Getting your Trinity Audio player ready...
|
Minister Josephine Teo addressed the pressing need to bolster cybersecurity measures for Operational Technology (OT) at the Operational Technology Cybersecurity Expert Panel Forum. While OT systems are not as prominently discussed as emerging technologies like AI and quantum computing, they are critical to the seamless functioning of modern society ensuring power, water, and transportation systems run smoothly.
However, Minister Teo noted that these systems are increasingly at risk. Traditionally shielded by limited network connectivity, OT systems are now more vulnerable due to growing integration with other technologies. She cited the recent global disruption, emphasising that while it was not a cyberattack, it highlighted the vulnerability and critical importance of OT systems.
Singapore effectively managed a global IT outage caused by a cybersecurity firm’s software update, demonstrating the strength of its cyber safety measures. While some disruptions affected Changi Airport and HDB car parks, most government services and essential operations remained stable, thanks to robust Business Continuity Plans.
The incident caused operational disruptions across several sectors globally, underscoring the need for stronger resilience and preparedness. The incident highlighted the critical need for resilience and proactive IT planning, prompting the Ministry of Communications and Information to establish a task force to review lessons from this and similar disruptions, enhancing preparedness for future risks.
A key takeaway is that IT issues often spill over into the OT space, further exposing critical infrastructure to cyber threats. Minister Teo pointed to recent discoveries of sophisticated malware like FrostyGoop, which disrupted heating systems in Ukraine, as evidence of the increasing focus by cybercriminals on OT systems.
In response to these evolving threats, Singapore’s Cyber Security Agency (CSA) launched the first OT Cybersecurity Masterplan in 2019. The initiative has since driven significant progress, including the development of the OT Cybersecurity Competency Framework and the training of more than 400 professionals.
Additionally, the establishment of the OT Cybersecurity Information Sharing and Analysis Centre (OT-ISAC) has enhanced intelligence sharing, bringing together over 40 government agencies, critical infrastructure owners, and industry providers. Building on these achievements, Minister Teo announced the launch of the OT Cybersecurity Masterplan 2024, which focuses on three main objectives:
Uplifting the Cybersecurity Posture of OT Operators: The updated plan extends guidance and support to all OT operators, not just those managing critical infrastructure. With the rise of Industrial Internet of Things (IIoT) devices, CSA is updating its guidelines and handbooks to include best practices for securing cyber-physical systems. Minister Teo encouraged industry players to leverage these resources and provide feedback for continuous improvement.
Deepening Cybersecurity Capabilities: To counter increasingly sophisticated threats, CSA is expanding training opportunities and enhancing career pathways for OT cybersecurity professionals. Partnerships with organisations like the SANS Institute and global cybersecurity provider Fortinet will offer more training and improve threat intelligence sharing, ensuring a skilled workforce and robust defences.
Systematically Reducing Risks Through Security by Design and Deployment: Ensuring OT systems are secure from the ground up is critical. Minister Teo stressed that OT systems, often composed of products from various manufacturers, must incorporate security features throughout their lifecycles. Fourteen international Original Equipment Manufacturers and cybersecurity providers have committed to “Secure by Deployment” principles, which aim to standardise security practices across the supply chain.
Minister Teo concluded by highlighting the importance of collaboration, noting that the updated Masterplan was developed through consultations with over 60 partners and experts in the OT ecosystem. As the threat landscape evolves, partnerships between government, industry, and other stakeholders will be key to strengthening Singapore’s OT cybersecurity resilience.
The challenges of OT cybersecurity require collective action, but by working together, Singapore can enhance its defences and continue to safeguard critical infrastructure against emerging threats.