The National Simulated Scams Exercise and the Evolution of Total Defence in Singapore (2026)

by | Feb 1, 2026 | Uncategorized | 0 comments

Title:
Simulating Resilience: The National Simulated Scams Exercise and the Evolution of Total Defence in Singapore (2026)

Abstract

This paper examines the inaugural National Simulated Scams Exercise (NSSE) 2026, a pivotal component of Exercise SG Ready 2026 under Singapore’s Total Defence framework. Launched on February 1, 2026, and coordinated by the Cyber Security Agency of Singapore (CSA), the six-month-long NSSE represents a paradigm shift in national cybersecurity education, leveraging controlled, real-world simulations to prepare citizens against impersonation scams—particularly those involving government officials. The exercise reflects a strategic evolution in Total Defence, adapting to emerging cyber threats that increasingly target societal trust and digital infrastructure. Drawing on policy analysis, stakeholder interviews, and scenario modeling, this paper argues that the NSSE exemplifies a proactive, community-based approach to cyber resilience. It also situates the exercise within broader geopolitical and technological trends, including the rise of artificial intelligence (AI)-enabled social engineering and the 2025 cyberattacks on Singapore’s critical infrastructure. The study concludes with recommendations for scaling such simulations regionally and institutionalizing public-private-citizen collaboration in national resilience planning.

Keywords: Cybersecurity, Digital Defence, Total Defence, Scam Prevention, Public Awareness, Simulated Exercise, Singapore, Cyber Resilience

  1. Introduction

In the 21st century, national security is no longer confined to traditional military threats. With over 90% of Singapore’s population connected to the internet and essential services increasingly digitized, cybercrime has become a critical national risk. In 2025 alone, Singapore recorded S$483 million lost to scams, a 23% increase from the previous year, with government impersonation scams ranking among the most prevalent and costly (Singapore Police Force, 2025). These scams exploit public trust in institutions, leveraging psychological manipulation rather than technical intrusion.

In response, the Singapore government launched the National Simulated Scams Exercise (NSSE) 2026, running from March 1 to August 31, as a core component of Exercise SG Ready 2026, itself embedded in the nation’s Total Defence (TD) initiative. For the first time, citizens were invited to voluntarily participate in a government-led simulation that exposed them to realistic scam tactics—specifically automated robocalls impersonating officials—in a safe and educational environment.

This paper analyzes the NSSE 2026 within the theoretical and practical framework of Total Defence, a nationally unique model that emphasizes collective responsibility across military, civil, economic, social, psychological, digital, and civil defence domains. It explores how the NSSE operationalizes Digital Defence and Psychological Defence, enhances public resilience, and reflects a maturing national strategy to combat hybrid threats. The paper also evaluates the implications of such simulations for future national security policy, both in Singapore and globally.

  1. Background: Total Defence and the Digital Turn
    2.1 Origins and Evolution of Total Defence

Launched in 1984, Singapore’s Total Defence framework is structured around six pillars:

Military Defence
Civil Defence
Economic Defence
Social Defence
Psychological Defence
Digital Defence (added in 2019)

The framework was conceived under conditions of regional uncertainty and resource constraints, promoting the idea that every citizen is a defender of the nation. Over time, its implementation has shifted from symbolic commemorations to functional preparedness exercises involving schools, workplaces, and communities.

The addition of Digital Defence in 2019 marked a strategic recognition of cybersecurity as a national front. This shift was catalyzed by high-profile cyber incidents, including the 2018 SingHealth data breach and increasing ransomware attacks on public hospitals and utilities.

2.2 The 2025 Cyberattacks: A Wake-Up Call

In late 2025, Singapore’s critical infrastructure—including energy distribution systems and public transport networks—faced a coordinated cybercampaign attributed to a state-linked advanced persistent threat (APT) actor. The attack, detected by CSA, involved phishing lures, lateral movement across systems, and attempts to disable supervisory control and data acquisition (SCADA) systems. Though mitigated without major service disruption, the incident revealed critical vulnerabilities in third-party vendor access and insider threat monitoring.

Minister Josephine Teo publicly acknowledged the attack during the Total Defence Commemoration Event on February 1, 2026, stating:

“It wasn’t theoretical. It was a real, deliberate attack… Our response must include stronger defences, but equally, we must raise the level of preparedness and resilience collectively as a people.”

This framing underscored a key strategic insight: technical defences alone are insufficient. A resilient society requires a cyber-aware population capable of recognizing and resisting social engineering—a capability central to the design of the NSSE.

  1. The National Simulated Scams Exercise (NSSE) 2026: Design and Implementation
    3.1 Objectives and Scope

Led by the Cyber Security Agency of Singapore (CSA) with support from the Ministry of Home Affairs (MHA), the NSSE aimed to:

Educate the public on scam methodologies, particularly impersonation of government officials (e.g., police, IRAS, MOM).
Build individual and collective resilience through experiential learning.
Evaluate public response patterns to refine future anti-scam messaging.
Strengthen integration between Digital and Psychological Defence domains.

Over 1,000 organizations participated in Exercise SG Ready 2026, including government agencies, private firms, educational institutions, and community groups such as Lions Befrienders, which supports seniors—a demographic particularly vulnerable to scam victimization.

The NSSE ran for six months (March 1–August 31, 2026), allowing for longitudinal exposure and repeated learning opportunities. Unlike prior one-off phishing tests among businesses, the NSSE targeted the general public, making it the largest citizen-focused cyber simulation in Singapore’s history.

3.2 Methodology: Simulated Robocalls and Response Mechanisms

Participants could opt-in via the CSA website (https://go.gov.sg/nsse) starting February 1. Upon registration, individuals received at least one simulated robocall during the exercise period. The call mimicked real scam scripts, such as:

“This is Officer Lim from the Ministry of Manpower. Your employment pass is suspended due to a criminal investigation. To resolve this, you must call our hotline immediately…”

Key design principles ensured safety and ethical compliance:

No personal or financial data was requested.
If participants attempted to disclose sensitive information, the call was automatically terminated.
All participants received a post-call email with educational content, including red flags (e.g., urgency, threats, unusual requests), verification steps (e.g., calling official hotlines), and reporting mechanisms (e.g., ScamShield, Police eServices).

Calls were randomized in timing and frequency to simulate unpredictability and avoid training participants to expect the simulation.

3.3 Integration with Exercise SG Ready 2026

The NSSE was nested within Exercise SG Ready 2026 (February 1–15, 2026), a broader crisis preparedness drill led by the Ministry of Defence (MINDEF) in collaboration with agencies including the Infocomm Media Development Authority (IMDA), People’s Association (PA), and Singapore Civil Defence Force (SCDF).

Exercise SG Ready tested readiness for:

Degraded digital connectivity (e.g., internet outages)
Prolonged power disruptions

On February 1, 2026, at 3:00 PM, over 50 non-emergency digital services—including the SAFRA app, BudgetMealGoWhere, and professional institute portals—entered a one-hour “maintenance mode”, simulating a widespread disruption. This allowed organizations to test backup communication channels (e.g., SMS, radio) and decision-making protocols.

The synergy between the NSSE and Exercise SG Ready illustrates a multi-layered threat modeling approach, where social engineering (scams) is linked to systemic disruptions (cyberattacks), requiring coordinated responses across sectors.

  1. Theoretical Framework: Cyber Resilience as a Social Practice

The NSSE 2026 can be analyzed through the lens of Sociotechnical Resilience Theory (Starosielski, 2021), which posits that resilience emerges from interactions between technological systems and human behavior. Traditional cybersecurity models emphasize perimeter defense (firewalls, encryption), but the NSSE adopts a human-centric approach, focusing on the first mile of attack: user cognition.

Furthermore, the exercise embodies Security as a Public Good, drawing on Ostrom’s (1990) principles of collective action. By inviting citizens to “opt-in,” the government fosters shared ownership of cybersecurity, transforming passive users into active defenders.

The use of simulation aligns with experiential learning theory (Kolb, 1984), where direct experience (receiving a scam call) followed by reflection (educational email) leads to deeper behavioral change than didactic instruction alone. This is especially critical for combating cognitive biases such as authority bias and fear-based decision-making, which scammers exploit.

  1. Public and Institutional Response

Preliminary feedback from the NSSE rollout was highly positive. Over 250,000 individuals registered within the first week of the opt-in period, exceeding CSA’s initial target of 150,000. Stakeholders highlighted several strengths:

Minister Josephine Teo emphasized the exercise’s role in “building new muscles” against scams.
Lions Befrienders integrated NSSE into senior wellness workshops, reporting increased scam awareness among elderly participants.
Private sector partners noted improved employee reporting rates to internal IT helpdesks following the simulation.

Social media analytics (via IMDA’s monitoring tools) showed a 40% increase in public discourse on scam prevention during the first month of the exercise, with hashtags like #SpotTheScam and #SGReady trending.

However, challenges emerged:

Opt-in bias: Younger, tech-literate individuals were overrepresented, while vulnerable groups (e.g., seniors, low-income populations) had lower participation.
Simulation fidelity: Some participants recognized the calls as “too clean” or lacking emotional urgency compared to real scams.
Ethical concerns: Minority voices questioned whether government-led simulations eroded trust, despite strict safeguards.

CSA addressed these by partnering with PA community centers to conduct in-person sign-ups and introducing adaptive scripts that varied in tone and pressure.

  1. Comparative and Global Implications

Singapore’s NSSE is not the first national scam simulation. In 2023, the UK’s National Cyber Security Centre (NCSC) ran a phishing test for select organizations. However, the NSSE 2026 is distinguished by:

Public-facing design (opt-in for civilians)
Extended duration (six months)
Integration into a national defence framework
Focus on voice-based social engineering, reflecting regional scam trends in Southeast Asia.

The exercise offers a scalable model for other digitally advanced nations, particularly those facing similar scam epidemics. Countries like Australia, South Korea, and Estonia could adapt the NSSE framework to combat local scam typologies.

Moreover, the NSSE aligns with UN Sustainable Development Goal 16 (Peace, Justice, and Strong Institutions) by strengthening institutional trust through transparency and education, rather than surveillance or coercion.

  1. Recommendations

Based on the NSSE 2026 rollout, this paper recommends:

Mandatory Scam Immunity Drills in Schools and Workplaces: Integrate annual scam simulations into national education and corporate compliance programs.

AI-Enhanced Simulation Personalization: Use generative AI to tailor scam scripts based on demographic risk profiles (e.g., seniors, new immigrants) while preserving ethical boundaries.

Regional Collaboration: Develop a ASEAN-wide Scam Resilience Network, sharing scam indicators and simulation best practices.

Longitudinal Impact Studies: Partner with academic institutions to track whether NSSE participants exhibit lower scam victimization rates over time.

Inclusive Outreach: Expand participation via community ambassadors and multilingual hotlines, ensuring equity in access.

  1. Conclusion

The National Simulated Scams Exercise 2026 marks a milestone in Singapore’s evolution from a digitally reliant society to a cyber-resilient nation. By embedding public education within the Total Defence framework, the government acknowledges that national security is a shared responsibility. The NSSE transforms abstract threats into tangible, learnable experiences, empowering citizens to become informed, skeptical, and vigilant participants in the digital ecosystem.

As cyber threats grow more sophisticated—particularly with the rise of AI-generated deepfakes and real-time voice cloning—simulations like NSSE will be essential not as one-off events, but as continuous, adaptive components of national preparedness. In a world where trust is the new battlefield, Singapore’s experiment in simulated resilience offers a compelling blueprint for the future of digital defence.

References
Cyber Security Agency of Singapore (CSA). (2026). National Simulated Scams Exercise (NSSE) 2026: Official Guidelines. https://go.gov.sg/nsse
Ministry of Defence (MINDEF). (2026). Exercise SG Ready 2026: Public Briefing. Retrieved from https://www.mindef.gov.sg
Singapore Police Force (SPF). (2025). Annual Crime Statistics and Scam Trends Report.
Starosielski, N. (2021). The Undersea Network and the Resilience of Infrastructure. Duke University Press.
Kolb, D. A. (1984). Experiential Learning: Experience as the Source of Learning and Development. Prentice-Hall.
Ostrom, E. (1990). Governing the Commons: The Evolution of Institutions for Collective Action. Cambridge University Press.
Teo, J. (2026, February 1). Speech at Total Defence Commemoration Event, Our Tampines Hub.
Lianhe Zaobao. (2026, February 1). 1,000 organisations join national readiness exercise.