Close this search box.

We are creating some awesome events for you. Kindly bear with us.

EXCLUSIVE – OpenGov Breakfast Insights session on tackling cybersecurity for critical infrastructure ecosystems

EXCLUSIVE - OpenGov Breakfast Insights session on tackling cybersecurity for critical infrastructure ecosystems

On January 25, around 30 representatives from various ministries and
agencies of the Government of Singapore gathered for OpenGov’s Breakfast
Insights session on Tackling Cybersecurity for Critical Infrastructure Ecosystems. This was the second cybersecurity gamification event organised by OpenGov in collaboration with Kaspersky.

Mr. Mohit Sagar, Editor-in-Chief of OpenGov Asia, kicked off the
discussion using examples of public wifi at airports to highlight our common
vulnerability to cybersecurity threats. He highlighted that the government
cannot outsource cybersecurity risks and emphasised that the government will
continue to bear the responsibility to safeguard cybersecurity of critical

Mr. Stephan Neumeier (above), Managing Director at Kaspersky Lab, spoke
about the significance of industrial cybersecurity. Using the example of
software engineering in connected cars, he illustrated the high potential cost
to human lives and properties if these connected vehicles are hacked while on
the highway. Cybersecurity incidents are estimated to cost enterprises a damage
of $1.4 million on average.

Citing reports by Kaspersky, 55% of the surveyed firms have been
recently attacked and only 29% of them considered the firm well-prepared for
future cyberattacks. Using a few real-life examples, Mr Neumeier pointed out
the complex nature of cybersecurity incidents, as they could be state-sponsored
attacks, ransomware that aims at monetary returns, or cyberterrorists whose objective
is to cause maximum damage to the society.

Gamification through Kaspersky
Interactive Protection Simulations (KIPS)

To foster interactive learning and active participation, the
Breakfast Insight session introduced an element of gamification through the

KIPS is an effective way of building cybersecurity awareness. It is
an exercise that creates a simulated environment in which teams of participants
play the role of IT specialists and face a series of unexpected cyber threat
scenarios, while trying to protect the critical infrastructure and maximise

The idea is to build a holistic cyber defence strategy by making
choices from amongst the best proactive and reactive controls available. The
best choice of actions balances strategic, managerial and technical security

Each turn begins with an unfolding event which poses cybersecurity
threats to the infrastructure. Like in real-life, the team is only given
limited information and time to make strategic decisions and actions.

Each action impacts the way the scenario plays out, the systems’ subsequent
vulnerability to cybersecurity threats, and ultimately the revenue made. To
help participants better understand the consequences of their choice of action,
feedback is provided to each team after their turn. This allows the teams to
learn from the experience and modify their strategy.

At the end of the exercise, teams get to see the final results which
is measured in both the total revenue generated by the facility and the ability
to protect the computerised assets.

Delegates engaged in the simulation exercise


Delegates from various ministries and agencies of the Singapore
Government were divided into teams of 6 or 7 for this simulation exercise.

During the exercise, one of the scenarios presented was an emergency
shutdown of the facility due to industrial sabotage. In the discussion of what
is the best action to be taken, delegates discussed on the need to balance
prevention and response. While it is important to react to immediate
cybersecurity emergencies, delegates also recognise the need to strengthen the
cybersecurity defence of critical infrastructure to prevent future attacks.
These preventive actions include the installation of antivirus programs and
regular audits of hardware and software.

In another scenario, teams are faced with warnings on malicious
cyberattacks, delegates were able to identify that it is an evolving situation
that requires immediate action to detect breaches into the system, strengthen
vulnerable segments of the system, and control the damage.

The winning team with Mr. Sagar and Mr. Neumeier (3rd and 4th from left)


In the polling exercise, delegates from the Singapore Government
shared their priorities and concerns in their everyday work.

When asked about what cybersecurity measure is considered most
important for their organization, a majority of 60% considered conducting
awareness training for all staff as the most important cybersecurity measure.

In identifying the major factor that affects an organisation most in
securing their assets, 35% of the participants considered adopting a mix of
reactive and proactive approach as the major factor. Around 25% of them voted
for an appropriate amount of budget and ensuring its effective utilisation,
while another quarter of delegates chose risk prioritisation.

For priority focus areas in 2018, the top identified priority was
managed security services, with nearly half (47%) of the delegates choosing it
as their top priority. It was followed by endpoint detection and response (32%)
and network security solution (21%).

In terms of appropriate annual budget for security solutions to
combat APT (advanced persistent threat) or sophisticated attack dark energy malware,
47% of the delegates would dedicate up to 3% of the revenue or budget to deal
with the cybersecurity threat.

Key takeaways

After the exercise, some key observations and takeaways were shared.

It was noted that cybersecurity resources, including budget, is
usually limited. Given limited resources, it is important that IT managers use
available resources wisely to prevent a potential loss in revenue or harm to
public good in case of a cybersecurity incident.

To ensure long-term security in a fast-changing and uncertain cyber
environment, delegates shared the importance of preventive actions and risk
management. Some of the risk management and preventive measures include regular
audits of system to identify vulnerable points, segmentation of systems within
the critical infrastructure and regular training of IT personnel to increase
their competency in cybersecurity defence.

To address more complex threats in the increasingly uncertain cyberworld,
more complex solutions are needed. This suggests that an ideal cybersecurity
defence takes a holistic approach, by combining both proactive and reactive
actions. In building an adaptive cybersecurity framework, the system should
encompass the 4 elements of Predict, Prevent, Detect and Respond.


Qlik’s vision is a data-literate world, where everyone can use data and analytics to improve decision-making and solve their most challenging problems. A private company, Qlik offers real-time data integration and analytics solutions, powered by Qlik Cloud, to close the gaps between data, insights and action. By transforming data into Active Intelligence, businesses can drive better decisions, improve revenue and profitability, and optimize customer relationships. Qlik serves more than 38,000 active customers in over 100 countries.


CTC Global Singapore, a premier end-to-end IT solutions provider, is a fully owned subsidiary of ITOCHU Techno-Solutions Corporation (CTC) and ITOCHU Corporation.

Since 1972, CTC has established itself as one of the country’s top IT solutions providers. With 50 years of experience, headed by an experienced management team and staffed by over 200 qualified IT professionals, we support organizations with integrated IT solutions expertise in Autonomous IT, Cyber Security, Digital Transformation, Enterprise Cloud Infrastructure, Workplace Modernization and Professional Services.

Well-known for our strengths in system integration and consultation, CTC Global proves to be the preferred IT outsourcing destination for organizations all over Singapore today.


Planview has one mission: to build the future of connected work. Our solutions enable organizations to connect the business from ideas to impact, empowering companies to accelerate the achievement of what matters most. Planview’s full spectrum of Portfolio Management and Work Management solutions creates an organizational focus on the strategic outcomes that matter and empowers teams to deliver their best work, no matter how they work. The comprehensive Planview platform and enterprise success model enables customers to deliver innovative, competitive products, services, and customer experiences. Headquartered in Austin, Texas, with locations around the world, Planview has more than 1,300 employees supporting 4,500 customers and 2.6 million users worldwide. For more information, visit


SIRIM is a premier industrial research and technology organisation in Malaysia, wholly-owned by the Minister​ of Finance Incorporated. With over forty years of experience and expertise, SIRIM is mandated as the machinery for research and technology development, and the national champion of quality. SIRIM has always played a major role in the development of the country’s private sector. By tapping into our expertise and knowledge base, we focus on developing new technologies and improvements in the manufacturing, technology and services sectors. We nurture Small Medium Enterprises (SME) growth with solutions for technology penetration and upgrading, making it an ideal technology partner for SMEs.


HashiCorp provides infrastructure automation software for multi-cloud environments, enabling enterprises to unlock a common cloud operating model to provision, secure, connect, and run any application on any infrastructure. HashiCorp tools allow organizations to deliver applications faster by helping enterprises transition from manual processes and ITIL practices to self-service automation and DevOps practices. 


IBM is a leading global hybrid cloud and AI, and business services provider. We help clients in more than 175 countries capitalize on insights from their data, streamline business processes, reduce costs and gain the competitive edge in their industries. Nearly 3,000 government and corporate entities in critical infrastructure areas such as financial services, telecommunications and healthcare rely on IBM’s hybrid cloud platform and Red Hat OpenShift to affect their digital transformations quickly, efficiently and securely. IBM’s breakthrough innovations in AI, quantum computing, industry-specific cloud solutions and business services deliver open and flexible options to our clients. All of this is backed by IBM’s legendary commitment to trust, transparency, responsibility, inclusivity and service.