[Source-tomtom.com]
Singapore has revised its Singapore operational technology (Singapore OT system ) cybersecurity blueprint, enhancing data sharing, policies, processes, and skills training. The updated plan, announced by the Cyber Security Agency (CSA), expands its focus to include non-critical infrastructures, reflecting the growing cyber threats that affect various sectors.
Evolving Threat Landscape and Expanded Scope
First introduced in 2019, the OT security masterplan required updating to keep pace with an increasingly complex and sophisticated threat environment. The CSA emphasized that as digital tools and connectivity become more pervasive, all organizations, not just critical information infrastructures (CIIs), must prioritize cyber resilience and adopt “secure by deployment” principles. The agency highlighted the growing peril in the OT cyber landscape, exacerbated by the evolving tactics of threat actors.
The updated blueprint seeks to address threats to Singapore OT systems, especially amid geopolitical and technological shifts. It specifically notes a significant increase in hacktivism targeting the OT assets of non-aligned countries and the integration of technologies like edge computing and the Internet of Things (IoT), which have expanded the attack surface.
Strategic Enhancements and Industry Collaboration of Singapore OT Systems
The CSA collaborated with OT stakeholders, government agencies, industry players, and academia to revise the master plan. The original 2019 blueprint mandated cybersecurity measures for Singapore OT systems and introduced cyber defense drills, resulting in the creation of the OT Cybersecurity Information Sharing and Analysis Center. This center facilitated information sharing and coordinated responses to OT cyber threats. The 2024 update introduces initiatives aimed at bolstering cyber resilience and shaping the behavior of OT organizations.
These initiatives include new policies and training programs designed to enable swift responses to emerging threats. Notably, the updated blueprint includes plans to develop the local cybersecurity workforce through partnerships with Institutes of Higher Learning. By integrating OT cybersecurity into computer science and engineering degree courses, Singapore aims to enhance professional competency in this critical area.
Data-Driven Approaches and Secure-by-Deployment Principles
The updated master plan also focuses on improving data sharing and reporting to enhance situational awareness and better protect CIIs and essential OT infrastructures. The CSA is streamlining processes to accelerate information sharing and deepen collaboration with the OT information and analysis center and sector regulators. The security authority is also developing mechanisms to support incident reporting, encouraging organizations to step up their reporting activities. Additionally, a data-driven model is being developed to enhance visibility across the supply chain, impacting both CII and non-CII sectors. This model aims to provide accurate and up-to-date data on vendor risks, improving the CSA’s ability to monitor and respond to cybersecurity risks in OT infrastructures.
The 2024 masterplan underscores the importance of embedding security within the fundamental development principles of Singapore OT systems, rather than treating it as an afterthought. The adoption of “secure by deployment” principles is crucial to safeguarding Singapore OT systems throughout their lifecycle, from design and deployment to maintenance. Original Equipment Manufacturers (OEMs) are expected to incorporate industry best practices to mitigate cyber threats, ensuring their products are secure by default. The CSA announced that 14 OEMs and cybersecurity vendors, including industry leaders like Honeywell, Schneider Electric, Siemens Energy, and Fortinet, have pledged to adopt these secure-by-deployment principles.
Looking ahead, plans are underway to establish an OT cybersecurity center of excellence. This center will focus on researching emerging OT cybersecurity technologies and developing tools to address industry concerns about their impact on business operations. CSA’s chief executive, David Koh, emphasized the urgency of these efforts, citing past incidents like the 2010 Stuxnet attack and the 2022 Pipedream malware toolkit as evidence of the growing sophistication and intent of OT threats. Koh stressed that the convergence between IT and OT systems expands the attack surface, necessitating robust training and the adoption of cybersecurity best practices to safeguard national security and public safety.
Also read: Cyber Pro magazine
