Singapore is looking to expand its cybersecurity labelling programme to include medical devices, specifically, those that handle sensitive data and can communicate with other systems. It also reiterates the need to safeguard operational technology (OT) systems and build up the necessary skillsets to do so.
OT systems traditionally were designed as standalone infrastructures and not connected to external networks or the internet. The need for better efficiencies and functionalities, however, had driven the convergence of IT and OT systems.
Remote monitoring and data sharing for insights, for instance, brought about more efficiencies, but these also came at a cost as they widened the attack surface, said David Koh, Singapore’s cybersecurity commissioner and chief executive of Cyber Security Agency (CSA).
Once in a safe air-gapped operating environment, OT systems now were open to potential cyber attacks and breaches could have real-world impact, noted Koh, who was speaking at ISC2’s Secure Singapore conference held Wednesday. To mitigate such threats, he underscored the need to build up the necessary skilsets to manage the convergence of IT and OT systems.
With both sides traditionally run and managed separately, these teams now would need to understand how IT systems were deployed to support essential services, such as water and power plants. Such skillsets also should encompass knowledge of business processes and interdependencies that went beyond the technical aspects, he said.
Zachary Tudor, associate laboratory director of Idaho National Laboratory’s National and Homeland Security, concurred, pointing to the need for managers who