Physical Address

304 North Cardinal St.
Dorchester Center, MA 02124

‘Stakes are too high to ignore’: Singapore beefs up operational technology masterplan as cyberthreats rise

SINGAPORE: Singapore will build a sustainable pipeline of cybersecurity professionals to maintain operational technology systems, and explore ways to improve incident reporting amid a changing threat landscape. 
 
The moves are part of a refreshed national operational technology masterplan developed by the Cyber Security Agency of Singapore (CSA) to keep up with evolving cyber risks. 
 
Digital Development and Information Minister Josephine Teo launched the updated masterplan at the Operational Technology Cybersecurity Expert Panel Forum on Tuesday (Aug 20).
 
The blueprint was drafted in consultation with more than 60 organisations.
 
This comes as computer networks are linked to and control many physical systems which deliver essential services, and threat actors employ more sophisticated attack tactics. 
Operational technology is “what keeps the lights on, our water flowing, our trains running and many of the modern conveniences we depend on”, said Mrs Teo, adding that it is no longer a surprise that malicious actors target such systems. 
 
“We know that (operational technology) systems are increasingly under threat,” she noted.
 
“They have traditionally been safe from cyberattacks because they were placed in protected environments and had limited connection to other networks. However, this is no longer the case and will need to do more to protect their safety and resilience,” 
 
The masterplan was launched in 2019, at a time when operational technology cybersecurity in Singapore’s essential service sectors was still nascent.
 
“Any successful compromise of these systems on which the delivery of essential services depends on will jeopardise our national security, the public, environmental safety and the economy, and our way of life,” said Mr David Koh, chief executive of CSA. 
 
“The stakes are too high to ignore, so we must push the envelope, and we have to do more.”
 
Mr Hubert Heng, operational technology cybersecurity systems division manager at ST Engineering, elaborated: “If you look into the perspective of it, (if) I compromise the door access, (if) I compromise the so-called camera systems, then I will have the ability to actually look and change everything and make sure that people don’t even know that I’m there to do an attack.”
 
As part of the updated measures, CSA will work with institutes of higher learning to incorporate operational technology cybersecurity into the syllabuses of degree courses in computer science and engineering.
 
The agency will also work with various stakeholders to set up an Operational Technology Cybersecurity Centre of Excellence to support research into relevant emerging technologies.
 
CSA intends to update its masterplan again in the next five years, to further bolster Singapore’s defences and ensure a resilient cyber environment.
To ensure that operational technology systems come with security controls, the different parts of the supply chain must come together, said Mrs Teo.
 
Fourteen original equipment manufacturers and cybersecurity solution providers have since committed to ensure the equipment they supply is cyber-secure.
 
“They are international players, so we hope that this initiative will not just benefit Singapore but will have a wider impact subsequently as the best practices become more widely adopted,” she said while expressing hopes that more suppliers will come on board. 
 
Singapore has also partnered international companies to train the cybersecurity workforce, and to share intelligence on these threats.
 
Mr Benjamin Ang, head of the Centre of Excellence for National Security at the S Rajaratnam School of International Studies, said Singapore has so far not been the victim of an operational technology cybersecurity attack. 
 
“(But) we need to learn lessons from overseas, and the best way is to talk to overseas partners who have that kind of experience to share it with us,” he added.

en_USEnglish