Singapore has recently announced the launch of the revamped Operational Technology Cybersecurity Masterplan, referred to as the OT Masterplan 2024, during the fourth edition of the Singapore Operational Technology Cybersecurity Expert Panel (OTCEP) Forum on August 20, 2024. The Minister for Digital Development and Information and Minister-in-charge of Cybersecurity, Mrs. Josephine Teo, unveiled this pivotal update which aims to enhance the cybersecurity framework for both Critical and non-critical Information Infrastructure (CII) against cyber threats impacting operational technology (OT) systems.
The rapid digital transformation of industries has led to a complex network of interconnected Information Technology (IT) and OT systems. This interconnectedness poses significant risks as a cyberattack on OT systems could result in severe consequences such as operational disruptions, physical damage, or potential loss of life. The original OT Masterplan, introduced in 2019, laid the foundation for improving cybersecurity awareness and resilience among essential service sectors. However, with the increasing cyber threats and the introduction of new technologies, an update was deemed necessary.
The OT Masterplan 2024 has been designed to address these evolving threats, including the rise of hacktivism targeting OT assets and vulnerabilities introduced by emerging technologies like Edge Computing and the Internet of Things (IoT). The updated masterplan reflects extensive consultations with various stakeholders in the OT ecosystem, including government agencies, industry leaders, and academic institutions.
The key initiatives outlined in the OT Masterplan 2024 focus on three main areas: “People,” “Process,” and “Technology,” in order to bolster Singapore’s OT cybersecurity capabilities. Developing a skilled workforce is essential for maintaining cybersecurity defenses, and the masterplan includes measures to integrate OT cybersecurity into Singapore’s broader professionalization framework. This involves collaborations with higher education institutions to incorporate OT cybersecurity into computer science and engineering curriculums, ensuring that graduates possess the necessary skills.
Furthermore, a new Cybersecurity Education & Learning Guide will be published to provide information on the Operational Technology Cybersecurity Competency Framework (OTCCF), workforce trends, learning roadmaps, and skills frameworks to support career planning in cybersecurity. Effective cybersecurity relies on robust situational awareness, and the OT Masterplan 2024 aims to enhance this by streamlining information-sharing processes and strengthening collaborations with the OT Cybersecurity Information Sharing and Analysis Center (OT-ISAC) and sector regulators.
The masterplan also includes a data-driven model to enhance visibility into the cyber supply chain ecosystem, including updates to the CII Supply Chain Programme launched in 2022. This model will monitor and manage cybersecurity risks, issue timely alerts, and provide advisories for necessary remediation. Additionally, updated guidelines such as the “Guide to Conducting Cybersecurity Risk Assessment” will focus on consequence-based scenarios to mitigate adverse effects and ensure continuity of operations.
Integrating cybersecurity measures into the entire lifecycle of OT systems is crucial, from design and deployment to maintenance. This involves collaboration among Original Equipment Manufacturers (OEMs), System Integrators, and asset owners. An OT Cybersecurity Centre of Excellence will be established to spearhead research into new technologies and develop solutions to address industry concerns.
At the launch event, 14 organizations, including OEMs and cybersecurity solution providers, pledged to adopt the Secure-by-Deployment principles throughout the lifecycle of OT systems. This collective effort is essential for enhancing the overall cyber resilience of Singapore’s OT ecosystem. The OT Masterplan 2024 serves as a strategic blueprint for Singapore’s efforts to strengthen its cyber environment for organizations utilizing OT systems, reflecting the nation’s commitment to adapting to new threats and technological advancements, ensuring a secure and resilient cyberspace.