Singapore has updated its operational technology (OT) Cyber Security The blueprint focuses on enhanced data sharing, policies and procedures, and skills training. It has also been expanded to include non-critical infrastructure, according to the Cybersecurity Agency (CSA).
Also: AI-Powered ‘Narrative Attacks’ Are a Growing Threat: 3 Defense Strategies for Business Leaders
First released in 2019, OT Security Master Plan The CSA said the update was needed to keep up with the threat landscape as it has evolved in scale, sophistication and frequency. As digital tools and connectivity become more widely adopted, cyber resilience is essential for non-CII organizations (critical information infrastructure) and all organizations must think about “security in deployment” principles.
“OT cyber environments are becoming increasingly more dangerous as attackers’ tactics and strategies evolve,” the CSA said.
It added that updated master plan aimed at solving Threats targeting OT systems amid geopolitical and technological changes, including a significant increase in hacktivism attacks targeting OT assets of “non-aligned nations” and the integration of technologies, such as edge computing and the Internet of Things (IoT), that have increased the attack surface for OT systems.
Also: As the use of IoT devices increases, so do the associated security risks.
The master plan has been revised based on consultation with OT stakeholders, government agencies, industry and academia, CSA said.
The 2019 Master Plan includes a list of mandatory cybersecurity measures for OT systems and cyber defense drills, leading to the establishment of an OT Cybersecurity Information Sharing and Analysis Center to facilitate information sharing and support response to OT cyber threats.
The 2024 update includes initiatives to enhance cyber resilience and “shape OT organizational behavior” through new policies and training to promote rapid response to threats, the CSA announced. These initiatives include plans for a framework to develop a local cybersecurity workforce and professional capacity through partnerships with higher education institutions to integrate OT cybersecurity curricula into computer science and engineering degree courses.
The updated design will also make it easier to share data and reports to improve awareness of Singapore’s cybersecurity posture and better protect CIIs and critical OT infrastructure.
Also: Singapore updates cybersecurity law to expand regulatory oversight
Furthermore, the CSA explains that these initiatives will help streamline processes to expedite information sharing and enhance collaboration with OT intelligence and analysis centers and industry regulators. As the security agency begins to evaluate mechanisms to support incident reporting, it will ultimately encourage organizations to enhance and report such activities.
Additionally, it is developing a data-driven model to enhance visibility across the entire supply chain impacting both CII and non-CII sectors. The aim here is to provide accurate and up-to-date data and analysis on supplier risk, the CSA said.
“Cyber risks are widespread and impact CII and other critical OT systems due to dependency or supply chain risk“, it said. A data platform will improve CSA’s visibility into the cybersecurity risks facing OT infrastructure and monitor these risks. The regulator can then issue alerts and recommendations to guide these sectors on necessary remediation or mitigation measures, CSA explained.
The 2024 Master Plan aims to promote fundamental development principles that are linked to security rather than being included as a side idea.
Also: The biggest challenge with rising cyber attacks, according to analysts
“The application security principles by implementation “This is critical to protecting the entire lifecycle management of OT systems, from product design, deployment and maintenance involving multiple stakeholders, from original equipment manufacturers (OEMs), systems integrators to asset owners,” CSA said.
For example, OEMs should ensure their products incorporate industry best practices to mitigate cyber threats throughout their lifecycle. They should also ensure their products are secure by default, keeping in mind the complexity and cost of protecting users.
CSA added that 14 OEMs and cybersecurity service providers, including Honeywell, Schneider Electric, Siemens Energy, ST Engineering, Yokogawa Engineering Asia, Check Point Software Technologies and Fortinet, have committed to adopting the security principles in phases of implementation.
CSA said plans are also underway to establish an OT cybersecurity center of excellence to facilitate research into emerging OT cybersecurity technologies and develop tools to address industry concerns about their impact on business operations.
Also: AI is transforming cybersecurity and businesses must wake up to the threat
“Since the Stuxnet incident in 2010, EKANS attack on Honda in 2020, to find out pipe dream malware toolkits in 2022, it is clear that threats to our OT environments are real and are becoming more sophisticated and targeted,” said David Koh, chief executive of CSA and Singapore’s cybersecurity commissioner. “Successful breaches of [OT] system, on which the delivery of essential services depends, would jeopardize our national security, public safety and the environment, our economy and our way of life. The risks are too great to ignore, and we must step up and do more.”
“The growing convergence between IT and OT systems also expands the attack surface and introduces new risks that need to be mitigated,” Koh said, reiterating the need for stronger training while enhancing the cybersecurity resilience of OT systems by adopting cybersecurity best practices.
