With cyber threats to operational technology, especially industrial control systems, increasing in frequency and sophistication, the Singapore Cyber Security Agency (CSA) announced that it had established the Operational Technology Cybersecurity Expert Panel. The panel will strengthen local cybersecurity capabilities and competencies in the operational technology sector.
Singapore’s operational technology cybersecurity practitioners, operators, researchers and policymakers from the Government, critical information infrastructure (CII) sectors, academia and other operational technology industries will have direct access to the experts. The 11-panel members come from both public and private sectors, locally and internationally.
CSA said the experts will discuss issues ranging from governance policies and processes, evolving operational technologies, emerging trends, capability development, supply chain, threat intelligence information sharing and incident response. They will also recommend best practices to address cybersecurity challenges and gaps in the sector.
During closed-door one-to-one workshops, the experts will share with incident response teams from stakeholders their insights based on their own experience handling global cybersecurity incidents. The panel complements CSA’s operational technology cybersecurity masterplan announced in 2019 to protect Singapore from cyber-attacks on critical sectors like transport and water supply.
The plan aims to grow the talent pool of cybersecurity professionals and facilitate the exchange of information between the public and private sectors. Insights and recommendations from the panel will help shape initiatives under the plan, such as a code of practice and training programmes, said CSA.
The threat of a cyber-attack on Singapore’s critical infrastructure services remains low but the maritime sector has been in the crosshairs of hackers, said the members of an international panel appointed by the CSA.
Reports say that hackers have used increasingly sophisticated tools to target operational technology systems that run critical infrastructure services, such as those in the energy, water and transport sectors. The systems control everything from the electricity grid, traffic light controls, train-signalling systems and even sensors detecting the chemical content in drinking water.
At present, the damage created by such cyber-attacks has not surfaced in Singapore. However, it is important that businesses do not become complacent and should ensure they have an effective incident response or business continuity plan in place, said one tech security expert.
Mr David Koh, the commissioner of Cybersecurity and CSA’s chief executive, said while operational technology systems were traditionally separated from the Internet, increasing digitalisation has led to more IT and operational technology integration. Hence, it is crucial for operational technology systems to be better protected from cyber threats to prevent outages of critical services that could result in serious real-world consequences, said David.
To this end, he added that they are glad to have notable operational technology experts join them in sharing their expertise to develop and strengthen localised capabilities in operational technology cybersecurity, he added.
As reported by OpenGov Asia, from a larger perspective, David also mentioned that a rules-based framework must be implemented when dealing with cybersecurity. Therefore, the United Nations (in general) is an appropriate platform for cyber discussions to take place, given its open and inclusive nature for all 193 member states. By conducting discussions on the forum, UN members can now see the importance of cybersecurity for their respective countries. The broadening of the conversation on cyber resiliency and producing a consensus report from the UN OEWG is a significant achievement.
Accordingly, David said that if the approach in cybersecurity is in the same direction, whether it be for the potential impacts of cyber threats, up to the solutions that can deal with them, countries can expect a positive outcome in terms of strengthening cyber resiliency. Leaders and decision-makers must recognise that cybersecurity is an issue, and they need to work together so everyone can move forward in this journey of full digital transformation.
