Singapore has recently launched the updated Operational Technology Cybersecurity Masterplan, known as the OT Masterplan 2024, during the fourth edition of the Singapore Operational Technology Cybersecurity Expert Panel (OTCEP) Forum on August 20, 2024.
Mrs. Josephine Teo, the Minister for Digital Development and Information and Minister-in-charge of Cybersecurity, led the unveiling of this pivotal update. The OT Masterplan 2024 aims to bolster the cybersecurity framework for both Critical and non-critical Information Infrastructure (CII) against cyber threats impacting operational technology (OT) systems.
OT Masterplan 2024: Addressing Emerging Cyber Threats
The rapid digitalization of industries has resulted in an intricate web of interconnected Information Technology (IT) and OT systems. This growing nexus poses significant risks; a cyberattack on OT systems could lead to severe consequences including operational disruptions, physical damage, or even loss of life.
The original OT Masterplan, introduced in 2019, laid the groundwork for improving cybersecurity awareness and resilience among essential service sectors. However, with the escalation of cyber threats and the emergence of new technologies, an update was deemed necessary.
The OT Masterplan 2024 is designed to address these advanced threats, which include increased hacktivism targeting OT assets and vulnerabilities introduced by technologies such as Edge Computing and the Internet of Things (IoT).
The updated OT masterplan reflects comprehensive consultations with various stakeholders in the OT ecosystem, including government agencies, industry leaders, and academic institutions.
Key Initiatives in the OT Masterplan 2024
The OT Masterplan 2024 emphasizes three key areas: “People,” “Process,” and “Technology,” to boost Singapore’s OT cybersecurity capabilities. Developing a skilled workforce is crucial for maintaining cybersecurity defenses. The OT Masterplan 2024 includes measures to integrate OT cybersecurity into Singapore’s broader professionalization framework. This involves collaborations with higher education institutions to incorporate OT cybersecurity into computer science and engineering curriculums, ensuring that graduates are equipped with essential skills.
Additionally, a new Cybersecurity Education & Learning Guide will be published later this year. This guide will feature information on the Operational Technology Cybersecurity Competency Framework (OTCCF), workforce trends, learning roadmaps, and skills frameworks to support career planning in cybersecurity.
Effective cybersecurity relies on robust situational awareness. The OT Masterplan 2024 seeks to improve this by streamlining information-sharing processes and strengthening collaborations with the OT Cybersecurity Information Sharing and Analysis Center (OT-ISAC) and sector regulators. The plan also includes exploring new mechanisms for facilitating incident reporting and encouraging businesses to report cyber threats and incidents more openly.
Cyber risks affect both CII and non-CII systems due to supply chain dependencies. The Masterplan proposes a data-driven model to enhance visibility into the cyber supply chain ecosystem, including updates to the CII Supply Chain Programme, launched in 2022.
This model will help monitor and manage cybersecurity risks, issue timely alerts, and provide advisories for necessary remediation. Furthermore, updated guidelines such as the “Guide to Conducting Cybersecurity Risk Assessment” will focus on consequence-based scenarios to mitigate adverse effects and ensure continuity of operations.
The Masterplan emphasizes the importance of integrating cybersecurity measures into the entire lifecycle of OT systems—from design and deployment to maintenance. This involves collaboration among Original Equipment Manufacturers (OEMs), System Integrators, and asset owners. An OT Cybersecurity Centre of Excellence will be established to drive research into new technologies and develop solutions to address industry concerns.
Commitment from Industry Partners
At the launch event, 14 organizations, including OEMs and cybersecurity solution providers, committed to adopting the Secure-by-Deployment principles throughout the lifecycle of OT systems. This collective effort is vital for enhancing the overall cyber resilience of Singapore’s OT ecosystem. The list of participating organizations can be found in the annex to the OT Masterplan 2024.
The OT Masterplan 2024 serves as a strategic blueprint for Singapore’s efforts to fortify its cyber environment for organizations utilizing OT systems. It reflects the nation’s commitment to adapting to new threats and technological advancements, ensuring a secure and resilient cyberspace.
For more details, the updated Masterplan is available on the Cyber Security Agency of Singapore’s website at www.csa.gov.sg/otcsmp2024.
