit in a deliberate attack scenario.
Proposed Recommendations
Develop a Military Biological Threat Response Framework
AI-accelerated bioweapon design and Singapore's exposure as a global transit hub require a dedicated military biological security capability beyond existing civilian health response systems.
- Establish a joint military-Ministry of Health (MOH) biological threat intelligence cell
- Develop military protocols for airport and port bio-screening during elevated alert
- Stockpile military-grade PPE and medical countermeasures independent of civilian supply chains
- War-game a deliberate biological release scenario at Changi Airport
Strengthen Regional Biosurveillance & Early Warning
Singapore's exposure as a transit hub demands proactive regional biosurveillance partnerships to detect natural or deliberate outbreaks before they reach Singapore's borders.
- Establish bilateral biosurveillance data-sharing agreements with ASEAN partners
- Integrate WHO alert feeds into military threat assessment cycles
- Fund BSL-3 capacity and dual-use research oversight in regional partner states
- Develop a rapid border closure protocol that preserves economic function
Terrorism & Political Violence
Youngest ISA Case Yet — 14-Year-Old in Nov 2025
A 14-year-old Secondary 3 student was issued a Restriction Order under the ISA in November 2025, having self-radicalised online from age 12 after exposure to ISIS battlefield videos. He aspired to travel overseas to fight and die as a martyr. He sits alongside earlier 2025 cases involving Singaporeans aged 15, 17, 18, and 30, plus a 56-year-old housewife — illustrating that radicalisation now reaches across age groups and gender, with the digital-native cohort detected younger than ever before.
8 Self-Radicalised Singaporeans Under ISA Since July 2024
Eight self-radicalised Singaporeans have been dealt with under the ISA since July 2024. ISD's 2025–2026 assessments now formally identify AI as a terrorism enabler — for generating and translating propaganda, producing synthetic multimedia, creating personalised recruitment messages at scale, and assisting attack planning. The exposure-to-radicalisation timeline has compressed from years to weeks.
17 Youths (≤20) Dealt with Under ISA Since 2015
Seventeen youths aged 20 or younger have been dealt with under the ISA since 2015 — more than two-thirds (12) in the last five years. Nine intended to mount local attacks, three within the past year alone, some with extensive preparations using simple and accessible weapons. ISD assesses youths as particularly vulnerable due to their status as digital natives, susceptibility to emotive narratives, and idolisation of extremist personalities.
Western Terrorism Fatalities Up 280%
Western terrorism fatalities rose sharply by 280% to 57 in 2025, largely driven by antisemitism, Islamophobia, and political terrorism. Lone-wolf attacks accounted for 93% of all fatal attacks in the West over the same period — a trend driven by online radicalisation. The Operation Epic Fury aftermath is expected to amplify both Islamist and anti-Muslim attack narratives globally through 2026.
JI Remnants & IS Affiliates Still Operational
Jemaah Islamiyah remnants and Islamic State affiliates continue to operate in the region. Islamic State Khorasan Province (ISKP) remains highly active online with propaganda in 14 languages. In 2016, a planned rocket attack on Marina Bay Sands from Batam (18km away) was foiled — this attack vector remains relevant, with maritime drones and FPV systems now expanding the technical envelope of what is possible from the same Batam–Bintan arc.
Growing Far-Right Threat in Singapore Context
Singapore's ISD is increasingly monitoring far-right extremism. In early 2025, a 17-year-old Singaporean was detained after being radicalised by far-right ideologies and had taken preparatory steps toward attacks on mosques — the first such case in Singapore involving youth and far-right ideology.
Singapore Relevance: Singapore regularly hosts heads of state, international summits (IISS Shangri-La Dialogue, ASEAN), and foreign dignitaries. The convergence of AI-enabled radicalisation, a younger radicalised demographic, and growing far-right extremism alongside Islamist threats creates a complex, multi-vector terrorism landscape that demands continuous adaptation of detection and response capabilities.
Proposed Recommendations
Expand Counter-Radicalisation Integration with Military Intelligence
The acceleration of youth radicalisation — including three 14-year-olds in two years — requires military intelligence to deepen collaboration with ISD and digital platform monitoring.
- Embed psychological operations officers in ISD's online monitoring units
- Create a military-ISD fusion cell for tracking AI-generated extremist content
- Develop NS programme modules on identifying and reporting radicalised peers
- Conduct annual wargames simulating a self-radicalised insider attack on a military base
Develop a Far-Right Extremism Counter-Strategy
The emergence of far-right radicalisation among Singaporean youth requires a dedicated counter-strategy distinct from the existing Islamist extremism framework.
- Train ISD and military intelligence analysts in far-right ideology detection
- Develop community intervention programmes targeting at-risk youth demographics
- Monitor far-right online platforms and gaming environments for Singapore-nexus activity
- Establish information-sharing protocols with allied intelligence services on far-right networks
Economic Security & Financial Threats
Hormuz Blockade — Record Jet Fuel and Bunker Prices
Iran's continued restriction of the Strait of Hormuz post-Operation Epic Fury has driven jet fuel and crude prices to record levels and is reshaping global aviation economics. Saudi Arabia, the UAE, Qatar, Kuwait and Iraq face restricted sea access; Singapore Airlines launched a Terminal 3 priority-screening trial on 10 May 2026 as one of several adjustments to global travel disruption. Singapore — the world's largest bunkering port and a major aviation hub — faces direct margin pressure and indirect demand-side risk if Asian growth slows.
Economic Coercion as Strategic Tool
States increasingly exploit economic linkages — export controls, sanctions, trade restrictions, and now chokepoint coercion — as instruments of geopolitical coercion. Singapore's role as a global transshipment and financial hub makes it susceptible to being caught between competing economic blocs, particularly in US-China technology decoupling and any Malacca-related contingency.
Business Email Compromise — $2.77B in US Losses
BEC attacks resulted in $2.77 billion in reported US losses in 2024. Singapore's concentration of regional HQs and high-value financial transactions makes it a prime target. AI now enables BEC campaigns to impersonate CFOs and executives with voice-cloning accuracy that defeats traditional verification methods.
PSA Port — World's Second Busiest
Singapore's PSA port handles over 37 million TEUs annually. Any sustained disruption — through cyber-physical attack, labour action, environmental event, or grey-zone sabotage — would cascade across global supply chains and directly threaten Singapore's GDP, 30% of which is linked to trade. The Hormuz precedent has materially raised the Malacca disruption risk premium in regional shipping insurance markets.
MAS-Regulated Institutions Under Sustained Attack
Sustained cyberattacks on financial infrastructure — including banking system APIs, SWIFT messaging, and interbank clearing systems — represent a systemic risk. A successful attack on Singapore's financial clearing infrastructure could trigger regional contagion affecting currency stability and investor confidence.
100% Energy Import Dependency — Sharpened by Hormuz
Singapore imports nearly all its energy, predominantly via undersea pipelines from Malaysia and Indonesia and LNG from global markets — including significant volumes that have historically transited Hormuz. The May 2026 oil shock has stress-tested storage, hedging, and reserve mechanisms in real time; any further escalation in Iran or a corresponding Malacca-route incident would compound exposure simultaneously on the supply and the transport side.
Singapore Relevance: Singapore's economic security is inseparable from its national security. A sustained attack on financial infrastructure, a prolonged port disruption, or being caught in the crossfire of US-China economic decoupling could trigger effects more damaging than a conventional military threat. Economic warfare requires military-level strategic planning and response coordination.
Proposed Recommendations
Integrate Economic Security into National Defence Planning
Supply chain weaponisation, financial sector targeting, and energy dependency represent security threats requiring military-level strategic planning and inter-agency coordination.
- Establish a military-MAS-MTI economic security fusion cell
- Develop military contingency plans for sustained port or financial system disruption
- War-game a simultaneous port cyberattack and financial disinformation scenario
- Map critical supply chain dependencies and develop military-escorted resupply protocols
Reduce Strategic Energy & Food Import Dependency
Singapore's 100% energy import dependency and 90%+ food import dependency are exploitable pressure points. Military planning must account for deliberate supply disruption scenarios.
- Develop military logistics plans for energy supply disruption lasting 30+ days
- Establish strategic food reserves with military-managed distribution protocols
- Diversify energy import routes and accelerate domestic solar and hydrogen capacity
- Classify energy pipeline infrastructure with Malaysia as a protected military asset
Environmental Security & Climate Risks
Sea-Level Rise — Up to 1 Metre by 2100
Singapore faces projected sea-level rise of 0.4 to 1 metre by 2100 under current trajectories — threatening coastal infrastructure, military installations, the airport, and low-lying districts. The government has committed SGD 100 billion over 100 years to coastal protection, but execution timelines remain a strategic vulnerability.
Malaysia Water Dependency — Strategic Vulnerability
Despite significant investment in NEWater and desalination, Singapore remains partially dependent on water imports from Johor, Malaysia. Any deterioration in bilateral relations, extended drought, or deliberate infrastructure sabotage targeting water pipelines represents a critical national security risk.
Extreme Heat Threatening Operational Readiness
Singapore's mean temperature has risen 0.25°C per decade since 1948 — faster than the global average. Extreme heat events are projected to increase in frequency and duration, with direct implications for military training safety, personnel endurance, and operational tempo in the region.
Regional Water & Food Stress Driving Instability
Climate-driven food and water stress across Southeast Asia — including drought in the Mekong Delta, coral bleaching affecting fisheries, and deforestation driving flood events — is increasing displacement, social unrest, and potential for inter-state friction over shared resources.
Transboundary Haze — Recurring Security Impact
Annual haze events from land burning in Sumatra and Kalimantan degrade air quality, affect military training and aviation operations, and strain bilateral relations with Indonesia. Climate change is extending the fire season and increasing the severity of haze episodes across the region.
Regional Climate Displacement Creating Instability
World Bank projections estimate 216 million internal climate migrants globally by 2050, with Southeast Asia among the most affected regions. Climate-driven displacement from Bangladesh, Vietnam's Mekong Delta, and Indonesia's coastal cities could trigger regional mass migration events affecting Singapore's border security.
Singapore Relevance: Environmental threats are long-fuse but high-consequence risks that are already manifesting. Climate security should be integrated into military planning — from coastal base protection and heat management in training, to contingency planning for regional climate-driven instability and mass displacement events that could trigger border security and humanitarian response requirements.
Proposed Recommendations
Integrate Climate Security into Military Operational Planning
Sea-level rise, extreme heat, and regional climate instability require integration into base planning, training protocols, and regional contingency scenarios.
- Audit all military installations for sea-level rise vulnerability by 2027
- Revise training protocols to account for extreme heat operational limits
- Develop HADR surge capacity for climate-driven regional events
- Engage regional partners on climate-driven mass displacement contingency planning
Build Military Capacity for Climate-Driven Regional Instability
Projected climate displacement of hundreds of millions in Southeast Asia by 2050 will create mass migration, resource conflicts, and state fragility that Singapore's military must be prepared to respond to.
- Develop border security surge protocols for large-scale displacement events
- Build HADR partnerships with ASEAN nations ahead of projected climate crises
- Plan military base relocations away from low-lying coastal areas
- Establish a Singapore climate-security research programme within MINDEF
Military Threats & Autonomous Weapons
Russia Targeting 7.3 Million FPV Drones in 2026
On 8 May 2026, Ukrainian Commander-in-Chief Oleksandr Syrsky disclosed that Russia plans to manufacture 7.3 million FPV drones and 7.8 million UAV warheads in 2026 — a scale of mass-produced autonomous weaponry without historical precedent. Russia is also expanding strike-drone units, including jet-powered systems, and dedicated counter-Ukrainian-drone formations.
Ukraine Conducts 357,000 Drone Strike Missions in One Month
Ukrainian drone systems carried out nearly 357,000 combat missions in April 2026, striking over 160,000 targets — a 2% increase from March. Drones now perform more than 60% of battlefield logistics including casualty evacuation and mine-laying. In March 2026 Ukraine launched roughly 7,000 drones into Russia — exceeding Russian inbound volumes for the first time — and forced Moscow to cancel heavy weapons displays at the 9 May Victory Day parade for the first time in nearly two decades.
200-Drone Swarm — Single Operator
A broadcast by the PLA's National University of Defence Technology showed one soldier directing a formation of 200 autonomous drones simultaneously. The Pentagon has expressed concern about matching China's manufacturing dominance of autonomous weapons systems at scale. China has launched a programme to field one million tactical UAS by end-2026 and continues to control approximately 90% of the global civilian drone market.
469 Armed Groups Now Deploying Drones
As of 2025, 469 non-state armed groups — including insurgents, militias, gangs, and cartels — have deployed drones in attacks at least once in the past five years, with 58 doing so for the first time in 2025. Drone use spans 17 countries including Myanmar, Mexico, Colombia, and Syria. Iranian retaliation during Operation Epic Fury further demonstrated the scale at which proxy networks can deploy drones simultaneously across multiple theatres.
GPS Jamming & Orbital Weapons
Russia has conducted GPS jamming attacks against UK space assets, and the US accused Russia of deploying a likely space weapon in September 2025. Singapore's port, aviation, and financial systems rely heavily on GPS and satellite communications — an under-assessed and under-protected vulnerability that the Hormuz disruption has now elevated in regional risk planning.
$70 Billion Drone Investment Proposed
The Pentagon has proposed $70 billion for military drones and counter-drone systems in FY2027 — its largest ever investment in autonomous systems — signalling that major powers have accepted drone-centric warfare as the dominant mode of future conflict.
Singapore Relevance: Changi Airport, PSA port, and public gathering spaces are uniquely vulnerable to rogue drone incursions. Commercial drone availability means lone actors or state proxies could conduct surveillance, harassment, or weaponised strikes with minimal technical barrier. Singapore currently has no publicised counter-UAS (C-UAS) framework equivalent to those being developed by the US, UK, and Israel.
Proposed Recommendations
Establish a Dedicated Counter-UAS Command
With 469 non-state groups now operating armed drones and Changi Airport as a high-value target, there is an urgent need for a joint military-police counter-drone capability.
- Deploy drone detection networks around Changi, Tuas, and Marina Bay
- Establish rules of engagement for drone intercept in civilian airspace
- Fast-track procurement of electronic jamming and kinetic C-UAS systems
- Conduct regular C-UAS exercises jointly with SPF and SCDF
Accelerate Autonomous Systems Integration into Military Doctrine
The battlefield lessons from Ukraine are unambiguous: forces that integrate autonomous systems into combined-arms doctrine hold decisive operational advantages. Singapore cannot afford to be a late adopter.
- Expand drone fleet for maritime and border surveillance operations
- Introduce autonomous ground systems for perimeter security at key installations
- Develop AI targeting protocols compliant with international humanitarian law
- Invest in drone swarm simulation training for all infantry battalions
Information Warfare & Disinformation
Deepfake Incidents Up 2,137% Since 2022
Deepfake incidents increased 2,137% between 2022 and 2025. In Q1 2025 alone, 179 deepfake incidents were recorded — surpassing all of 2024. Four in five people cannot reliably identify deepfake content, creating a profound vulnerability to identity fraud, impersonation of officials, and manufactured crisis events.
Russia & China Using AI for Influence Operations
Microsoft documented over 200 instances of AI-generated fake content from Russian and Chinese state actors in July 2025 alone — more than double the previous year's figures. Nation-states are deploying AI to manufacture and amplify disinformation at machine speed across all major platforms.
$25M Lost to Deepfake CEO Fraud
In a 2024 Hong Kong incident, a finance firm lost $25 million after AI was used to generate a deepfake video call impersonating the company's CFO. This marks the entry of deepfake technology into high-value corporate fraud — a direct threat to Singapore's financial sector and regional headquarters concentration.
AI Disinformation Targeting Racial & Religious Fault Lines
Singapore's multiracial, multi-religious society makes it a particularly attractive target for AI-generated disinformation designed to inflame racial or religious tensions. The Israel-Hamas conflict and now Operation Epic Fury (Feb–May 2026) have generated waves of disinformation targeting Muslim, Jewish, and broader communities in Singapore, requiring active government counter-messaging. ISD has formally classified AI as a terrorism enabler for personalised recruitment and synthetic propaganda.
Existing Legal Frameworks Outpaced by AI Scale
Singapore's Protection from Online Falsehoods and Manipulation Act (POFMA) saw its first criminal prosecution in March 2026 — almost seven years after the Act came into force. POFMA was designed for an era of human-generated disinformation; AI-generated content at scale (capable of producing thousands of tailored false narratives per hour) exceeds the detection and response capacity of current legal and institutional frameworks. The UK Electoral Commission launched a dedicated deepfake-detection pilot ahead of its 7 May 2026 elections — a model Singapore should study.
AI Deepfakes Targeting Political Figures
Deepfake-driven fraud caused over $200 million in financial losses in Q1 2025 alone. Election-period deepfakes have featured in Romania (May 2025), Ireland (2025), Canada (April 2025), Moldova, and Poland — and US 2026 midterm campaigns have already openly deployed AI-generated content (e.g. NRSC video of a Texas Senate candidate). Singapore's PAP secured 87 of 97 seats under PM Lawrence Wong in the May 2025 general election; the next electoral cycle will play out in a materially more AI-saturated information environment.
Singapore Relevance: Information warfare is a direct threat to Singapore's social fabric. A well-timed disinformation campaign targeting interracial or interreligious tensions — amplified by AI at machine speed — could undermine decades of social cohesion work and compromise the unity that underpins Singapore's security posture. Psychological defence must be treated as a core military capability, not a secondary communications function.
Proposed Recommendations
Build Rapid-Response Capability Against AI Disinformation
AI-generated disinformation targeting Singapore's multiracial society can spread faster than current institutional response capacity. Military psychological defence must be modernised accordingly.
- Establish a 24/7 military information operations monitoring cell
- Deploy deepfake detection tools to government communications teams
- Develop pre-approved rapid response narratives for foreseeable disinformation scenarios
- Conduct inter-agency disinformation crisis exercises twice yearly
Develop a Whole-of-Government Counter-Influence Operations Framework
State-sponsored influence operations by Russia, China, and Iran require a coordinated Singapore response capability that spans military, intelligence, diplomatic, and communications agencies.
- Establish an inter-agency foreign influence operations task force
- Develop attribution capability for AI-generated foreign disinformation campaigns
- Build offensive and defensive information operations doctrine within MINDEF
- Align with Five Power Defence Arrangements partners on information warfare protocols
Emerging Technologies & Future Threats
50,000–100,000 Humanoid Robots Shipping in 2026
Goldman Sachs projects 50,000 to 100,000 humanoid robots will ship globally in 2026, with manufacturing, logistics, and security applications leading adoption. Manufacturing costs declined 40% year-on-year, with some models now priced below $10,000 — accelerating mass deployment timelines significantly.
Fully Autonomous Lethal Systems — No Human Override
Multiple nations — including the US, China, Russia, Israel, and South Korea — are developing or deploying autonomous lethal weapons systems that can identify and engage targets without human authorisation. No binding international treaty regulates their use. The proliferation of these systems to non-state actors is a near-term risk.
Quantum Decryption Threatens Current Encryption
Quantum computers capable of breaking current encryption standards (RSA-2048) are projected to be achievable within 5–10 years. State actors are already harvesting encrypted communications now for future decryption — a "harvest now, decrypt later" strategy that threatens any sensitive communications transmitted today.
AI Accelerating Conflict Timelines Beyond Human Response
AI-enabled military systems are compressing conflict timelines from days to minutes. Autonomous cyber-attacks, AI-directed drone swarms, and machine-speed financial warfare may exceed human decision-making capacity — raising the risk of unintended escalation driven by algorithmic miscalculation rather than human intent.
Laser & Microwave Weapons Entering Operational Use
Directed energy weapons — including high-energy lasers and high-power microwave systems — are entering operational deployment by the US, China, and Israel for drone interdiction. These systems offer cost-effective counter-drone capability but also pose new threats to sensors, communications, and personnel in contested environments.
CRISPR & Synthetic Biology as Dual-Use Technologies
Advances in CRISPR gene editing and synthetic biology are democratising the ability to engineer organisms — for beneficial medical purposes, but also for harmful applications. The convergence of AI-assisted protein design with synthetic biology tools is lowering the technical barrier to engineering novel pathogens to dangerous new levels.
Singapore Relevance: Singapore's status as a technology hub and R&D centre makes it both a target for technology theft and a potential early adopter of emerging security technologies. The military must actively monitor the trajectory of quantum computing, directed energy, autonomous systems, and synthetic biology — and build doctrine and countermeasures ahead of widespread adversarial deployment, not in response to it.
Proposed Recommendations
Establish a Space & GPS Resilience Programme
Russian GPS jamming of European assets and the militarisation of orbital space represent emerging threats to Singapore's GPS-dependent port, aviation, and financial infrastructure.
- Audit Singapore's dependency on GPS across all critical sectors
- Invest in terrestrial backup navigation and timing systems
- Pursue satellite communication redundancy through allied partnerships
- Engage Five Power Defence Arrangements partners on space security doctrine
Monitor & Counter Emerging Weapons Technologies
Autonomous lethal systems, directed energy weapons, quantum computing, and synthetic biology are transitioning from laboratory to battlefield. Singapore must build doctrine and countermeasures ahead of adversarial deployment.
- Establish a MINDEF emerging technology threat assessment unit
- Engage international partners on autonomous weapons governance frameworks
- Invest in directed energy counter-drone capability research
- Monitor quantum computing developments and their implications for current encryption
Social Cohesion & Community Threats
Radicalisation Getting Younger — 14-Year-Olds Detained
ISD has dealt with 17 youths aged 20 or below under the ISA since 2015 — more than two-thirds in the last five years. The youngest are three 14-year-olds over the past two years. Radicalisation is increasingly occurring on gaming platforms, where youths simulate terrorist attacks and role-play as extremists.
Youth Terror Investigations Risen 3× Since 2021
Youth terrorism investigations have risen threefold since 2021 globally. Lone-wolf attacks accounted for 93% of all fatal attacks in the West. The accessibility of extremist content online, combined with social isolation and AI-personalised radicalisation pipelines, is accelerating this trend across all demographics.
Israel-Hamas Conflict as Local Radicalisation Catalyst
The Israel-Hamas conflict was identified by ISD as a significant local radicalisation driver in 2025 — with five of the ten ISA orders issued in 2025 linked to individuals influenced by the conflict. Singapore's diverse Muslim, Christian, and Jewish communities require careful social management during sustained Middle East crises.
Foreign Actor Exploitation of Social Divisions
State and non-state foreign actors are actively probing Singapore's social landscape for fault lines to exploit. Platforms amplify divisive content, and foreign-funded influencer networks have been documented attempting to shape Singaporean public opinion on sensitive political and racial issues.
Post-COVID Mental Health Crisis Fuelling Vulnerability
Elevated rates of anxiety, depression, and social isolation — particularly among youth post-COVID — are creating a larger pool of vulnerable individuals susceptible to radicalisation and exploitation by extremist groups. Mental health infrastructure and community support networks are an underappreciated counterterrorism tool.
Self-Radicalised Insider Risk to Military Installations
The majority of recent Singapore ISA cases involve self-radicalised individuals with no prior extremist network ties — making them harder to detect through traditional surveillance. The risk of a radicalised national serviceman or defence contractor represents a qualitatively different insider threat profile than prior generations.
Singapore Relevance: Social cohesion is the bedrock of Singapore's security — a fragmented society cannot mount an effective collective defence. The convergence of youth radicalisation, AI-accelerated disinformation, geopolitical spillover, and foreign influence operations creates a multi-vector threat to the social unity that Singapore's deterrence posture depends on. Counter-radicalisation must be treated as a national security priority, not merely a community welfare issue.
Proposed Recommendations
Build Societal Resilience as a Core Military Capability
Social cohesion is the foundation of Singapore's deterrence posture. Psychological defence must be elevated to a primary military function with dedicated resourcing and command accountability.
Counter Foreign Influence Operations Targeting Singapore's Communities
Foreign actors are actively probing Singapore's social landscape for exploitable fault lines. A coordinated military and intelligence response is required to detect and neutralise these operations before they achieve social effect.