Singapore beefs up operational technology masterplan to enhance cyber resilience
The Cyber Security Agency of Singapore will work with institutes of higher learning to include operational technology cybersecurity in computer science and engineering degree courses
WITH companies’ information technology and operational technology (OT) systems become increasingly connected, the government has updated the OT Cybersecurity Masterplan to boost the cybersecurity of Singapore’s OT sector.
Minister for Digital Development and Information and minister in charge of Cybersecurity Josephine Teo launched the updated masterplan – originally launched in 2019 – at the Singapore Operational Technology Cybersecurity Expert Panel forum on Tuesday (Aug 20).
The refreshed masterplan by the Cyber Security Agency of Singapore (CSA) will include OT cybersecurity in the professionalisation framework, which the agency is developing for the local cybersecurity workforce.
CSA said it will also work with institutes of higher learning to incorporate OT cybersecurity into the syllabuses of degree courses in computer science and engineering.
It said it would streamline information sharing and enhance collaboration between the OT Cybersecurity Information Sharing and Analysis Centre (OT-ISAC) and regulators of the sector, and also look into mechanisms to facilitate the reporting of cybersecurity incidents to encourage businesses to report them.
OT-ISAC is a non-profit organisation that facilitates secure information sharing on threats, so that member companies can be warned about them and act to mitigate them.
BT in your inbox
Start and end each day with the latest news stories and analyses delivered straight to your inbox.
The agency added that these moves aim to create “a comprehensive and effective threat intelligence ecosystem for Singapore”.
Aside from information sharing, CSA is also developing a model to “increase visibility” of the cyber supply chain ecosystem through accurate, timely analysis of vendor-risk data.
CSA said that doing so would enhance CSA’s visibility of cybersecurity risks that OT sectors face, improve the monitoring of these risks, and the issuing of alerts and of advisories for remedial action.
As for the safety of OT systems, CSA said that it would work with the OT ecosystem to set up an OT Cybersecurity Centre of Excellence to support research into emerging OT cybersecurity technologies.
It added that cybersecurity features for such systems should not be an afterthought, and that secure-by-deployment principles are crucial.
On Tuesday, Minister Teo said that it is “no longer a surprise” that malicious actors target OT systems, noting that critical heating infrastructure in Ukraine was attacked with industrial-control systems malware earlier this year.
“(OT systems) have traditionally been safe from cyberattacks because they were placed in protected environments and had limited connection to other networks. However, this is no longer the case, and we’ll need to do more to protect their safety and resilience,” she said.
Although the recent disruption caused by a glitch in cybersecurity company Crowdstrike’s widely used software was not a cyberattack, she noted that critical infrastructure, such as airports and metro systems, were disrupted to varying degrees. This, she said, showed how important it was for such critical OT systems to be resilient.
In her speech, she announced that the CSA will team up with the US for-profit company SANS Institute to provide more training opportunities for Singapore-based cybersecurity practitioners.
CSA will also partner with cybersecurity solutions provider Fortinet on cyberthreat intelligence sharing and capability development.
Copyright SPH Media. All rights reserved.
