All critical information infrastructures (CIIs) in Singapore must continuously transform to keep up with the changing threat landscape and this means going beyond “generic” cybersecurity practices. It requires a strong focus on operational technology (OT) security, encompassing the right skillsets and OT-specific cybersecurity practices for CII operators.
Singapore last year tweaked its cybersecurity strategy to emphasise OT and provided guidelines on the skillsets and technical competencies OT organisations needed. The country defines OT systems to include industrial control, building management, and traffic light control systems that monitor or change the physical state of a system, such as railway systems.
Cyber Security Agency of Singapore (CSA) has pushed the need for CII operators to beef up the cybersecurity of OT systems, where attacks could pose physical and economic risks.
The need for efficiencies and functionalities had fuelled the convergence of IT and OT systems, the latter of which were traditionally designed as standalone infrastructures and not connected to external networks or the internet.
No longer operating in such air-gapped environments, OT systems now run on a wider attack surface and are open to potential cyber attacks that can have real-world impact.
Asked which CII sectors most needed cybersecurity transformation, CSA noted that as the threat landscape was constantly evolving, every CII sector should continuously “adapt and transform” their processes to combat existing as well as emerging threats.
CII industries vary in size, function, and reliance on technology, all of which shape their