Singapore’s cybersecurity masterplan gets major overhaul to tackle increased OT threats

Singapore is significantly strengthening its operational technology masterplan to address the rising sophistication of cyber threats targeting essential services.

Singapore is updating its operational technology masterplan to address growing cyber threats, aiming to improve incident reporting, build a pipeline of cybersecurity professionals, and ensure resilience in essential services. The updated masterplan was unveiled by Digital Development and Information Minister Josephine Teo on August 20, 2024, at the Operational Technology Cybersecurity Expert Panel Forum.

Launched in 2019, the original masterplan aimed to bolster cybersecurity in essential service sectors. However, with the evolving cyber threat landscape, the Cyber Security Agency of Singapore (CSA) has refreshed the blueprint to enhance defenses against increasingly sophisticated attacks. Operational technology (OT) systems are crucial for maintaining essential services such as electricity, water supply, and transportation. These systems have traditionally been shielded from cyber threats due to their isolated environments. However, as digital connections between these systems and other networks grow, so do the risks.

Minister Teo emphasized the critical nature of OT systems, stating, “Operational technology is what keeps the lights on, our water flowing, our trains running, and many of the modern conveniences we depend on.” She underscored that the threat environment has shifted, necessitating more robust protective measures. David Koh, chief executive of CSA, highlighted the potential consequences of compromised OT systems, which could impact national security, public safety, and the economy. “The stakes are too high to ignore, so we must push the envelope and do more,” said Koh. CSA will work with educational institutions to incorporate OT cybersecurity into computer science and engineering programs as part of the updated masterplan.

Additionally, CSA plans to establish an Operational Technology Cybersecurity Centre of Excellence to drive research into emerging technologies and best practices. Fourteen original equipment manufacturers and cybersecurity solution providers have committed to ensuring that their products meet cybersecurity standards. This initiative aims to set a global benchmark for secure OT equipment and practices.

Singapore is also partnering with international companies to train its cybersecurity workforce and share threat intelligence. Despite not having experienced a direct OT cybersecurity attack, the country is proactively learning from global experiences to enhance its defenses. Benjamin Ang, head of the Centre of Excellence for National Security at the S Rajaratnam School of International Studies, emphasized the importance of international collaboration. “We need to learn lessons from overseas and share experiences to strengthen our defenses,” Ang noted.

The CSA intends to update the masterplan every five years to adapt to new threats and maintain a resilient cyber environment.