Updated Singapore Cybersecurity Strategy to Safeguard Critical Systems Amid Growing Threats
Singapore is ramping up efforts to train cybersecurity professionals and students to safeguard its energy grids and water supplies, driven by increasing cybersecurity threats. Announced at the Operational Technology Cybersecurity Expert Panel Forum on August 20, 2024, the updated Operational Technology (OT) Cybersecurity Masterplan marks its first refresh since 2019.
Digital Development and Information Minister Josephine Teo emphasized the critical role of OT systems in maintaining essential services. However, as these systems become more interconnected through internet-linked devices, they are more vulnerable to cyber–attacks. Teo highlighted recent global incidents, including a cyber–attack on Ukraine’s heating services in early 2024, which used malicious software FrostyGoop, leaving over 600 apartment buildings without heat.
The refreshed masterplan will be implemented by the Cyber Security Agency of Singapore (CSA) over the next five years. It focuses on enhancing the talent pool, adopting best practices, and integrating advanced technologies. CSA Chief Executive David Koh revealed that the plan was developed with input from over 60 organizations.
To address the growing need for expertise, CSA will partner with universities and polytechnics to incorporate cybersecurity into computer science and engineering courses. Additionally, a Cybersecurity Education and Learning Guide will be released later in 2024 to support those pursuing careers in OT cybersecurity.
Robert M. Lee, founder of Dragos, stressed the unique skills required for securing OT systems, which often involve physical targets like valves and energy relays. Training will cover strategies to mitigate damage during attacks, differing from traditional IT security.
Furthermore, the Sans Institute will collaborate with CSA to enhance cybersecurity education, aiming to train 5,000 professionals in various cybersecurity disciplines, including OT security, over the next five years.
The renewed masterplan builds on the 2019 strategy, which focused on collaboration among critical infrastructure providers to strengthen cybersecurity measures. Despite a decrease in reported cyber threats in 2023, the CSA’s latest report indicates that ransomware incidents remain a significant concern, particularly in manufacturing and construction sectors.