Almost half a decade after it unveiled its cybersecurity strategy, Singapore brought in new amendments to its national plan to move towards a more proactive approach to address threats. It also brought in a new operational technology competency framework to provide a strong foundation for attracting and developing talent for the emerging OT sector in the country.
This revision is a positive move and will yield dividends in the near term. The 2021 cybersecurity strategy underscores the attention Singapore has been paying to critical information infrastructure in the country. Singapore’s Cyber Security Agency has said that it is open to working with critical and digital infrastructure operators to enhance OT cybersecurity measures connected to Operational Technology (OT) systems.
CSA will be according to high priority to OT systems where a cyberattack could lead to significant physical or economic risks.
Highlights of the new OT cybersecurity strategy:
- Recognizes the importance of securing OT infrastructure
- Unwavering focus on critical information and digital infrastructure of national significance
- CSA is open to collaboration with operators of such infrastructure to improve their cybersecurity posture
- OT systems falling under the purview of this strategy include industrial control, traffic management, building management systems, and systems that can modify the physical state of a system
- It recognizes the risks emerging from the introduction of new digital devices in formerly air-gapped and ‘relatively safe’ systems
- Underscores the need to put in place guidance on processes, skills and structures to address the requirements of OT security
- CSA academy will promote the adoption of the new OT security framework in collaboration with industry participants
Sectrio welcomes this initiative. Such a clear articulation of the risks emerging from OT and of the steps needed to contain such risks will go a long way in encouraging industry participants to do more to secure their OT in collaboration with CSA. The emphasis on developing talent is another important aspect that will feed significantly to the overall objective of securing critical infrastructure and digital information.