Singapore’s Cyber Security Agency (CSA) has drawn up a masterplan to help secure operational technology (OT) systems used in critical information infrastructure (CII) sectors, including transportation, energy, and water.
Speaking at the opening of Singapore International Cyber Week 2019, Singapore’s senior minister and coordinating minister for national security, Teo Chee Hean, said the blueprint is necessary in light of growing cyber threats and cyber crime.
“We must address these threats so that we can provide assurance to the public as we press on with our smart nation initiatives,” said Teo. “Threats to OT systems that control our critical physical systems are among the most pressing cyber threats facing us today.”
Noting that the unprecedented attack on the Ukrainian power grid in December 2015 had taken down power subsystems, disrupting the power supply to a quarter of a million people, Teo said similar threats are being taken seriously in Singapore.
Developed together with industry partners, Teo said the OT cyber security masterplan will guide the development of capabilities to secure systems in an OT environment and mitigate emerging threats to those systems.
He added that the masterplan has outlined plans to train more OT cyber security professionals with advanced cyber security skills, and to establish an OT cyber security information sharing and analysis centre with the Global Resilience Federation (GRF).
Managed by the Asia-Pacific business unit of GRF, the centre will serve as a threat information sharing hub for companies in energy, water and other CII sectors in Singapore.
“Singapore offers a strong economy, a highly educated workforce, a central location, and an environment friendly to trade and investment,” said Mark Orsi, president of GRF. “Because of its status as a commercial hub and geopolitical factors, it is a target for cyber threats.”
Using proven tools and technologies, the GRF said member companies, through the centre, will be able to securely exchange details of OT and IT threats and attacks on their organisations, to prevent, mitigate and contain any damage caused by threat actors.
Another area that the CSA is looking into is the security of the internet of things (IoT). With the number of IoT devices projected to reach over 64 billion globally by 2025, Teo said such devices will provide a “greatly expanded attack surface” through which malicious cyber activities can be carried out.
To better address IoT security threats, the CSA has worked with the Netherlands’ ministry of economic affairs and climate policy on a study to identify IoT security challenges in areas including governance, ecosystem development and standards.
The study has made recommendations for action by countries and industries. “For example, the study proposes an evaluation regime for IoT devices to provide consumers with greater transparency of the security of IoT devices already in the market,” said Teo.
The government, considered a CII sector in Singapore, is also beefing up the security of its own systems. Building on its bug bounty initiative in 2018, the government is starting a vulnerability disclosure programme that will enable white hat hackers and cyber security researchers to report vulnerabilities they have discovered in any internet-facing government system or application.
“Through this programme, we hope to send the signal that we have a shared responsibility together with cyber security defenders locally and internationally to make our cyber space safer and more resilient,” said Teo.