New cybersecurity masterplan launched to protect critical sectors

A masterplan has been unveiled to protect operational technology (OT) systems from cyber attacks that can cripple Singapore’s water supply, transport and other critical sectors.

The OT Cybersecurity Masterplan will bolster defence against such cyber attacks by growing the talent pool and facilitating the exchange of information between the public and private sectors.

Senior Minister Teo Chee Hean announced the masterplan on Tuesday (Oct 1) at the opening of the fourth Singapore International Cyber Week.

OT systems are those that operate critical infrastructure services with interconnected devices and computers, such as those in the energy, water, transport and media sectors.

[[nid:390143]]

Mr Teo, who is also Coordinating Minister for National Security, pointed out that attacks on OT systems are among the most pressing of cyber threats today. He gave an example of how Ukraine suffered a cyber attack on its power network in December 2015, which caused almost 250,000 people to lose power in the middle of winter.

This new masterplan, developed by the Cyber Security Agency of Singapore (CSA) and industry partners, is a response to the serious danger OT attacks pose, added Mr Teo.

He said the masterplan will guide the development of capabilities to secure systems in the OT environment, and mitigate emerging OT cyber threats.

CSA said on Tuesday that this plan, which is available on its website, will outline efforts to provide OT cyber-security training to develop talent in this sector.

Under the plan, a new OT Cybersecurity Information Sharing and Analysis Centre will be set up together with threat-intelligence hub Global Resilience Federation. 

[embed]https://twitter.com/CSAsingapore/status/1178937460669108225[/embed]

There are no details of this centre yet, but in response to queries from The Straits Times, the federation’s president, Mr Mark Orsi, said it will provide the tools and processes to allow OT organisations to share intelligence and best practices to tackle threats. 

“The OT Cybersecurity Information Sharing and Analysis Centre will provide their members with these tools along with local threat analysts to develop and refine member-provided and sector-specific threat intelligence for energy, water, transportation and other critical information infrastructure sectors,” said Mr Orsi. 

CSA added that the masterplan will include procedures for OT organisations to attain an OT Cybersecurity Code of Practice, which will strengthen their policies and processes to better defend themselves against cyber threats.

CSA said that in the past, OT systems were not designed with robust cyber-security considerations, which makes it dangerous now, given how many of these systems are now interconnected.

A cyber attack on such systems could have dire consequences like mass disruptions, physical harm or even death, the agency added.

[[nid:460820]]

Although the world has been brought closer with such interconnectedness that advances in technology have caused, two challenges have emerged in the light of the development and deployment of emerging technologies like 5G, noted Mr Teo.

The first, he said, is a race for digital dominance, where players compete against each other to determine and shape the direction that established digital rules will take. Such a race could cause the focus on the growth of connectivity and convenience to be mired, warned Mr Teo.

The second challenge he highlighted was how this interconnectedness could allow bad actors and cybercriminals to disrupt and exploit data flows and digital systems.

“This can lead to a fracturing of the global digital space. When we view these two challenges as a national zero-sum game, where one side wins and another loses, the most likely outcome is that nobody wins,” said Mr Teo.

“The greatest benefit offered by the new digital world is interconnectivity. The power comes from widening the network to bring onboard  more users, but in a secure way.”

To combat these kinds of online threats, cooperation with domestic stakeholders is needed, and Mr Teo held up the OT Cybersecurity Masterplan as an example of such collaboration. 

The masterplan is a good example of how strong government-industry partnership can strengthen the country’s national cybersecurity defences, he said. 

[embed]https://twitter.com/SICWSG/status/1178870847445983232[/embed]

In his speech, Mr Teo also called for more cooperation between different nations, organisations and sectors, to tackle the danger that cyber threats pose.

He said: “For us to realise the benefits of digitalisation, countries, businesses and the people sector need to work together to create a more secure and a more prosperous digital future. We need to build more bridges and avenues of collaboration. 

“Difficult as it is, we need more dialogue and cooperation among governments and the private sector to help us to find better solutions to build a shared future, deal with sophisticated cyber threats, and strengthen trust and confidence in the digital systems that we have come to depend upon.”

Held at the Suntec Singapore Convention and Exhibition Centre, the Singapore International Cyber Week runs until Thursday.

It will see policymakers, business leaders, industry experts and academia from around the world gathering in Singapore to discuss collaboration and cyber-security trends and challenges, and showcase innovations.

This article was first published in The Straits Times. Permission required for reproduction.