Singapore’s Advanced Cybersecurity: OT Masterplan 2024

Ms Josephine Teo, Minister for Digital Development and Information and Minister-in-charge of Cybersecurity, unveiled the updated Operational Technology Cybersecurity Masterplan 2024 (OT Masterplan 2024) at the fourth edition of the Singapore Operational Technology Cybersecurity Expert Panel (OTCEP) Forum. This revised plan aims to enhance the technical cybersecurity capabilities and competencies within Singapore’s Operational Technology (OT) sector.

Rapid digitalisation has created a vast network of interconnected Information Technology (IT) and OT systems. This cyber-physical convergence heightens the risk of severe consequences from cyberattacks on OT systems, including widespread disruptions, physical damage, or even loss of life. Since the original OT Masterplan’s launch in 2019, Singapore’s essential service sectors have made strides in bolstering OT cybersecurity through various initiatives.

These include adopting a Cybersecurity Code for Practice, advancing OT personnel’s cyber skills through specialised training, and participating in key national cyber exercises such as Ex Cyber Star and Critical Infrastructure Defence Exercise (CIDEX). Other efforts include establishing the OT Cybersecurity Information Sharing and Analysis Center (OT-ISAC) for threat information sharing, developing the Operational Technology Cybersecurity Competency Framework (OTCCF) for skills building, and forming the OT Cybersecurity Expert Panel (OTCEP).

Despite these advancements, the OT cyber landscape remains increasingly hazardous due to evolving threat actor tactics and the integration of new technologies like Edge Computing and the Internet of Things (IoT). As AopenGov Asia reported, the OT Masterplan 2024 addresses these emerging threats, which include rising hacktivism and expanded attack surfaces.

Developed after extensive consultations with government agencies, industry leaders, and academic experts, the updated Masterplan introduces key initiatives in three core areas: “People”, “Process”, and “Technology”.

Enhancing the OT Cybersecurity Talent Pipeline: The Cyber Security Agency (CSA) plans to integrate OT cybersecurity into its professionalisation framework, collaborating with higher education institutions to embed relevant syllabi in computer science and engineering programs. Additionally, CSA will include OT cybersecurity in its Cybersecurity Education & Learning Guide, providing resources for career planning.

Improving Information Sharing and Reporting: CSA will enhance the information-sharing process by collaborating with OT-ISAC and sector regulators to build a comprehensive threat intelligence ecosystem. Efforts will also include facilitating incident reporting mechanisms to encourage businesses to report cybersecurity issues.

Strengthening OT Cybersecurity Resilience Beyond CII: CSA is developing a data-driven model to improve visibility into the cyber supply chain, impacting both the Critical Information Infrastructure (CII) and the non-CII sectors. Updates to existing guidelines and promotion of technical references will help organisations manage and mitigate cyber risks more effectively.

Promoting Secure-by-Design Principles: CSA emphasises the importance of integrating cybersecurity features throughout the lifecycle of OT systems. It will collaborate with the OT ecosystem to establish an OT Cybersecurity Centre of Excellence, fostering research and development in emerging OT cybersecurity technologies.

The updated OT Masterplan 2024 will serve as a strategic blueprint for enhancing Singapore’s cyber resilience across both CII and non-CII sectors. The Masterplan is available for review on CSA’s website.

At the launch event, 14 organisations, including OEMs and cybersecurity solution providers, committed to adopting Secure-by-Design principles throughout the OT lifecycle. Their involvement is crucial in reinforcing the cyber resilience of the entire OT ecosystem.

Founded in 2015, the Cyber Security Agency of Singapore (CSA) aims to secure Singapore’s cyberspace, supporting national security, the digital economy, and a protected digital way of life. CSA oversees national cybersecurity functions, collaborates with sector leads to safeguard Critical Information Infrastructure, engages stakeholders to raise cybersecurity awareness, builds a robust cybersecurity ecosystem, and fosters international partnerships. Managed by the Ministry of Digital Development and Information, CSA operates under the Prime Minister’s Office. For more information, visit www.csa.gov.sg.